Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Skype - Facebook Virus foto :P h**p://facebook.twitterbizzer.com/member_profile.php

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 27.08.2010, 18:27   #1
-Mausi-
 
Skype - Facebook Virus foto :P h**p://facebook.twitterbizzer.com/member_profile.php - Standard

Skype - Facebook Virus foto :P h**p://facebook.twitterbizzer.com/member_profile.php



Hallo,

ich brauche eure Hilfe.

ich habe über Skype einen Link bekommen mit einem Facebook link. Dumm wie ich bin hab drauf geklickt und sogar installiert.

foto :P h**p://facebook.twitterbizzer.com/member_profile.php

Nun bin ich wie ich hier gelesen habe "infiziert" und gebe es schön an alle weiter

Ich hoffe nur das Ding zerstört meinen Computer nicht Bin schon ganz traurig. Da passt man immer so sehr auf und dann das.

Mein Virenscan hat nicht viel gebracht.

Ich hab mich dann hier schlau gelesen und die Anti Malware Programm suche gemacht.

Das kam raus:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4490

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

27.08.2010 19:21:38
mbam-log-2010-08-27 (19-21-38).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 133372
Laufzeit: 8 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
C:\Users\Public\jusched.exe (Trojan.Downloader) -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\java developer script browse (Trojan.Downloader) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Public\jusched.exe (Trojan.Downloader) -> Quarantined and deleted successfully.


Ich hoffe ihr könnt mir helfen.

Danke im Vorraus

Mausi

Hier mein OTL Test:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 27.08.2010 19:56:03 - Run 1
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\xxx\Downloads
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 273,40 Gb Total Space | 217,36 Gb Free Space | 79,50% Space Free | Partition Type: NTFS
Drive D: | 182,26 Gb Total Space | 158,94 Gb Free Space | 87,20% Space Free | Partition Type: NTFS
Drive E: | 3,31 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: xxx
Current User Name: xxx
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\xxx\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (TOSHIBA CORPORATION.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\System Control Manager\MSIService.exe (Micro-Star International Co., Ltd.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_FATIBVE.EXE (SEIKO EPSON CORPORATION)
PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\xxx\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\WindowsCodecs.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\srvcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\slc.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sfc_os.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msacm32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\EhStorShell.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cscapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\AppPatch\AcGenral.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\System32\sfc.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (Micro Star SCM) -- C:\Program Files\System Control Manager\MSIService.exe (Micro-Star International Co., Ltd.)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (smserial) -- C:\windows\System32\DRIVERS\smserial.sys File not found
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (KSecPkg) -- C:\windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (aswSP) -- C:\windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software)
DRV - (aswTdi) -- C:\windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- C:\windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (cmdide) -- C:\windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\windows\system32\DRIVERS\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (toshidpt) -- C:\windows\system32\drivers\Toshidpt.sys (TOSHIBA Corporation.)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (tosporte) -- C:\windows\system32\DRIVERS\tosporte.sys (TOSHIBA Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corporation)
DRV - (iaStor) -- C:\windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek                                            )
DRV - (enecir) -- C:\windows\system32\DRIVERS\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (enecirhid) -- C:\windows\system32\DRIVERS\enecirhid.sys (ENE TECHNOLOGY INC.)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (NuidFltr) -- C:\Windows\System32\drivers\nuidfltr.sys (Microsoft Corporation)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (ArcSoftKsUFilter) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (enecirhidma) -- C:\windows\system32\DRIVERS\enecirhidma.sys (ENE TECHNOLOGY INC.)
DRV - (USBPNPA) -- C:\Windows\System32\drivers\CM108.sys (C-Media Inc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 49
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.0.1.20090924050608
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.25 03:17:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.25 03:17:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.03.17 20:14:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010.01.14 23:34:35 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions
[2010.01.14 23:34:35 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010.08.27 19:14:47 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\oengctvk.default\extensions
[2009.11.26 21:39:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\oengctvk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.11.26 21:39:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\oengctvk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.02.28 23:20:45 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\oengctvk.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2009.11.26 23:12:09 | 000,000,000 | ---D | M] -- C:\Users\xxxr\AppData\Roaming\mozilla\Firefox\Profiles\vyeaovdz.default\extensions
[2010.07.10 23:02:05 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009.11.26 19:22:15 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\mozilla firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.04.01 16:32:33 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.07.10 23:02:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.07.10 23:01:55 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.20 06:11:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.07.20 06:11:52 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.07.20 06:11:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.07.20 06:11:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.07.20 06:11:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKCU..\Run: [EPSON Stylus DX5000 Series] C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop Components:0 () - file:///C:/DOKUME~1/xxx~1/LOKALE~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Components:1 () - file:///C:/DOKUME~1/xxx~1/LOKALE~1/Temp/msohtml1/01/clip_image002.gif
O24 - Desktop Components:2 (Die derzeitige Homepage) - About:Home
O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.01.18 11:33:16 | 000,000,042 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{91950372-db20-11de-9635-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{91950372-db20-11de-9635-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008.10.10 18:40:44 | 000,338,979 | R--- | M] (                                                            )
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.27 19:10:43 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Malwarebytes
[2010.08.27 19:10:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010.08.27 19:10:23 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010.08.27 19:10:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.27 19:10:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.08.11 19:14:00 | 000,197,632 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\ir32_32.dll
[2010.08.11 19:14:00 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\windows\System32\iccvid.dll
[2010.08.11 19:12:38 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rtutils.dll
[2010.08.11 19:12:28 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2010.08.11 19:12:28 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2010.08.11 19:12:14 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mstime.dll
[2010.08.11 19:12:14 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2010.08.11 19:12:14 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2010.08.11 19:12:13 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2010.08.11 19:12:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2010.08.11 19:12:13 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2010.08.11 19:12:13 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2010.08.11 19:12:13 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2010.08.11 19:11:43 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2010.08.07 14:37:36 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Opera
[2010.08.07 14:37:36 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Opera
[2010.08.07 14:37:28 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.27 19:56:13 | 003,932,160 | -HS- | M] () -- C:\Users\xxx\NTUSER.DAT
[2010.08.27 19:37:04 | 000,017,376 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.27 19:37:04 | 000,017,376 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.27 19:29:59 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010.08.27 19:29:47 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010.08.27 19:29:42 | 2415,255,552 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.27 19:28:53 | 002,423,890 | -H-- | M] () -- C:\Users\xxx\AppData\Local\IconCache.db
[2010.08.27 19:10:28 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.22 22:46:24 | 001,498,506 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2010.08.22 22:46:24 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2010.08.22 22:46:24 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010.08.22 22:46:24 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2010.08.22 22:46:24 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
 
[2010.08.12 06:25:58 | 000,333,384 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
 
[2010.07.29 08:30:49 | 000,197,632 | ---- | M] (Intel(R) Corporation) -- C:\windows\System32\ir32_32.dll
[2010.07.29 08:30:34 | 000,082,944 | ---- | M] (Radius Inc.) -- C:\windows\System32\iccvid.dll
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.08.27 19:10:28 | 000,000,989 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
 
[2010.05.09 13:08:59 | 000,000,097 | ---- | C] () -- C:\windows\System32\PICSDK.ini
[2010.05.09 13:00:03 | 000,000,025 | ---- | C] () -- C:\windows\CDE DX5000EFDG.ini
[2009.12.05 16:00:19 | 000,281,760 | ---- | C] () -- C:\windows\System32\drivers\atksgt.sys
[2009.12.05 16:00:19 | 000,025,888 | ---- | C] () -- C:\windows\System32\drivers\lirsgt.sys
[2009.12.02 21:21:37 | 000,000,336 | ---- | C] () -- C:\Users\xxxr\AppData\Roaming\wklnhst.dat
[2009.11.26 21:28:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.09.17 00:43:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2005.12.15 06:17:00 | 000,159,744 | ---- | C] () -- C:\windows\System32\EPSPTDV.DLL
 
========== LOP Check ==========
 
[2010.02.16 21:13:21 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\FileZilla
[2010.05.12 22:55:37 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Glory of the Roman Empire
[2010.08.26 23:25:25 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ICQ
[2010.08.07 14:37:36 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Opera
[2010.06.07 21:40:17 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Orneon
[2010.06.26 12:42:15 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ProtectDisc
[2009.12.02 21:21:38 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Template
[2009.11.26 21:52:36 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Thunderbird
[2010.01.14 23:34:34 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TomTom
[2010.07.10 12:14:59 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TS3Client
[2009.12.06 21:36:28 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Ubisoft
[2010.08.21 10:14:45 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:0EC7A545
< End of report >
         
--- --- ---

Alt 27.08.2010, 19:40   #2
john.doe
 
Skype - Facebook Virus foto :P h**p://facebook.twitterbizzer.com/member_profile.php - Standard

Skype - Facebook Virus foto :P h**p://facebook.twitterbizzer.com/member_profile.php



Hallo -Mausi- und
Zitat:
Ich hoffe nur das Ding zerstört meinen Computer nicht
Nein, der telefoniert zwar viel, ist aber nicht bösartig und lässt sich einfach entfernen.
Zitat:
Bin schon ganz traurig.


1.) Deinstalliere bitte SweetIM und alle Toolbars, die in deiner Softwareliste zu sehen sind.

2.) Poste die Datei Extras.txt, die findest du auf deinem Desktop.

3.) Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
ATTFilter
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O33 - MountPoints2\{91950372-db20-11de-9635-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{91950372-db20-11de-9635-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008.10.10 18:40:44 | 000,338,979 | R--- | M] (                                                            )
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:0EC7A545
:reg
:Commands
[purity]
[resethosts]
[emptyflash]
[emptytemp]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Code-Tags in Deinen Thread.

4.) Erstelle und poste neue Logs mit OTL.

ciao, andreas
__________________

__________________

Alt 27.08.2010, 20:01   #3
-Mausi-
 
Skype - Facebook Virus foto :P h**p://facebook.twitterbizzer.com/member_profile.php - Standard

Skype - Facebook Virus foto :P h**p://facebook.twitterbizzer.com/member_profile.php



Schritt 1: erledigt
Schritt 2: bitte schön

Vielen Vielen Dank.. Ist echt klasse hier.. sofort hilfe.
ganz doll großes lob
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 27.08.2010 20:49:14 - Run 2
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\xxx\Downloads
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 75,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 273,40 Gb Total Space | 217,36 Gb Free Space | 79,50% Space Free | Partition Type: NTFS
Drive D: | 182,26 Gb Total Space | 158,94 Gb Free Space | 87,20% Space Free | Partition Type: NTFS
Drive E: | 3,31 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: xxx
Current User Name: xxx
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0187A501-2FF6-6D6B-B184-BA6A032C4AF4}" = Catalyst Control Center Core Implementation
"{07690F1C-04B1-4060-9691-6748ED1826B9}" = MSI Software Install
"{0B475977-CCA0-B0EB-B4CC-FC128E55DF65}" = Catalyst Control Center Graphics Full Existing
"{0C07E086-F067-2750-9EBF-CC73A2BEA0A1}" = CCC Help Portuguese
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{180FE2CC-0FAD-85C4-C987-9BD3CB2A1044}" = Catalyst Control Center InstallProxy
"{1AF922C4-C111-83C5-73EC-684E78C2C093}" = CCC Help Hungarian
"{1C39C407-37B1-45EF-4792-7B796A8EC014}" = Catalyst Control Center Localization All
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25478065-4CB1-448C-80E4-8C4529017EE3}" = ArcSoft WebCam Companion 3
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}" = BurnRecovery
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33BD9689-83E9-D8E3-9A13-3E42476087B8}" = CCC Help Italian
"{38140CA0-7632-2601-BB62-D0F9BAF28781}" = CCC Help French
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{469D7228-FA20-320C-4AC8-3E9C84CBBC3E}" = CCC Help Spanish
"{49FBD89B-044F-2DE7-8992-56B86A5E0926}" = Catalyst Control Center Graphics Full New
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{588E49B4-095D-986B-C28C-5262FA721902}" = CCC Help German
"{5C1E13D7-496E-59E9-822D-C9D09964AD46}" = ATI Catalyst Install Manager
"{5E87AA2F-924A-2B1A-375B-38CA3248E26B}" = CCC Help Russian
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{62F6ED58-8248-2FCE-057B-8F30872BDA23}" = CCC Help Chinese Standard
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{70858C67-8761-4444-895A-0A8B2E9E144E}" = Opera 10.61
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A27764B-5434-4DAA-BD43-3ACF4FFCD7FE}" = SweetIM Toolbar for Internet Explorer 3.8
"{7C9C4474-74D6-42F4-A6D3-C9BD5C8871D3}" = Anno 1404
"{7EABB309-64F7-11D7-B796-0050BFE4DB80}" = Restaurant Empire
"{7EC0AB45-D838-BCFB-644F-4D57B0D8B7DE}" = CCC Help English
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E90189A-A5D4-4C0E-A908-06C4236F98EE}" = ArcSoft Magic-i Visual Effects 2
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_HOMESTUDENTR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_HOMESTUDENTR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_HOMESTUDENTR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0403-0000-0000000FF1CE}_HOMESTUDENTR_{4B47C31E-46B0-462B-BEE4-DC383B6A1F2A}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_HOMESTUDENTR_{75EBE365-7FC5-4720-A7D3-804BF550D1BC}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_HOMESTUDENTR_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{6113C11D-BACA-4D8E-8002-03C8D06FD5E6}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2007
"{90120000-00A1-0410-0000-0000000FF1CE}_HOMESTUDENTR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2007
"{90120000-00A1-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91003CC2-9F3C-973F-FD11-AC8FE08542B6}" = CCC Help Korean
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96B046CC-39DD-9AB1-51E9-39EB224C0641}" = CCC Help Polish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC90219-7C80-B6B3-CBB8-62ACCC081952}" = CCC Help Chinese Traditional
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B6A24D2D-1ADB-4553-87FD-38F3FAADC18E}_is1" = The Book of Unwritten Tales 1.0.0.0
"{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER
"{BC69DDB8-4840-4D9B-BB31-0D4DB2BA1312}" = EPSON Easy Photo Print
"{BD009869-6498-4CF9-9016-E9EA6E3742B2}" = The Whispered World
"{C9295533-FEDF-F3D7-A6CD-DB463E81A37B}" = Catalyst Control Center Graphics Light
"{C9C6CF79-89BF-12F2-F47A-28D948C6E5EB}" = ccc-core-static
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DF436A67-211E-D9DF-D587-817A5E611F85}" = CCC Help Czech
"{E4F27E8F-434B-0182-7324-60E5EDADC159}" = ccc-utility
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2BB4DC9-B4C2-8E40-7948-C99678ADF096}" = Catalyst Control Center Graphics Previews Vista
"{F727DCA7-4B7B-4CF5-8348-881BF3B0D046}" = SweetIM for Messenger 3.1
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB096FBD-F771-CF4A-4DA4-B4EDBEF44516}" = CCC Help Turkish
"5B73F775A90397BAF80173B8A6C0B327BE3872FB" = ENE CIR Receiver Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast!" = avast! Antivirus
"Benutzerhandbuch ESDX5000_CX4900" = Benutzerhandbuch ESDX5000_CX4900
"Die Gilde 2 - Gold Edition" = Die Gilde 2 - Gold Edition
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"FileZilla Client" = FileZilla Client 3.3.1
"Glory of the Roman Empire" = Die Römer
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"LSI Soft Modem" = LSI HDA Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Memento Mori_is1" = Memento Mori (Patch Version 1.01)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"OpenAL" = OpenAL
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TomTom HOME" = TomTom HOME 2.7.3.1894
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
 
========== Last 10 Event Log Errors ==========
 
[ Antivirus Events ]
Error - 08.12.2009 16:24:59 | Computer Name = xxx | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 C:\Windows\System32\odbcint.dll failed, 00000008.  
 
Error - 08.12.2009 16:25:24 | Computer Name = xxx | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 C:\Program Files\Windows Media Player\wmpnssci.dll failed, 00000008.  
 
Error - 08.12.2009 16:25:25 | Computer Name =xxx | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 C:\Windows\System32\pnpts.dll failed, 00000008.  
 
[ Application Events ]
Error - 12.08.2010 15:11:56 | Computer Name = xxx | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 12.08.2010 15:13:46 | Computer Name = xxx| Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 12.08.2010 15:13:46 | Computer Name = xxx| Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 12.08.2010 15:13:51 | Computer Name = xxx | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 12.08.2010 15:13:51 | Computer Name = xxx | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 12.08.2010 15:13:52 | Computer Name = xxx | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 12.08.2010 15:13:52 | Computer Name = xxxx | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 12.08.2010 15:14:56 | Computer Name = xxx | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 12.08.2010 15:14:56 | Computer Name = xxx | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 13.08.2010 11:07:50 | Computer Name = xxx | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
[ System Events ]
Error - 11.05.2010 00:21:23 | Computer Name = xxx | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 11.05.2010 10:55:07 | Computer Name = xxx | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 11.05.2010 10:55:07 | Computer Name = xxx | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 11.05.2010 12:00:27 | Computer Name = xxx | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 12.05.2010 00:19:09 | Computer Name = xxx| Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 12.05.2010 00:19:09 | Computer Name = xxx| Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 12.05.2010 10:09:36 | Computer Name = xxx| Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 12.05.2010 10:09:36 | Computer Name = xxx | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 12.05.2010 14:57:36 | Computer Name = xxx| Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 12.05.2010 14:57:36 | Computer Name = xxx | Source = atikmdag | ID = 43029
Description = Display is not active
 
 
< End of report >
         
--- --- ---
__________________

Alt 27.08.2010, 20:24   #4
-Mausi-
 
Skype - Facebook Virus foto :P h**p://facebook.twitterbizzer.com/member_profile.php - Standard

Skype - Facebook Virus foto :P h**p://facebook.twitterbizzer.com/member_profile.php



Und hier der letzte schritt

Ich hoffe du siehst durch ^^ Ist echt total lang..


Code:
ATTFilter
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\ not found.
File C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}\ deleted successfully.
C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\ not found.
File C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EE5D279F-081B-4404-994D-C6B60AAEBA6D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE5D279F-081B-4404-994D-C6B60AAEBA6D}\ deleted successfully.
File To-Page\EPSON Web-To-Page.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
File C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE5D279F-081B-4404-994D-C6B60AAEBA6D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE5D279F-081B-4404-994D-C6B60AAEBA6D}\ not found.
File To-Page\EPSON Web-To-Page.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
File C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SweetIM not found.
File C:\Program Files\SweetIM\Messenger\SweetIM.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ not found.
C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2670000A-7350-4f3c-8081-5663EE0C6C49}\ not found.
File C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\ not found.
C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E59EB121-F339-4851-A3BA-FE49C35617C2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E59EB121-F339-4851-A3BA-FE49C35617C2}\ not found.
C:\Program Files\ICQ6.5\ICQ.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{E59EB121-F339-4851-A3BA-FE49C35617C2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E59EB121-F339-4851-A3BA-FE49C35617C2}\ not found.
File C:\Program Files\ICQ6.5\ICQ.exe not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91950372-db20-11de-9635-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91950372-db20-11de-9635-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{91950372-db20-11de-9635-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91950372-db20-11de-9635-806e6f6e6963}\ not found.
File move failed. E:\setup.exe scheduled to be moved on reboot.
ADS C:\ProgramData\TEMP:0EC7A545 deleted successfully.
========== REGISTRY ==========
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: xxx
->Flash cache emptied: 134352 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: xxx
->Temp folder emptied: 192029971 bytes
->Temporary Internet Files folder emptied: 152093850 bytes
->Java cache emptied: 14455992 bytes
->FireFox cache emptied: 124908865 bytes
->Opera cache emptied: 20490117 bytes
->Flash cache emptied: 0 bytes
 
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 6 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 13773675 bytes
RecycleBin emptied: 47365225 bytes
 
Total Files Cleaned = 539,00 mb
 
 
OTL by OldTimer - Version 3.2.10.0 log created on 08272010_210529

Files\Folders moved on Reboot...
File move failed. E:\setup.exe scheduled to be moved on reboot.
File move failed. C:\windows\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
         
und hier das OTL

Code:
ATTFilter
OTL Extras logfile created on: 27.08.2010 21:15:40 - Run 3
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\xxx\Downloads
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 273,40 Gb Total Space | 218,26 Gb Free Space | 79,83% Space Free | Partition Type: NTFS
Drive D: | 182,26 Gb Total Space | 158,94 Gb Free Space | 87,20% Space Free | Partition Type: NTFS
Drive E: | 3,31 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name:xxx
Current User Name: xxx
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" File not found
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0187A501-2FF6-6D6B-B184-BA6A032C4AF4}" = Catalyst Control Center Core Implementation
"{07690F1C-04B1-4060-9691-6748ED1826B9}" = MSI Software Install
"{0B475977-CCA0-B0EB-B4CC-FC128E55DF65}" = Catalyst Control Center Graphics Full Existing
"{0C07E086-F067-2750-9EBF-CC73A2BEA0A1}" = CCC Help Portuguese
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{180FE2CC-0FAD-85C4-C987-9BD3CB2A1044}" = Catalyst Control Center InstallProxy
"{1AF922C4-C111-83C5-73EC-684E78C2C093}" = CCC Help Hungarian
"{1C39C407-37B1-45EF-4792-7B796A8EC014}" = Catalyst Control Center Localization All
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{25478065-4CB1-448C-80E4-8C4529017EE3}" = ArcSoft WebCam Companion 3
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}" = BurnRecovery
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33BD9689-83E9-D8E3-9A13-3E42476087B8}" = CCC Help Italian
"{38140CA0-7632-2601-BB62-D0F9BAF28781}" = CCC Help French
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{469D7228-FA20-320C-4AC8-3E9C84CBBC3E}" = CCC Help Spanish
"{49FBD89B-044F-2DE7-8992-56B86A5E0926}" = Catalyst Control Center Graphics Full New
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{588E49B4-095D-986B-C28C-5262FA721902}" = CCC Help German
"{5C1E13D7-496E-59E9-822D-C9D09964AD46}" = ATI Catalyst Install Manager
"{5E87AA2F-924A-2B1A-375B-38CA3248E26B}" = CCC Help Russian
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{62F6ED58-8248-2FCE-057B-8F30872BDA23}" = CCC Help Chinese Standard
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{70858C67-8761-4444-895A-0A8B2E9E144E}" = Opera 10.61
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7C9C4474-74D6-42F4-A6D3-C9BD5C8871D3}" = Anno 1404
"{7EABB309-64F7-11D7-B796-0050BFE4DB80}" = Restaurant Empire
"{7EC0AB45-D838-BCFB-644F-4D57B0D8B7DE}" = CCC Help English
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E90189A-A5D4-4C0E-A908-06C4236F98EE}" = ArcSoft Magic-i Visual Effects 2
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-040C-0000-0000000FF1CE}" = Microsoft Office Excel MUI (French) 2007
"{90120000-0016-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0016-0410-0000-0000000FF1CE}_HOMESTUDENTR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0C0A-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Spanish) 2007
"{90120000-0016-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-040C-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (French) 2007
"{90120000-0018-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}_HOMESTUDENTR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0C0A-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Spanish) 2007
"{90120000-0018-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-040C-0000-0000000FF1CE}" = Microsoft Office Word MUI (French) 2007
"{90120000-001B-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}_HOMESTUDENTR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0C0A-0000-0000000FF1CE}" = Microsoft Office Word MUI (Spanish) 2007
"{90120000-001B-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0401-0000-0000000FF1CE}" = Microsoft Office Proof (Arabic) 2007
"{90120000-001F-0401-0000-0000000FF1CE}_HOMESTUDENTR_{14809F99-C601-4D4A-9391-F1E8FAA964C5}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0403-0000-0000000FF1CE}" = Microsoft Office Proof (Catalan) 2007
"{90120000-001F-0403-0000-0000000FF1CE}_HOMESTUDENTR_{4B47C31E-46B0-462B-BEE4-DC383B6A1F2A}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0413-0000-0000000FF1CE}" = Microsoft Office Proof (Dutch) 2007
"{90120000-001F-0413-0000-0000000FF1CE}_HOMESTUDENTR_{D66D5A44-E480-4BA4-B4F2-C554F6B30EBB}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0416-0000-0000000FF1CE}" = Microsoft Office Proof (Portuguese (Brazil)) 2007
"{90120000-001F-0416-0000-0000000FF1CE}_HOMESTUDENTR_{75EBE365-7FC5-4720-A7D3-804BF550D1BC}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-042D-0000-0000000FF1CE}" = Microsoft Office Proof (Basque) 2007
"{90120000-001F-0456-0000-0000000FF1CE}" = Microsoft Office Proof (Galician) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-002C-040C-0000-0000000FF1CE}" = Microsoft Office Proofing (French) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-002C-0C0A-0000-0000000FF1CE}" = Microsoft Office Proofing (Spanish) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-040C-0000-0000000FF1CE}" = Microsoft Office Shared MUI (French) 2007
"{90120000-006E-040C-0000-0000000FF1CE}_HOMESTUDENTR_{B165D3C2-40AE-4D39-86F7-E5C87C4264C0}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}_HOMESTUDENTR_{0A75DA12-55CB-4DE5-8B6A-74D97847204E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0C0A-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Spanish) 2007
"{90120000-006E-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{6113C11D-BACA-4D8E-8002-03C8D06FD5E6}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-040C-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (French) 2007
"{90120000-00A1-040C-0000-0000000FF1CE}_HOMESTUDENTR_{AE187E0D-EBA5-4EE1-A397-BF1A577CB24C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0410-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Italian) 2007
"{90120000-00A1-0410-0000-0000000FF1CE}_HOMESTUDENTR_{71CCE0F1-A3B4-49C9-A328-1DABE845E0C4}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0C0A-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (Spanish) 2007
"{90120000-00A1-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{91A7F72A-3273-4C1E-8BE0-BC9DD0D9345C}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91003CC2-9F3C-973F-FD11-AC8FE08542B6}" = CCC Help Korean
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96B046CC-39DD-9AB1-51E9-39EB224C0641}" = CCC Help Polish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CC90219-7C80-B6B3-CBB8-62ACCC081952}" = CCC Help Chinese Traditional
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B6A24D2D-1ADB-4553-87FD-38F3FAADC18E}_is1" = The Book of Unwritten Tales 1.0.0.0
"{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER
"{BC69DDB8-4840-4D9B-BB31-0D4DB2BA1312}" = EPSON Easy Photo Print
"{BD009869-6498-4CF9-9016-E9EA6E3742B2}" = The Whispered World
"{C9295533-FEDF-F3D7-A6CD-DB463E81A37B}" = Catalyst Control Center Graphics Light
"{C9C6CF79-89BF-12F2-F47A-28D948C6E5EB}" = ccc-core-static
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{DF436A67-211E-D9DF-D587-817A5E611F85}" = CCC Help Czech
"{E4F27E8F-434B-0182-7324-60E5EDADC159}" = ccc-utility
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2BB4DC9-B4C2-8E40-7948-C99678ADF096}" = Catalyst Control Center Graphics Previews Vista
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FB096FBD-F771-CF4A-4DA4-B4EDBEF44516}" = CCC Help Turkish
"5B73F775A90397BAF80173B8A6C0B327BE3872FB" = ENE CIR Receiver Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"avast!" = avast! Antivirus
"Benutzerhandbuch ESDX5000_CX4900" = Benutzerhandbuch ESDX5000_CX4900
"Die Gilde 2 - Gold Edition" = Die Gilde 2 - Gold Edition
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"FileZilla Client" = FileZilla Client 3.3.1
"Glory of the Roman Empire" = Die Römer
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"LSI Soft Modem" = LSI HDA Modem
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Memento Mori_is1" = Memento Mori (Patch Version 1.01)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mozilla Thunderbird (2.0.0.24)" = Mozilla Thunderbird (2.0.0.24)
"OpenAL" = OpenAL
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TomTom HOME" = TomTom HOME 2.7.3.1894
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
 
========== Last 10 Event Log Errors ==========
 
[ Antivirus Events ]
Error - 08.12.2009 16:24:59 | Computer Name = xxx| Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 C:\Windows\System32\odbcint.dll failed, 00000008.  
 
Error - 08.12.2009 16:25:24 | Computer Name = xxx| Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 C:\Program Files\Windows Media Player\wmpnssci.dll failed, 00000008.  
 
Error - 08.12.2009 16:25:25 | Computer Name = xxx| Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
 C:\Windows\System32\pnpts.dll failed, 00000008.  
 
[ Application Events ]
Error - 12.08.2010 15:13:51 | Computer Name = xxx | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 12.08.2010 15:13:51 | Computer Name =xxx| Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 12.08.2010 15:13:52 | Computer Name = xxx | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 12.08.2010 15:13:52 | Computer Name = xxx | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 12.08.2010 15:14:56 | Computer Name = xxx| Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 12.08.2010 15:14:56 | Computer Name = xxx | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 13.08.2010 11:07:50 | Computer Name = xxx | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 14.08.2010 04:45:59 | Computer Name =xxx| Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 14.08.2010 17:47:58 | Computer Name = xxx | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 14.08.2010 18:09:27 | Computer Name = xxx | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
[ System Events ]
Error - 11.05.2010 00:21:23 | Computer Name = xxx | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 11.05.2010 10:55:07 | Computer Name = xxx| Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 11.05.2010 10:55:07 | Computer Name = xxx | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 11.05.2010 12:00:27 | Computer Name = xxx | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 12.05.2010 00:19:09 | Computer Name = xxx | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 12.05.2010 00:19:09 | Computer Name = xxx| Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 12.05.2010 10:09:36 | Computer Name = xxx | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 12.05.2010 10:09:36 | Computer Name = xxx | Source = atikmdag | ID = 43029
Description = Display is not active
 
Error - 12.05.2010 14:57:36 | Computer Name = xxx | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
 
Error - 12.05.2010 14:57:36 | Computer Name = xxx | Source = atikmdag | ID = 43029
Description = Display is not active
 
 
< End of report >
         

Code:
ATTFilter
OTL logfile created on: 27.08.2010 21:15:40 - Run 3
OTL by OldTimer - Version 3.2.10.0     Folder = C:\Users\xxx\Downloads
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 58,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 273,40 Gb Total Space | 218,26 Gb Free Space | 79,83% Space Free | Partition Type: NTFS
Drive D: | 182,26 Gb Total Space | 158,94 Gb Free Space | 87,20% Space Free | Partition Type: NTFS
Drive E: | 3,31 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: xx
Current User Name: xxx
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\xxx\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtProc.exe (TOSHIBA CORPORATION.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\System Control Manager\MSIService.exe (Micro-Star International Co., Ltd.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe (TOSHIBA CORPORATION.)
PRC - C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
PRC - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe (TOSHIBA CORPORATION.)
PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sfc_os.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msacm32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\AppPatch\AcGenral.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\System32\sfc.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (Micro Star SCM) -- C:\Program Files\System Control Manager\MSIService.exe (Micro-Star International Co., Ltd.)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe (LSI Corporation)
SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S30RP1.EXE (SEIKO EPSON CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (smserial) -- C:\windows\System32\DRIVERS\smserial.sys File not found
DRV - (KSecPkg) -- C:\windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (aswSP) -- C:\windows\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software)
DRV - (aswTdi) -- C:\windows\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswRdr) -- C:\windows\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (cmdide) -- C:\windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\windows\system32\DRIVERS\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (toshidpt) -- C:\windows\system32\drivers\Toshidpt.sys (TOSHIBA Corporation.)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (tosporte) -- C:\windows\system32\DRIVERS\tosporte.sys (TOSHIBA Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corporation)
DRV - (iaStor) -- C:\windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek                                            )
DRV - (enecir) -- C:\windows\system32\DRIVERS\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (enecirhid) -- C:\windows\system32\DRIVERS\enecirhid.sys (ENE TECHNOLOGY INC.)
DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corporation)
DRV - (NETw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (NuidFltr) -- C:\Windows\System32\drivers\nuidfltr.sys (Microsoft Corporation)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (ArcSoftKsUFilter) -- C:\Windows\System32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (enecirhidma) -- C:\windows\system32\DRIVERS\enecirhidma.sys (ENE TECHNOLOGY INC.)
DRV - (USBPNPA) -- C:\Windows\System32\drivers\CM108.sys (C-Media Inc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1
FF - prefs.js..extensions.enabledItems: 6
FF - prefs.js..extensions.enabledItems: 2
FF - prefs.js..extensions.enabledItems: 49
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.0.1.20090924050608
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.25 03:17:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.25 03:17:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.03.17 20:14:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.24\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010.01.14 23:34:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.01.14 23:34:35 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2010.08.27 19:14:47 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\oengctvk.default\extensions
[2009.11.26 21:39:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\oengctvk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009.11.26 21:39:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\oengctvk.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.02.28 23:20:45 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\oengctvk.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2009.11.26 23:12:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\vyeaovdz.default\extensions
[2010.08.27 20:56:23 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009.11.26 19:22:15 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\mozilla firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.08.27 20:51:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.07.10 23:02:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.07.10 23:01:55 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.07.20 06:11:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.07.20 06:11:52 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.07.20 06:11:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.07.20 06:11:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.07.20 06:11:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.08.27 21:05:39 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [EPSON Stylus DX5000 Series] C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIBVE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop Components:0 () - file:///C:/DOKUME~1/xxx~1/LOKALE~1/Temp/msohtml1/01/clip_image002.jpg
O24 - Desktop Components:1 () - file:///C:/DOKUME~1/xxx~1/LOKALE~1/Temp/msohtml1/01/clip_image002.gif
O24 - Desktop Components:2 (Die derzeitige Homepage) - About:Home
O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.01.18 11:33:16 | 000,000,042 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.27 21:05:29 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.08.27 19:10:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010.08.27 19:10:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010.08.27 19:10:23 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010.08.27 19:10:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.27 19:10:22 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.08.11 19:14:00 | 000,197,632 | ---- | C] (Intel(R) Corporation) -- C:\windows\System32\ir32_32.dll
[2010.08.11 19:14:00 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\windows\System32\iccvid.dll
[2010.08.11 19:12:38 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rtutils.dll
[2010.08.11 19:12:28 | 003,955,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2010.08.11 19:12:28 | 003,899,784 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2010.08.11 19:12:14 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mstime.dll
[2010.08.11 19:12:14 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2010.08.11 19:12:14 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iepeers.dll
[2010.08.11 19:12:13 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2010.08.11 19:12:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2010.08.11 19:12:13 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2010.08.11 19:12:13 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2010.08.11 19:12:13 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedssync.exe
[2010.08.11 19:11:43 | 002,326,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2010.08.07 14:37:36 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Opera
[2010.08.07 14:37:36 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Opera
[2010.08.07 14:37:28 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.27 21:09:51 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010.08.27 21:09:38 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010.08.27 21:09:22 | 2415,255,552 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.27 21:08:36 | 003,932,160 | -HS- | M] () -- C:\Users\xxx\NTUSER.DAT
[2010.08.27 21:05:39 | 000,000,098 | ---- | M] () -- C:\windows\System32\drivers\etc\Hosts
[2010.08.27 19:37:04 | 000,017,376 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.27 19:37:04 | 000,017,376 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.27 19:28:53 | 002,423,890 | -H-- | M] () -- C:\Users\xxx\AppData\Local\IconCache.db
[2010.08.27 19:10:28 | 000,000,989 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.22 22:46:24 | 001,498,506 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2010.08.22 22:46:24 | 000,654,166 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2010.08.22 22:46:24 | 000,616,008 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010.08.22 22:46:24 | 000,130,006 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2010.08.22 22:46:24 | 000,106,388 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010.08.16 20:12:42 | 000,000,813 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2010.08.12 06:25:58 | 000,333,384 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2010.08.11 17:53:48 | 002,219,955 | ---- | M] () -- C:\Users\xxx\Desktop\DSC01645.JPG
[2010.07.29 08:30:49 | 000,197,632 | ---- | M] (Intel(R) Corporation) -- C:\windows\System32\ir32_32.dll
[2010.07.29 08:30:34 | 000,082,944 | ---- | M] (Radius Inc.) -- C:\windows\System32\iccvid.dll
 
========== Files Created - No Company Name ==========
 
[2010.08.27 19:10:28 | 000,000,989 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.07 14:37:31 | 000,000,813 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2010.05.09 13:08:59 | 000,000,097 | ---- | C] () -- C:\windows\System32\PICSDK.ini
[2010.05.09 13:00:03 | 000,000,025 | ---- | C] () -- C:\windows\CDE DX5000EFDG.ini
[2009.12.05 16:00:19 | 000,281,760 | ---- | C] () -- C:\windows\System32\drivers\atksgt.sys
[2009.12.05 16:00:19 | 000,025,888 | ---- | C] () -- C:\windows\System32\drivers\lirsgt.sys
[2009.12.02 21:21:37 | 000,000,336 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\wklnhst.dat
[2009.11.26 21:28:16 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.09.17 00:43:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2005.12.15 06:17:00 | 000,159,744 | ---- | C] () -- C:\windows\System32\EPSPTDV.DLL
 
========== LOP Check ==========
 
[2010.02.16 21:13:21 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\FileZilla
[2010.05.12 22:55:37 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Glory of the Roman Empire
[2010.08.27 20:35:54 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ICQ
[2010.08.07 14:37:36 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Opera
[2010.06.07 21:40:17 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Orneon
[2010.06.26 12:42:15 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ProtectDisc
[2009.12.02 21:21:38 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Template
[2009.11.26 21:52:36 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Thunderbird
[2010.01.14 23:34:34 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TomTom
[2010.07.10 12:14:59 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TS3Client
[2009.12.06 21:36:28 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Ubisoft
[2010.08.21 10:14:45 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
         

Alt 27.08.2010, 20:35   #5
john.doe
 
Skype - Facebook Virus foto :P h**p://facebook.twitterbizzer.com/member_profile.php - Standard

Skype - Facebook Virus foto :P h**p://facebook.twitterbizzer.com/member_profile.php



Laut den Logs sollte dein Rechner wieder sauber sein. Frag deine Freunde, ob du immer noch den Link verschickst.

Deine Software ist nicht aktuell. Besonders wichtig sind Updates des Betriebssystems, Java und Acrobat Reader. Ein Programm, dass dir dabei hilft ist => PSI - Consumer - Products

Und damit du etwas für die Zukunft lernst, schreibst du morgen in der Schule 100mal an die Tafel: Ich soll nicht auf jeden Mist klicken.

Wie geht es dem Rechner, gibt es noch Auffälligkeiten oder Meldungen?

ciao, andreas

__________________
Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung!
Privatbetreuung nur gegen Bezahlung und ich koste sehr teuer.
Für alle Neuen
Anleitungen
Virenscanner
Kompromittierung unvermeidbar?

Alt 27.08.2010, 20:41   #6
-Mausi-
 
Skype - Facebook Virus foto :P h**p://facebook.twitterbizzer.com/member_profile.php - Standard

Skype - Facebook Virus foto :P h**p://facebook.twitterbizzer.com/member_profile.php



Danke Danke Danke..
du bist echt lieb..
Jetzt bin ich glücklich..




Nee ist alles gut.. an meinem PC.. er hat sich beruhigt.. alles so wie vorher.. zum glück.. und das aber auch direkt nachdem ich die malsoftware benutzt habe.. also die hats echt ausgemacht..


Ich soll nicht auf jeden Mist klicken.
Ich soll nicht auf jeden Mist klicken.
Ich soll nicht auf jeden Mist klicken.
Ich soll nicht auf jeden Mist klicken.
Ich soll nicht auf jeden Mist klicken.
.....


Danke dir echt

Alt 27.08.2010, 20:43   #7
john.doe
 
Skype - Facebook Virus foto :P h**p://facebook.twitterbizzer.com/member_profile.php - Standard

Skype - Facebook Virus foto :P h**p://facebook.twitterbizzer.com/member_profile.php



Starte OTL => Bereinigen => Rechner startet neu

Du bist entlassen.

ciao, andreas
__________________
Kein Support per PN! Das ist hier ein Forum und keine Privatbetreuung!
Privatbetreuung nur gegen Bezahlung und ich koste sehr teuer.
Für alle Neuen
Anleitungen
Virenscanner
Kompromittierung unvermeidbar?

Antwort

Themen zu Skype - Facebook Virus foto :P h**p://facebook.twitterbizzer.com/member_profile.php
alternate, anti, anti-malware, avast!, brauche, bösartige, components, computer, corp./icp, dateien, explorer, firefox.exe, fontcache, foto, home premium, iastor.sys, infiziert, java, jusched.exe, link, location, malware, microsoft, minute, mozilla thunderbird, nvstor.sys, oldtimer, otl.exe, plug-in, process, programdata, programm, scan, script, searchplugins, skype, software, suche, sweetim, taskhost.exe, version, virenscan, virus, webcheck, zerstört



Ähnliche Themen: Skype - Facebook Virus foto :P h**p://facebook.twitterbizzer.com/member_profile.php


  1. Skype Virus - ' Dies ist ein sehr schönes Foto von dir '
    Plagegeister aller Art und deren Bekämpfung - 28.05.2013 (10)
  2. virus/trojaner über skype eingefangen "sie ist auf diesem foto?"
    Log-Analyse und Auswertung - 24.04.2013 (22)
  3. virus/trojaner über skype eingefangen "sie ist auf diesem foto?"
    Plagegeister aller Art und deren Bekämpfung - 23.04.2013 (21)
  4. 2x | virus/trojaner über skype eingefangen "sie ist auf diesem foto?"
    Mülltonne - 23.04.2013 (1)
  5. Facebook-Trojaner: vinamost.net/images/facebook/get.php?image=IMG39348819.JPG
    Log-Analyse und Auswertung - 21.11.2011 (42)
  6. Facebook Virus. (bist du das auf dem Foto .........)
    Log-Analyse und Auswertung - 04.09.2011 (62)
  7. Zuerst Facebook-Virus-Neu aufgesetzt,cpu Auslastung 100%,bei Facebook-Games extrem lahm!
    Log-Analyse und Auswertung - 03.02.2011 (11)
  8. msn foto facebook exe virus
    Log-Analyse und Auswertung - 06.01.2011 (7)
  9. Skype-Facebook-Bild-Virus
    Plagegeister aller Art und deren Bekämpfung - 17.10.2010 (1)
  10. Skype - Facebook Virus
    Plagegeister aller Art und deren Bekämpfung - 16.10.2010 (25)
  11. Skype Virus per Facebook Adresse
    Plagegeister aller Art und deren Bekämpfung - 24.09.2010 (29)
  12. Foto :D http://imgs-facebook.com/photo_id.php // hab leider den Trojaner auf dem Notebook
    Plagegeister aller Art und deren Bekämpfung - 13.09.2010 (1)
  13. nochmal skype/facebook trojaner :( pc fast tot..
    Plagegeister aller Art und deren Bekämpfung - 12.09.2010 (21)
  14. Facebook Virus über skype bekommen
    Log-Analyse und Auswertung - 07.09.2010 (0)
  15. Skype & MSN Virus , Ich brauche Hilfe! h**p://facebook.lm-interiors.com/image_id.php
    Plagegeister aller Art und deren Bekämpfung - 31.08.2010 (6)
  16. Virus der sich über skype verschickt! h**p://facebook.twitterbizzer.com/photo_id.php
    Log-Analyse und Auswertung - 26.08.2010 (17)
  17. msn facebook foto virus
    Plagegeister aller Art und deren Bekämpfung - 01.07.2010 (1)

Zum Thema Skype - Facebook Virus foto :P h**p://facebook.twitterbizzer.com/member_profile.php - Hallo, ich brauche eure Hilfe. ich habe über Skype einen Link bekommen mit einem Facebook link. Dumm wie ich bin hab drauf geklickt und sogar installiert. foto :P h**p://facebook.twitterbizzer.com/member_profile.php Nun - Skype - Facebook Virus foto :P h**p://facebook.twitterbizzer.com/member_profile.php...
Archiv
Du betrachtest: Skype - Facebook Virus foto :P h**p://facebook.twitterbizzer.com/member_profile.php auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.