Trojaner-Board - Windows System Blockiert!

Hallo Leute
Ich habe diesen komischen Virus, wo die Meldung kommt, dass das Windows System blockiert wurde und ich irgendetwas zahlen soll.
Habe nun laut Anleitung diese OTL von OldTimer runtergeladen und alles durchgeführt und hier sind nun meine 2 Texte, welche ich hier reinstellen soll:

Extras.Txt:

Code:

OTL Extras logfile created on: 13.03.2012 21:06:08 - Run 1

OTL by OldTimer - Version 3.2.36.3     Folder = C:\Users\Marco\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

 

2,99 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 82,64% Memory free

6,18 Gb Paging File | 5,85 Gb Available in Paging File | 94,72% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 69,64 Gb Total Space | 27,57 Gb Free Space | 39,58% Space Free | Partition Type: NTFS

Drive D: | 69,64 Gb Total Space | 38,45 Gb Free Space | 55,22% Space Free | Partition Type: NTFS

 

Computer Name: NB-MARCO | User Name: Marco | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{01942449-C6DB-42AA-9BBE-C0A59370111A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{03738C2C-7189-4672-A44B-C25D6F66D060}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 

"{1D6EA4CD-B5E4-4B6F-A4BD-B13E945476D8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 

"{213EA558-796D-45A8-B070-E4098C7D21B7}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 

"{2700DB40-00FE-4589-96E9-4704801FC5DF}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=c:\windows\system32\svchost.exe | 

"{297F72A9-1665-4841-95A0-0A2B81F6EB59}" = lport=139 | protocol=6 | dir=in | app=system | 

"{2FA3A048-AA2A-455C-BF10-23B77FD5A1A1}" = rport=138 | protocol=17 | dir=out | app=system | 

"{2FA6EB12-6B72-46E8-AC08-D3F0CB4C7E83}" = lport=445 | protocol=6 | dir=in | app=system | 

"{37FC5209-78DE-4D5B-8FF7-F10A5725A29A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{3BDE2B62-DF3B-473F-B115-E2A3F575592F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=c:\windows\system32\svchost.exe | 

"{45EB17F6-D387-4736-A95C-D0F34D42FCF3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 

"{4EC7BF2A-78C1-43A9-93F3-D55D14E59E86}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{5596D51B-5572-495F-8C10-1ECBD33C7014}" = rport=137 | protocol=17 | dir=out | app=system | 

"{58F4042A-2B4C-4D84-914F-FEBCCD3CB60D}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=c:\windows\system32\svchost.exe | 

"{682AFD27-86AA-4F06-AAD1-B934B118B43B}" = lport=10243 | protocol=6 | dir=in | app=system | 

"{6B2DFC70-8DA9-4781-B7A8-4064530B2333}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=c:\windows\system32\svchost.exe | 

"{6C865732-77EA-4299-941C-2899CD2A4993}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 

"{713C29D8-766E-4D9F-8C93-715124D7B66A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=c:\windows\system32\svchost.exe | 

"{85878B4F-DEF9-4A4A-A764-94F40DEECC94}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{904EB59A-1CAE-4E86-8E88-7ADB1BEA997D}" = rport=10243 | protocol=6 | dir=out | app=system | 

"{971A5E6B-BC22-49B7-8ADB-333FFBF536A4}" = lport=138 | protocol=17 | dir=in | app=system | 

"{AA14D1BF-392A-4736-AF1E-987D948BE8ED}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 

"{B36B1D44-385D-44D5-BCF4-E4F18A730804}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{BC852AB0-BF71-4CEC-A942-A00F1AAB9AA4}" = rport=445 | protocol=6 | dir=out | app=system | 

"{C9723991-547E-4ACF-8984-AD837AE74BBF}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 

"{CD87487A-EEBA-4871-A39B-23D0EC463B90}" = rport=139 | protocol=6 | dir=out | app=system | 

"{E229583D-3813-47A2-A801-05478DA68A8A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 

"{E430B9AB-D55E-4718-8F4F-B283076C5332}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=c:\windows\system32\svchost.exe | 

"{ECA13898-E00D-45F4-B923-8556D532ABC9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe | 

"{F9F68E75-CFC6-43BC-834A-D619FAE392FA}" = lport=137 | protocol=17 | dir=in | app=system | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{02FF0363-6B1D-4A68-887D-B08E3B37D9E0}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steam.exe | 

"{0F9705F3-E956-4C95-A692-521FE83C80A1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 

"{2574BDD8-B3A7-4EE0-8B9B-4E5F3F4F8572}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | 

"{388D90CE-524A-4778-B8CA-ABEFFF1436E6}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe | 

"{3D92D6EC-2534-4AA1-9F4E-737E0AA8615E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{3F74EF08-9D7C-4FC3-A41C-4A2C99E57781}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\mikederhenker\counter-strike\hl.exe | 

"{408D99AB-EB29-4C6B-8035-9A8D731C5539}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steam.exe | 

"{4B69F3A7-ED4D-40D8-842E-3E4F24407D5A}" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | 

"{4D944FDC-EF5F-4611-A010-DD6EF831B0CD}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\mikederhenker\counter-strike\hl.exe | 

"{53913AF3-2170-4980-9153-DA0B50B4314C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{5510B35F-2529-4DB9-906B-5B0571D14D87}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | 

"{5D55DEBC-39FF-432A-B3AF-C8AFD353AD96}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 

"{5E40F69B-C6AA-4DC7-A842-C0933AB480FE}" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\mikederhenker\counter-strike\hl.exe | 

"{5F8FE44B-76DF-4E51-87E7-98B97FD746E5}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 

"{601BCBC9-ECCB-45BE-9A13-EEE5B83A6B08}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{6B1702C9-D613-4CB2-97A2-29D70E267359}" = dir=in | app=c:\program files\cyberlink\powerdvd\powerdvd.exe | 

"{6CCE4894-A4A9-403B-860A-2B892B81114A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{7009C76D-0ABE-4854-BAC2-918BB0F01B6D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 

"{71F5070B-9032-4107-9425-B57376A39FAF}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{73D4A957-C8F7-4309-95F4-E78B2759B861}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 

"{75F6EA0F-C04D-4B97-8041-BE372A8A4391}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{8DC2E529-C9BA-42EF-B01E-ECD63BE4B7E0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 

"{95570AF6-E8FC-4039-944A-3B0E6BA1D46E}" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\mikederhenker\counter-strike\hl.exe | 

"{99C984DB-3FA7-4C21-B0A5-5487B4541401}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 

"{9B0E55E8-2399-468A-A9DD-C66B84CF6CAB}" = protocol=6 | dir=out | app=system | 

"{9DC42D92-0175-4F01-A2FE-6D4CDE7E609B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 

"{A70B13BF-DD73-43EA-A4F6-C00811C15A53}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 

"{AD98EC63-1FC9-4F2C-9D34-5334A3C1259D}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | 

"{B17CDF69-85BC-48EE-809C-73EAF6B2701E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{B1DBCF5C-76A2-4FCA-BF78-666785CEAC88}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{B9C8CF25-F1C5-48B0-9B70-2DD0B16735F8}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{C7672C37-48EF-4B10-8A98-C02F9A2C768E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 

"{C826DA45-B4EE-48EA-B6EF-6D8F65FF8E33}" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | 

"{CC651AEE-BA53-48C2-9474-47F33A1EE575}" = dir=in | app=c:\program files\skype\phone\skype.exe | 

"{DDBC6399-0CF8-4EB9-8236-D232790B6815}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | 

"{E5B164E7-EDB0-4B09-9E95-D6E6CA17014B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 

"{F33BDC34-B638-4CCF-8179-36021F054E97}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 

"{FBDA7B61-96B0-43E7-869B-7A8F22CBE380}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 

"{FF646658-B7E2-4DF5-A1BD-4B15C13FE82E}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 

"TCP Query User{14C0D049-6E23-4D8B-AA01-B57534907102}C:\program files\valve\steam\steamapps\mikederhenker\condition zero deleted scenes\hl.exe" = protocol=6 | dir=in | app=c:\program files\valve\steam\steamapps\mikederhenker\condition zero deleted scenes\hl.exe | 

"TCP Query User{243A3048-7A76-40BA-824F-4BEB51A07ED6}C:\windows\system32\wuauclt.exe" = protocol=6 | dir=in | app=c:\windows\system32\wuauclt.exe | 

"TCP Query User{3E868DE9-97FA-4EAF-9D4D-FBFE26086215}D:\marco\spiele\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=d:\marco\spiele\counter-strike 1.6\hl.exe | 

"TCP Query User{4394CEC0-84C7-48F8-A84B-FEEBEC08EFB4}C:\program files\bitcomet\bitcomet.exe" = protocol=6 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | 

"TCP Query User{5D651B7E-99B0-4C4A-B029-B7ACCAC7678B}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 

"TCP Query User{9E9AD3A9-A5F3-44EB-A6E9-2D3DB767FC5B}C:\program files\contronics\homeputer cl studio\visuwin.exe" = protocol=6 | dir=in | app=c:\program files\contronics\homeputer cl studio\visuwin.exe | 

"TCP Query User{B44EDA06-E5F9-46DC-9728-575482E3EC55}C:\windows\system32\wuauclt.exe" = protocol=6 | dir=in | app=c:\windows\system32\wuauclt.exe | 

"TCP Query User{B68F434F-F9FD-4057-9389-E2B6F5720071}D:\marco\valve\hl.exe" = protocol=6 | dir=in | app=d:\marco\valve\hl.exe | 

"TCP Query User{E9C7E057-72C2-44A2-8CEA-989245180684}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 

"TCP Query User{FE8E0D39-9250-447D-947F-4786558055F1}C:\program files\contronics\homeputer cl studio\homeputerstudiocl.exe" = protocol=6 | dir=in | app=c:\program files\contronics\homeputer cl studio\homeputerstudiocl.exe | 

"UDP Query User{06B62CC4-BF58-437A-AAA4-478BFCF457C3}D:\marco\valve\hl.exe" = protocol=17 | dir=in | app=d:\marco\valve\hl.exe | 

"UDP Query User{3EED3138-AEF7-49E2-BEB8-378E2807FA59}C:\program files\contronics\homeputer cl studio\visuwin.exe" = protocol=17 | dir=in | app=c:\program files\contronics\homeputer cl studio\visuwin.exe | 

"UDP Query User{59136443-6F8C-433C-83CC-F350ADC45FBF}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 

"UDP Query User{858C5802-1A0A-4DDD-83B5-09B654CC8BE9}D:\marco\spiele\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=d:\marco\spiele\counter-strike 1.6\hl.exe | 

"UDP Query User{93AB0AED-B03B-460C-A424-8A1911A96F26}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 

"UDP Query User{C554279C-15E8-469B-8184-A53E95557AC0}C:\program files\valve\steam\steamapps\mikederhenker\condition zero deleted scenes\hl.exe" = protocol=17 | dir=in | app=c:\program files\valve\steam\steamapps\mikederhenker\condition zero deleted scenes\hl.exe | 

"UDP Query User{DB1E7765-1D22-4EB6-8D9B-71DD66B9342C}C:\program files\bitcomet\bitcomet.exe" = protocol=17 | dir=in | app=c:\program files\bitcomet\bitcomet.exe | 

"UDP Query User{DC1ADFED-91E6-4908-995A-F98C2011FE43}C:\program files\contronics\homeputer cl studio\homeputerstudiocl.exe" = protocol=17 | dir=in | app=c:\program files\contronics\homeputer cl studio\homeputerstudiocl.exe | 

"UDP Query User{E5D1D99B-637C-4F66-8CAE-D547A627A4F7}C:\windows\system32\wuauclt.exe" = protocol=17 | dir=in | app=c:\windows\system32\wuauclt.exe | 

"UDP Query User{F2567656-3FA6-420F-974E-329A243A866B}C:\windows\system32\wuauclt.exe" = protocol=17 | dir=in | app=c:\windows\system32\wuauclt.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator

"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources

"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)

"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)

"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer

"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In

"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management

"{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}" = Synaptics Gesture Suite featuring SYNAPTICS | Scrybe

"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker

"{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7

"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client

"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger

"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update

"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions

"{205ACCD7-5342-4694-91F3-3A99E4FD5AA6}" = Mathcad 14.0 M020 Help

"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 24

"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7

"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery

"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack

"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2

"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid

"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies

"{5482DCBE-D2D1-47B0-A621-DF8E2B0D174C}" = Windows Live Family Safety

"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management

"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8

"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI

"{633A06C3-B709-479A-AAB3-5EE94AD9EE4B}" = Acronis*True*Image*Home

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD

"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE

"{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow

"{7062208C-CED6-450B-B979-0382D18D6BAB}" = testo IRSoft Software

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core

"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver

"{7EC19307-7C22-47A8-922B-3FA965291260}" = OpenOffice.org 3.0

"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform

"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer

"{8796E14E-2031-463F-8A9A-31062B2652B4}" = Mathcad 14.0 M020

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime

"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT

"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007

"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007

"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007

"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007

"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007

"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007

"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007

"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007

"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007

"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007

"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007

"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007

"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007

"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager

"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components

"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector

"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1.2

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail

"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management

"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer

"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components

"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common

"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer

"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology

"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0

"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh

"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter

"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie

"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail

"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety

"{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = TIPCI

"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management

"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management

"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software

"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common

"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections

"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1

"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management

"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform

"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform

"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh

"{DF5A03CC-D5AA-43D8-B948-D9903F2AF94A}" = Counter-Strike(TM)

"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10

"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker

"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger

"{EBD38AE9-D52D-448D-9DB4-4D5F66E1DAFC}" = Mathcad 14.0 M020 Resource Center

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F46E21DF-5BE1-48E2-8390-5EEA8B25E36A}" = Microsoft SQL Server Native Client

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials

"{FC57FC53-104C-415C-98D7-B05E659461A9}" = Broadcom Gigabit Integrated Controller

"{FDE96E86-7780-431C-92F7-679C6A7CEC51}" = Microsoft SQL Server VSS Writer

"{FE2A7490-32EA-47D1-BCB4-0705F73F4C24}" = WinFACT 7

"{FF15534E-277C-45F3-8EA5-F97BDB9F41C8}" = Flowcode for PICmicros

"7-Zip" = 7-Zip 4.60 beta

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"avast" = avast! Free Antivirus

"BitComet" = BitComet 1.31

"Business Contact Manager" = Business Contact Manager für Outlook 2007 SP2

"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP

"D6D95EF2BD52CF10D9500475535AC8CA0095DA3F" = Windows-Treiberpaket - Matrix Multimedia Ltd. (MCHPUSB) CustomUSBDevices  (12/19/2007 1.0.0.6)

"EAGLE 5.8.0" = EAGLE 5.8.0

"ENTERPRISE" = Microsoft Office Enterprise 2007

"GridVista" = Acer GridVista

"HDMI" = Intel(R) Graphics Media Accelerator Driver

"homeputer CL Studio_is1" = homeputer CL Studio Version 3.1

"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker

"InstallShield_{1598034D-7147-432C-8CA8-888E0632D124}" = NTI Backup NOW! 4.7

"InstallShield_{6F7EA6CA-79F4-44A0-A370-8E82BB16534A}" = NTI Shadow

"InstallShield_{BE1826A9-7EEE-492A-B3BC-DEF3DFAE37EE}" = Texas Instruments PCIxx21/x515/xx12 drivers.

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Microsoft SQL Server 2005" = Microsoft SQL Server 2005

"Mozilla Firefox (3.6.27)" = Mozilla Firefox (3.6.27)

"SumatraPDF" = Sumatra PDF reader

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"VLC media player" = VLC media player 0.9.6

"WinLiveSuite" = Windows Live Essentials

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"pdfsam" = pdfsam

 
 ========== Last 10 Event Log Errors ==========

 

[ Antivirus Events ]

Error - 21.10.2010 12:53:15 | Computer Name = NB-Marco | Source = avast! | ID = 33554522

Description = 

 

Error - 26.01.2011 14:12:57 | Computer Name = NB-Marco | Source = avast! | ID = 33554522

Description = 

 

Error - 20.02.2011 19:41:47 | Computer Name = NB-Marco | Source = avast! | ID = 33554522

Description = 

 

Error - 20.02.2011 19:41:47 | Computer Name = NB-Marco | Source = avast! | ID = 33554522

Description = 

 

 
 ========== Last 10 Event Log Errors ==========

 

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

 

< End of report >

OTL.Txt:

Code:

OTL logfile created on: 13.03.2012 21:06:08 - Run 1

OTL by OldTimer - Version 3.2.36.3     Folder = C:\Users\Marco\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

 

2,99 Gb Total Physical Memory | 2,47 Gb Available Physical Memory | 82,64% Memory free

6,18 Gb Paging File | 5,85 Gb Available in Paging File | 94,72% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 69,64 Gb Total Space | 27,57 Gb Free Space | 39,58% Space Free | Partition Type: NTFS

Drive D: | 69,64 Gb Total Space | 38,45 Gb Free Space | 55,22% Space Free | Partition Type: NTFS

 

Computer Name: NB-MARCO | User Name: Marco | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.03.13 18:58:23 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Marco\Desktop\OTL.exe

PRC - [2012.02.20 11:05:01 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe

PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2012.02.20 11:05:01 | 001,014,744 | ---- | M] () -- C:\Programme\Mozilla Firefox\js3250.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2011.10.20 12:37:17 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2011.05.11 19:30:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) [Auto | Stopped] -- C:\Program Files\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater)

SRV - [2011.05.10 13:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)

SRV - [2010.12.28 09:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Program Files\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)

SRV - [2009.10.07 00:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)

SRV - [2009.02.23 10:48:50 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)

SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008.01.03 00:55:52 | 000,506,416 | ---- | M] (Egis Incorporated) [Auto | Stopped] -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)

SRV - [2007.12.20 10:32:04 | 000,131,072 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)

SRV - [2007.12.19 17:09:22 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)

SRV - [2007.12.03 11:26:02 | 000,498,792 | ---- | M] () [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)

SRV - [2007.12.03 11:06:36 | 000,427,288 | ---- | M] (Acronis) [Auto | Stopped] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)

SRV - [2007.11.27 17:54:36 | 000,110,592 | ---- | M] () [Auto | Stopped] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)

SRV - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)

SRV - [2007.10.01 15:42:36 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)

SRV - [2007.09.20 12:57:28 | 000,167,936 | ---- | M] (acer) [Auto | Stopped] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)

SRV - [2007.09.10 14:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Stopped] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (ZTEusbser6k)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (ZTEusbnmea)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (ZTEusbmdm6k)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (ZTEusbdvbh)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (smsndis)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (smsbda)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (IpInIp)

DRV - File not found [Kernel | On_Demand | Unknown] --  -- (a1kn8fwu)

DRV - [2011.06.10 11:42:49 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)

DRV - [2011.05.10 13:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)

DRV - [2011.05.10 13:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)

DRV - [2011.05.10 13:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)

DRV - [2011.05.10 12:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)

DRV - [2011.05.10 12:59:44 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)

DRV - [2011.05.10 12:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)

DRV - [2009.10.07 00:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)

DRV - [2009.04.30 21:56:32 | 000,495,768 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV561AV.SYS -- (PID_0928) Logitech QuickCam Express(PID_0928)

DRV - [2008.12.25 20:24:49 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\timntr.sys -- (timounter)

DRV - [2008.12.25 20:24:49 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)

DRV - [2008.12.25 20:24:46 | 000,129,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\snapman.sys -- (snapman)

DRV - [2008.12.25 20:24:43 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tdrpman.sys -- (tdrpman)

DRV - [2008.01.21 03:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)

DRV - [2007.12.19 11:40:34 | 000,053,760 | ---- | M] (Microchip Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ecio_mchpusb.sys -- (MCHPUSB)

DRV - [2007.11.30 14:51:34 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\int15.sys -- (int15)

DRV - [2007.10.31 19:36:32 | 002,252,800 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)

DRV - [2007.06.17 11:43:50 | 000,186,592 | ---- | M] (Jungo) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\windrvr6.sys -- (WinDriver6)

DRV - [2007.05.02 12:52:00 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)

DRV - [2006.11.29 01:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\SearchScopes,DefaultScope = {DECA3892-BA8F-44b8-A993-A466AD694AE4}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-acer

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 172.16.2.253:8080

 
 ========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/"

FF - prefs.js..extensions.enabledItems: {e8de9422-3b2c-4243-bf6f-235da84d8ef8}:3.2.1.3

FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.1.3

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24

FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101

FF - prefs.js..network.proxy.type: 4

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.6: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011.07.20 18:10:37 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.27\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.20 11:05:02 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.27\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.20 11:05:02 | 000,000,000 | ---D | M]

 

[2008.12.25 19:59:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marco\AppData\Roaming\mozilla\Extensions

[2012.03.12 21:31:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\6r4sxpqa.default\extensions

[2010.07.03 10:54:50 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\6r4sxpqa.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011.02.24 00:35:36 | 000,000,000 | ---D | M] (Brothersoft Community Toolbar) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\6r4sxpqa.default\extensions\{e8de9422-3b2c-4243-bf6f-235da84d8ef8}

[2011.02.24 00:35:36 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Marco\AppData\Roaming\mozilla\Firefox\Profiles\6r4sxpqa.default\extensions\engine@conduit.com

[2010.10.12 18:00:42 | 000,000,925 | ---- | M] () -- C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\6r4sxpqa.default\searchplugins\conduit.xml

[2011.10.29 02:00:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2011.02.23 22:59:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011.07.20 18:10:37 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

[2008.12.25 20:04:55 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}

[2008.12.25 20:34:48 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

[2011.02.23 22:59:56 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

[2011.02.02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011.09.21 15:10:11 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.09.21 15:10:11 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2011.09.21 15:10:11 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.09.21 15:10:11 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.09.21 15:10:11 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

Hosts file not found

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (HiTRUST)

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)

O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [eRecoveryService]  File not found

O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)

O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKCU..\Run: [SkypeM] C:\Users\Marco\AppData\Local\Skype\Skype.exe (Transaction Software, D 81737 Munich)

O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)

O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)

O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.231

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{232C3394-84BA-4C65-9BFE-C45FA0753425}: DhcpNameServer = 10.101.81.51

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{430E535A-ECA3-4B5A-9D5A-DF5A16780EF3}: DhcpNameServer = 10.101.81.51

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7DCD7D3C-6AE4-448D-A834-9EAB466CD032}: DhcpNameServer = 192.168.42.129

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BC353C7D-F6E7-4FA4-93B5-AD48E8018D8E}: DhcpNameServer = 10.101.81.51

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C0B3CDC1-BF37-4B6C-A947-1EBDA4AEFFE0}: DhcpNameServer = 192.168.1.231

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Marco\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\Marco\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2012.01.09 12:07:08 | 000,000,000 | ---D | M] - C:\AutoCode -- [ NTFS ]

O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{47e49baa-74b6-11dd-9e4b-806e6f6e6963}\Shell - "" = AutoRun

O33 - MountPoints2\{47e49baa-74b6-11dd-9e4b-806e6f6e6963}\Shell\AutoRun\command - "" = E:\InstallIRSoft.exe

O33 - MountPoints2\{8dbe76d6-934e-11e0-abb4-0009dd506dc1}\Shell - "" = AutoRun

O33 - MountPoints2\{8dbe76d6-934e-11e0-abb4-0009dd506dc1}\Shell\AutoRun\command - "" = F:\MMMTest.EXE

O33 - MountPoints2\{cab00acc-0df5-11e1-9f7c-0009dd506dc1}\Shell - "" = AutoRun

O33 - MountPoints2\{cab00acc-0df5-11e1-9f7c-0009dd506dc1}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a

O33 - MountPoints2\{cfe1c1b0-3fe2-11e0-ac92-0009dd506dc1}\Shell - "" = AutoRun

O33 - MountPoints2\{cfe1c1b0-3fe2-11e0-ac92-0009dd506dc1}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

O33 - MountPoints2\{f0dc8790-594e-11e0-9ff3-0009dd506dc1}\Shell - "" = AutoRun

O33 - MountPoints2\{f0dc8790-594e-11e0-9ff3-0009dd506dc1}\Shell\AutoRun\command - "" = G:\.\Autorun.exe AUTORUN=1

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

MsConfig - StartUpReg: Acronis Scheduler2 Service - hkey= - key= - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)

MsConfig - StartUpReg: AcronisTimounterMonitor - hkey= - key= - C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)

MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - c:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: eDataSecurity Loader - hkey= - key= - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)

MsConfig - StartUpReg: LanguageShortcut - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\Language\Language.exe ()

MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe (Cyberlink Corp.)

MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

MsConfig - StartUpReg: TrueImageMonitor.exe - hkey= - key= - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)

MsConfig - State: "services" - 0

MsConfig - State: "startup" - 2

 

CREATERESTOREPOINT

Error creating restore point.

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.03.13 19:16:52 | 000,000,000 | ---D | C] -- C:\## aswSnx private storage

[2012.03.13 18:58:22 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\Marco\Desktop\OTL.exe

[2012.03.13 16:30:32 | 000,054,784 | ---- | C] (Transaction Software, D 81737 Munich) -- C:\Users\Marco\0.9094539370054014.exe

[2012.02.22 19:22:44 | 000,335,360 | ---- | C] (RPworld.de) -- C:\Users\Marco\Desktop\RouterReconnect.exe

[2012.02.20 11:53:11 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Testo

[2012.02.20 11:53:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Testo Shared

[2012.02.20 11:51:34 | 000,186,592 | ---- | C] (Jungo) -- C:\Windows\System32\drivers\windrvr6.sys

[2012.02.20 11:51:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Testo

[2012.02.20 11:51:33 | 000,000,000 | ---D | C] -- C:\Program Files\Testo

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.03.13 20:52:00 | 000,688,236 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.03.13 20:52:00 | 000,644,998 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.03.13 20:52:00 | 000,150,406 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.03.13 20:52:00 | 000,121,826 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.03.13 20:47:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.03.13 19:27:14 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.03.13 19:27:13 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.03.13 19:27:13 | 000,001,076 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2012.03.13 18:58:23 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Marco\Desktop\OTL.exe

[2012.03.13 16:30:34 | 000,054,784 | ---- | M] (Transaction Software, D 81737 Munich) -- C:\Users\Marco\0.9094539370054014.exe

[2012.03.12 14:26:41 | 000,111,700 | ---- | M] () -- C:\Users\Marco\Desktop\6.3-12.3(Test).csv

[2012.03.12 10:43:17 | 000,002,631 | ---- | M] () -- C:\Users\Marco\Desktop\Microsoft Word.lnk

[2012.03.11 20:55:59 | 000,000,336 | ---- | M] () -- C:\Users\Marco\Desktop\Terst.scl

[2012.03.06 08:46:49 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat

[2012.03.06 08:46:49 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat

[2012.03.06 08:46:35 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf

[2012.02.16 15:00:28 | 000,399,016 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

 
 ========== Files Created - No Company Name ==========

 

[2012.03.12 13:29:08 | 000,111,700 | ---- | C] () -- C:\Users\Marco\Desktop\6.3-12.3(Test).csv

[2012.03.11 20:55:57 | 000,000,336 | ---- | C] () -- C:\Users\Marco\Desktop\Terst.scl

[2012.03.06 08:46:35 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf

[2012.02.05 22:44:12 | 000,630,784 | ---- | C] ( ) -- C:\Windows\System32\softcoin.dll

[2012.02.05 22:44:12 | 000,425,984 | ---- | C] ( ) -- C:\Windows\System32\gencoin.dll

[2012.01.09 12:09:50 | 000,000,195 | ---- | C] () -- C:\Windows\FTRUN32.INI

[2011.11.02 23:56:45 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol

[2011.09.16 09:28:26 | 000,000,129 | ---- | C] () -- C:\Windows\System32\MRT.INI

[2011.06.10 11:51:25 | 000,003,078 | ---- | C] () -- C:\Users\Marco\AppData\Roaming\PData.MMM

[2011.06.10 11:51:25 | 000,003,078 | ---- | C] () -- C:\Users\Marco\AppData\Roaming\PData.MM1

[2011.02.24 09:03:20 | 000,004,525 | ---- | C] () -- C:\Windows\gsview32.ini

[2010.07.12 19:06:36 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat

[2010.07.06 12:26:38 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2010.07.06 12:26:38 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2010.06.30 15:44:07 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2010.06.29 17:02:24 | 000,027,648 | ---- | C] () -- C:\Users\Marco\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.06.29 16:55:13 | 000,001,076 | ---- | C] () -- C:\Windows\bthservsdp.dat

 
 ========== LOP Check ==========

 

[2011.10.13 01:44:00 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\3DataManager

[2011.07.21 04:07:16 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\AUTOSICH

[2012.01.16 22:46:57 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\BitComet

[2011.02.24 08:05:37 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\CadSoft

[2011.06.10 11:42:25 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\DAEMON Tools

[2011.02.23 18:56:12 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\E74BB6C6F42F3AFC9AD052BFA497476C

[2010.06.29 17:25:07 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Leadertech

[2011.03.17 08:15:15 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Mathsoft

[2011.02.23 18:58:12 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\OfferBox

[2008.12.25 20:07:11 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\OpenOffice.org

[2011.03.28 16:47:48 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Program Files

[2012.01.17 23:07:56 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\SumatraPDF

[2011.11.03 01:10:08 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Synaptics

[2011.04.04 22:30:53 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Thunderbird

[2011.02.22 19:50:36 | 000,000,000 | ---D | M] -- C:\Users\Marco\AppData\Roaming\Ucosyh

[2012.03.13 19:27:13 | 000,032,558 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %SYSTEMDRIVE%\*. >

[2012.03.13 19:16:52 | 000,000,000 | ---D | M] -- C:\## aswSnx private storage

[2008.12.24 19:21:44 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN

[2008.08.28 05:24:13 | 000,000,000 | ---D | M] -- C:\Acer

[2012.01.09 12:07:08 | 000,000,000 | ---D | M] -- C:\AutoCode

[2008.08.28 14:02:45 | 000,000,000 | ---D | M] -- C:\Book

[2011.09.22 15:36:11 | 000,000,000 | -HSD | M] -- C:\Boot

[2012.01.09 12:07:20 | 000,000,000 | ---D | M] -- C:\Documents

[2006.11.02 14:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings

[2008.12.24 19:16:17 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen

[2012.01.09 12:07:17 | 000,000,000 | ---D | M] -- C:\Dongle

[2012.01.16 18:34:57 | 000,000,000 | ---D | M] -- C:\Downloads

[2012.01.09 12:07:08 | 000,000,000 | ---D | M] -- C:\Drv

[2008.12.24 19:21:12 | 000,000,000 | ---D | M] -- C:\Elements

[2012.01.09 12:07:17 | 000,000,000 | ---D | M] -- C:\Examples

[2012.01.09 12:07:17 | 000,000,000 | ---D | M] -- C:\Fuzzy16

[2011.05.22 22:40:52 | 000,000,000 | ---D | M] -- C:\HP LaserJet  P2015 PCL5 Driver

[2012.02.05 22:44:12 | 000,000,000 | ---D | M] -- C:\Lexmark

[2010.11.08 20:11:06 | 000,000,000 | RH-D | M] -- C:\MSOCache

[2011.11.02 22:49:34 | 000,000,000 | ---D | M] -- C:\PerfLogs

[2012.02.20 11:51:33 | 000,000,000 | R--D | M] -- C:\Program Files

[2012.01.10 13:48:59 | 000,000,000 | -H-D | M] -- C:\ProgramData

[2008.12.24 19:16:17 | 000,000,000 | -HSD | M] -- C:\Programme

[2012.03.13 19:22:20 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2012.01.09 12:07:08 | 000,000,000 | ---D | M] -- C:\Temp

[2012.01.09 12:07:17 | 000,000,000 | ---D | M] -- C:\UserDLLs

[2008.12.24 19:20:21 | 000,000,000 | R--D | M] -- C:\Users

[2012.01.09 12:07:19 | 000,000,000 | ---D | M] -- C:\VBAutoDemo

[2012.01.09 12:07:19 | 000,000,000 | ---D | M] -- C:\VirtInstr

[2012.03.13 17:55:43 | 000,000,000 | ---D | M] -- C:\Windows

 
 < %PROGRAMFILES%\*.exe >

 
 < %LOCALAPPDATA%\*.exe >

 
 < %systemroot%\*. /mp /s >

 

 
 < MD5 for: AGP440.SYS  >

[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys

[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys

[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys

[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys

[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys

[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys

[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys

[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys

[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys

[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys

[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll

[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

 
 < MD5 for: EXPLORER.EXE  >

[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe

[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe

[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe

[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe

[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe

[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe

[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

 
 < MD5 for: IASTOR.SYS  >

[2007.09.29 23:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys

[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys

[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys

[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys

[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys

[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys

[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll

[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll

[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys

[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys

[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys

[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll

[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll

[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll

[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll

[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe

[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe

[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

[2011.06.10 11:42:49 | 000,717,296 | ---- | M] () Unable to obtain MD5 -- C:\Windows\system32\drivers\sptd.sys

 
 < %systemroot%\System32\config\*.sav >

[2008.01.21 04:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV

[2008.01.21 04:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV

[2008.01.21 04:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV

[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV

[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 < %USERPROFILE%\*.* >

[2012.03.13 16:30:34 | 000,054,784 | ---- | M] (Transaction Software, D 81737 Munich) -- C:\Users\Marco\0.9094539370054014.exe

[2012.03.13 21:04:36 | 003,407,872 | -HS- | M] () -- C:\Users\Marco\ntuser.dat

[2012.03.13 21:04:36 | 000,262,144 | -H-- | M] () -- C:\Users\Marco\ntuser.dat.LOG1

[2011.01.24 11:38:16 | 000,262,144 | -H-- | M] () -- C:\Users\Marco\ntuser.dat.LOG2

[2011.02.23 21:18:45 | 000,065,536 | -HS- | M] () -- C:\Users\Marco\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf

[2011.02.23 21:18:45 | 000,524,288 | -HS- | M] () -- C:\Users\Marco\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms

[2008.12.24 19:36:41 | 000,524,288 | -HS- | M] () -- C:\Users\Marco\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms

[2011.07.20 14:50:21 | 000,065,536 | -HS- | M] () -- C:\Users\Marco\ntuser.dat{418a22d1-3f83-11e0-a480-000000000000}.TM.blf

[2011.07.20 14:50:21 | 000,524,288 | -HS- | M] () -- C:\Users\Marco\ntuser.dat{418a22d1-3f83-11e0-a480-000000000000}.TMContainer00000000000000000001.regtrans-ms

[2011.02.23 22:40:38 | 000,524,288 | -HS- | M] () -- C:\Users\Marco\ntuser.dat{418a22d1-3f83-11e0-a480-000000000000}.TMContainer00000000000000000002.regtrans-ms

[2012.03.13 19:27:10 | 000,065,536 | -HS- | M] () -- C:\Users\Marco\ntuser.dat{d3ff2e54-b2f2-11e0-8a9a-0009dd506dc1}.TM.blf

[2012.03.13 19:27:10 | 000,524,288 | -HS- | M] () -- C:\Users\Marco\ntuser.dat{d3ff2e54-b2f2-11e0-8a9a-0009dd506dc1}.TMContainer00000000000000000001.regtrans-ms

[2011.07.20 19:30:14 | 000,524,288 | -HS- | M] () -- C:\Users\Marco\ntuser.dat{d3ff2e54-b2f2-11e0-8a9a-0009dd506dc1}.TMContainer00000000000000000002.regtrans-ms

[2008.12.24 19:20:25 | 000,000,020 | -HS- | M] () -- C:\Users\Marco\ntuser.ini

 
 < %USERPROFILE%\Local Settings\Temp\*.exe >

 
 < %USERPROFILE%\Local Settings\Temp\*.dll >

 
 < %USERPROFILE%\Application Data\*.exe >

 
 < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 162 bytes -> C:\ProgramData\TEMP:3BF268CC
 

< End of report >

Das sind die zwei....was soll ich jetzt machen?