Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/Kazy.mekml.1

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 18.04.2011, 22:04   #1
Jennifer86
 
TR/Kazy.mekml.1 - Standard

TR/Kazy.mekml.1



Hallo,

leider habe ich das gleiche Problem wie einige andere User des Forums. Habe nun auch die Scans durchgeführt und poste sie im Anschluss.

Ich wäre um jede Hilfe dankbar, da leider alle meine Fotos und alle privaten gespeicherten Erinnerungen einfach weg sind..und ich habe leider auch keine wirklich gut ausgeprägten Kenntnisse. Da das Problem bezüglich TR/Kazy.mekml.1 nun schon öfter erklärt wurde, beschreibe ich die Symptome nicht nochmal.

Vielen Dank im Voraus!

Alt 18.04.2011, 22:05   #2
Jennifer86
 
TR/Kazy.mekml.1 - Standard

TR/Kazy.mekml.1



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 18.04.2011 22:35:16 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Jennifer\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.17193)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,77 Gb Total Space | 1,72 Gb Free Space | 2,47% Space Free | Partition Type: NTFS
Drive D: | 69,52 Gb Total Space | 68,55 Gb Free Space | 98,61% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: JENNIFER-PC | User Name: Jennifer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Jennifer\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Windows\System32\sdclt.exe (Microsoft Corporation)
PRC - C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Users\Jennifer\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Programme\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - c:\Programme\Windows Defender\MpCmdRun.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
PRC - C:\Acer\ALaunch\ALaunchSvc.exe ()
PRC - C:\Acer\Mobility Center\MobilityService.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Jennifer\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (LiveUpdate Notice Ex) --  File not found
SRV - (CLTNetCnService) --  File not found
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
SRV - (ALaunchService) -- C:\Acer\ALaunch\ALaunchSvc.exe ()
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (PzWDM) -- C:\Windows\system32\Drivers\PzWDM.sys (Prassi Technology)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (Cam5607) -- C:\Windows\System32\drivers\BisonC07.sys (Bison Electronics. Inc. )
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\Play Movie\000.fcl (Cyberlink Corp.)
DRV - (DritekPortIO) -- C:\Programme\Launch Manager\DPortIO.sys (Dritek System Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Deutschland
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Deutschland
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Acer.com Worldwide - Select your local country or region [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Acer.com Worldwide - Select your local country or region [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.bpb.de"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.2
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {d7ba87f4-c901-47b7-af80-18d75313aad1}:1.4.1
FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.0.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {084716FF-1F7D-42E4-A30F-21D29CAFFE64}:1.9.1
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.03.24 15:03:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.27 10:37:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.27 10:37:56 | 000,000,000 | ---D | M]
 
[2008.11.22 13:41:33 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Jennifer\AppData\Roaming\mozilla\Extensions
[2011.04.18 17:17:10 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Jennifer\AppData\Roaming\mozilla\Firefox\Profiles\9r0vfyat.default\extensions
[2011.04.18 21:30:00 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jennifer\AppData\Roaming\mozilla\Firefox\Profiles\9r0vfyat.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.18 21:30:00 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Users\Jennifer\AppData\Roaming\mozilla\Firefox\Profiles\9r0vfyat.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.04.18 21:30:00 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\Jennifer\AppData\Roaming\mozilla\Firefox\Profiles\9r0vfyat.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.04.18 21:30:06 | 000,000,000 | -H-D | M] (facebookchatbar) -- C:\Users\Jennifer\AppData\Roaming\mozilla\Firefox\Profiles\9r0vfyat.default\extensions\{d7ba87f4-c901-47b7-af80-18d75313aad1}
[2011.04.18 21:30:06 | 000,000,000 | -H-D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Jennifer\AppData\Roaming\mozilla\Firefox\Profiles\9r0vfyat.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2011.04.18 21:29:58 | 000,000,000 | -H-D | M] (Foxit PDF Creator Toolbar) -- C:\Users\Jennifer\AppData\Roaming\mozilla\Firefox\Profiles\9r0vfyat.default\extensions\toolbar@ask.com
[2011.04.14 13:29:42 | 000,000,950 | -H-- | M] () -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\9r0vfyat.default\searchplugins\icqplugin-1.xml
[2011.01.05 10:24:36 | 000,000,950 | -H-- | M] () -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\9r0vfyat.default\searchplugins\icqplugin-10.xml
[2011.03.07 11:22:13 | 000,000,950 | -H-- | M] () -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\9r0vfyat.default\searchplugins\icqplugin-11.xml
[2011.03.10 08:40:22 | 000,000,950 | -H-- | M] () -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\9r0vfyat.default\searchplugins\icqplugin-12.xml
[2011.03.28 20:55:34 | 000,000,950 | -H-- | M] () -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\9r0vfyat.default\searchplugins\icqplugin-13.xml
[2010.06.25 09:34:41 | 000,000,950 | -H-- | M] () -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\9r0vfyat.default\searchplugins\icqplugin-2.xml
[2010.06.28 16:55:17 | 000,000,950 | -H-- | M] () -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\9r0vfyat.default\searchplugins\icqplugin-3.xml
[2010.07.28 12:33:54 | 000,000,950 | -H-- | M] () -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\9r0vfyat.default\searchplugins\icqplugin-4.xml
[2010.09.10 22:34:08 | 000,000,950 | -H-- | M] () -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\9r0vfyat.default\searchplugins\icqplugin-5.xml
[2010.09.16 23:01:12 | 000,000,950 | -H-- | M] () -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\9r0vfyat.default\searchplugins\icqplugin-6.xml
[2010.09.17 09:28:34 | 000,000,950 | -H-- | M] () -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\9r0vfyat.default\searchplugins\icqplugin-7.xml
[2010.10.28 22:52:05 | 000,000,950 | -H-- | M] () -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\9r0vfyat.default\searchplugins\icqplugin-8.xml
[2010.12.10 18:40:19 | 000,000,950 | -H-- | M] () -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\9r0vfyat.default\searchplugins\icqplugin-9.xml
[2010.02.03 14:37:50 | 000,000,947 | -H-- | M] () -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\9r0vfyat.default\searchplugins\icqplugin.xml
[2010.04.29 22:09:29 | 000,003,915 | -H-- | M] () -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\9r0vfyat.default\searchplugins\sweetim.xml
[2010.11.19 10:47:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.05.07 23:46:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.09 07:43:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.19 10:47:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.06.28 16:54:22 | 000,000,000 | ---D | M] (Facemoods) -- C:\Programme\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com
[2008.02.22 22:17:44 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008.04.05 17:14:56 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008.08.10 10:49:01 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008.11.20 19:15:21 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009.10.27 00:54:16 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2010.04.12 22:34:40 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
[2010.05.07 23:46:37 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.09 07:43:23 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.19 10:47:29 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.06.28 16:54:22 | 000,000,000 | ---D | M] (Facemoods) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\FFXTLBR@FACEMOODS.COM
[2011.04.18 17:16:57 | 000,000,000 | -H-D | M] (XULRunner) -- C:\USERS\JENNIFER\APPDATA\LOCAL\{084716FF-1F7D-42E4-A30F-21D29CAFFE64}
[2010.09.15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.03.27 10:37:45 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.27 10:37:45 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.27 14:32:50 | 000,002,025 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\fcmdSrch.xml
[2011.03.27 10:37:46 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.27 10:37:46 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.27 10:37:46 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.3.62.1\facemoods.dll (facemoods.com)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Programme\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.3.62.1\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKCU..\Run: [Nnatuzu] C:\Users\Jennifer\AppData\Local\azovikikikodu.dll (Realtek Semiconductor)
O4 - HKCU..\Run: [PFmPbJoHGuT] C:\ProgramData\PFmPbJoHGuT.exe (BitSprx)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Umire] C:\Users\Jennifer\AppData\Local\xtnhrfgr.dll (FileZilla Project)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CD-MENU.LNK =  File not found
O4 - Startup: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1753d368-95cb-11dd-9123-001b385cee03}\Shell\AutoRun\command - "" = F:\
O33 - MountPoints2\{1753d368-95cb-11dd-9123-001b385cee03}\Shell\open\Command - "" = rundll32.exe .\\nethi1.dll,InstallM
O33 - MountPoints2\{1c1d823c-c18f-11df-bd78-001b385cee03}\Shell - "" = Autorun
O33 - MountPoints2\{1c1d823c-c18f-11df-bd78-001b385cee03}\Shell\downloadsb\command - "" = C:\Windows\explorer.exe -- [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{5919cfcc-fde2-11df-994f-001b385cee03}\Shell\AutoRun\command - "" = F:\start.exe
O33 - MountPoints2\{8f0cf6e9-6c8d-11df-80dd-001b385cee03}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.18 22:22:28 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTL.exe
[2011.04.18 22:12:06 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\Malwarebytes
[2011.04.18 22:10:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.18 22:10:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.18 22:10:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.18 22:10:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.04.18 22:10:48 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.04.18 22:08:28 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Jennifer\Desktop\mbam-setup.exe
[2011.04.18 17:22:37 | 000,000,000 | -H-D | C] -- C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
[2011.04.18 17:16:57 | 000,000,000 | -H-D | C] -- C:\Users\Jennifer\AppData\Local\{084716FF-1F7D-42E4-A30F-21D29CAFFE64}
[2011.04.18 17:15:20 | 000,569,344 | -H-- | C] (BitSprx) -- C:\ProgramData\PFmPbJoHGuT.exe
[2011.04.15 15:58:50 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.15 15:58:49 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.15 15:58:43 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.15 15:58:43 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.15 15:58:34 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.15 15:58:29 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.15 15:58:25 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.03.23 11:19:22 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.03.23 11:19:22 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2009.10.20 21:27:51 | 000,375,296 | -H-- | C] (Realtek Semiconductor) -- C:\Users\Jennifer\AppData\Local\azovikikikodu.dll
[2009.10.20 21:27:51 | 000,089,088 | -H-- | C] (FileZilla Project) -- C:\Users\Jennifer\AppData\Local\xtnhrfgr.dll
[2007.10.19 12:05:51 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2007.07.28 11:24:55 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.18 22:22:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTL.exe
[2011.04.18 22:10:53 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.18 22:10:23 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Jennifer\Desktop\mbam-setup.exe
[2011.04.18 22:00:10 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2011.04.18 21:57:47 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.18 21:57:47 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.18 21:57:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.18 17:29:53 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.18 17:29:53 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.18 17:29:53 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.18 17:29:53 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.18 17:24:35 | 000,000,392 | -H-- | M] () -- C:\ProgramData\38133512
[2011.04.18 17:22:38 | 000,000,160 | -H-- | M] () -- C:\ProgramData\~38133512r
[2011.04.18 17:22:38 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~38133512
[2011.04.18 17:22:06 | 000,028,124 | -H-- | M] () -- C:\ProgramData\nvModes.001
[2011.04.18 17:22:03 | 000,028,124 | -H-- | M] () -- C:\ProgramData\nvModes.dat
[2011.04.18 17:15:20 | 000,569,344 | -H-- | M] (BitSprx) -- C:\ProgramData\PFmPbJoHGuT.exe
[2011.04.18 12:00:31 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{81EAE660-C283-4F5C-A59C-085C1A4C3F98}.job
[2011.04.18 11:56:45 | 000,403,584 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.03.28 23:11:36 | 005,792,349 | -H-- | M] () -- C:\Users\Jennifer\Desktop\IMG_6113.jpg
[2011.03.27 00:44:54 | 000,000,680 | -H-- | M] () -- C:\Users\Jennifer\AppData\Local\d3d9caps.dat
 
========== Files Created - No Company Name ==========
 
[2011.04.18 22:10:53 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.18 17:22:38 | 000,000,160 | -H-- | C] () -- C:\ProgramData\~38133512r
[2011.04.18 17:22:38 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~38133512
[2011.04.18 17:22:23 | 000,000,392 | -H-- | C] () -- C:\ProgramData\38133512
[2011.03.28 23:09:53 | 005,792,349 | -H-- | C] () -- C:\Users\Jennifer\Desktop\IMG_6113.jpg
[2010.08.02 22:55:03 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2009.12.21 03:42:18 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini
[2009.10.20 21:27:53 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.10.20 21:27:53 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.05.01 11:40:46 | 000,028,124 | -H-- | C] () -- C:\ProgramData\nvModes.001
[2009.05.01 11:40:45 | 000,028,124 | -H-- | C] () -- C:\ProgramData\nvModes.dat
[2008.12.29 18:22:30 | 000,000,680 | -H-- | C] () -- C:\Users\Jennifer\AppData\Local\d3d9caps.dat
[2008.12.10 12:45:33 | 000,124,432 | ---- | C] () -- C:\Windows\System32\PanInstaller.dll
[2008.12.10 12:45:30 | 000,083,480 | ---- | C] () -- C:\Windows\System32\FirstLoad.dll
[2008.08.26 12:03:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.08.08 13:04:33 | 000,000,000 | -H-- | C] () -- C:\ProgramData\LauncherAccess.dt
[2008.08.08 13:03:19 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2008.08.07 10:44:25 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.08.03 14:20:35 | 000,027,965 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_JP.dat
[2008.07.13 21:21:55 | 000,000,104 | -H-- | C] () -- C:\Users\Jennifer\AppData\Roaming\wklnhst.dat
[2008.02.05 15:38:57 | 000,000,540 | -H-- | C] () -- C:\Users\Jennifer\AppData\Roaming\AutoGK.ini
[2008.01.29 16:46:31 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2008.01.29 16:46:31 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2008.01.29 16:46:31 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2008.01.29 16:46:31 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2008.01.29 16:46:31 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2008.01.29 16:46:31 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008.01.29 16:46:30 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2008.01.29 16:46:30 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2008.01.29 16:46:30 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2008.01.29 16:46:30 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2008.01.29 16:46:30 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2008.01.29 16:46:30 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2008.01.29 16:46:30 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2008.01.29 16:46:30 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2008.01.29 16:46:30 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2008.01.29 16:46:30 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2008.01.29 16:46:30 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2008.01.29 16:46:30 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2008.01.29 16:46:30 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2008.01.29 16:34:50 | 000,000,025 | ---- | C] () -- C:\Windows\CDE D78DEFGIPS.ini
[2008.01.28 20:26:38 | 000,026,112 | -H-- | C] () -- C:\Users\Jennifer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.01.23 16:14:00 | 000,027,620 | -H-- | C] () -- C:\Users\Jennifer\AppData\Roaming\nvModes.001
[2008.01.23 12:24:21 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.01.23 11:31:33 | 000,027,620 | -H-- | C] () -- C:\Users\Jennifer\AppData\Roaming\nvModes.dat
[2007.10.26 15:28:18 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2007.10.19 21:37:52 | 000,000,030 | ---- | C] () -- C:\Windows\SETPANEL.INI
[2007.10.19 21:37:51 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2007.10.19 12:05:51 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2007.07.28 21:54:24 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007.07.28 19:02:40 | 000,015,190 | ---- | C] () -- C:\Windows\M2000T07.ini
[2007.07.28 11:38:36 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2007.07.28 11:38:36 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007.07.28 11:37:48 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2007.07.28 11:24:52 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007.07.28 10:35:23 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007.07.28 10:32:12 | 000,000,775 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2007.07.28 10:23:38 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2007.04.25 16:33:22 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007.04.25 16:32:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007.04.25 16:32:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007.04.25 16:31:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007.04.25 16:30:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007.04.25 16:30:44 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006.12.25 15:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006.11.13 05:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin
[2006.11.02 17:33:31 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,126,260 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,403,584 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.12.15 07:17:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\EPSPTDV.DLL
[2002.10.16 00:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[1997.10.18 01:00:00 | 000,212,480 | ---- | C] () -- C:\Windows\System32\PCDLIB32.DLL
[1997.10.18 01:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\DOCOBJ.DLL
[1997.10.18 01:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL
 
========== LOP Check ==========
 
[2009.06.03 22:38:11 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\Amazon
[2008.10.13 10:41:15 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\Binary Fortress Software
[2011.04.18 21:29:55 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\BrainYoo
[2011.04.18 16:09:41 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\Dropbox
[2008.03.27 14:54:53 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\EPSON
[2011.01.04 16:02:07 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\Foxit
[2011.01.04 16:02:08 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\Foxit Software
[2011.03.29 22:20:51 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\ICQ
[2008.01.22 22:51:14 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\ICQ Toolbar
[2008.11.04 20:37:47 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\OpenOffice.org
[2010.08.02 22:57:30 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\PrimoPDF
[2008.08.08 13:13:16 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\Samsung
[2008.07.13 21:21:57 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\Template
[2009.11.13 22:45:15 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\TubeBox
[2008.11.19 18:01:36 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\TuneUp Software
[2011.01.04 16:11:28 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\UDC Profiles
[2011.04.18 22:00:10 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2011.04.18 21:55:47 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.04.18 12:00:31 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{81EAE660-C283-4F5C-A59C-085C1A4C3F98}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:30A9E86A

< End of report >
         
--- --- ---
__________________


Alt 18.04.2011, 22:05   #3
Jennifer86
 
TR/Kazy.mekml.1 - Standard

TR/Kazy.mekml.1



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 18.04.2011 22:35:16 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Jennifer\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.17193)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,77 Gb Total Space | 1,72 Gb Free Space | 2,47% Space Free | Partition Type: NTFS
Drive D: | 69,52 Gb Total Space | 68,55 Gb Free Space | 98,61% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: JENNIFER-PC | User Name: Jennifer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Jennifer\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Windows\System32\sdclt.exe (Microsoft Corporation)
PRC - C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Windows\System32\TUProgSt.exe (TuneUp Software)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Users\Jennifer\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Programme\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - c:\Programme\Windows Defender\MpCmdRun.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
PRC - C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
PRC - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
PRC - C:\Acer\ALaunch\ALaunchSvc.exe ()
PRC - C:\Acer\Mobility Center\MobilityService.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Jennifer\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (LiveUpdate Notice Ex) --  File not found
SRV - (CLTNetCnService) --  File not found
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (TuneUp.ProgramStatisticsSvc) -- C:\Windows\System32\TUProgSt.exe (TuneUp Software)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer)
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()
SRV - (eNet Service) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe (Acer Inc.)
SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
SRV - (eLockService) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (Acer Inc.)
SRV - (ALaunchService) -- C:\Acer\ALaunch\ALaunchSvc.exe ()
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys ()
DRV - (PzWDM) -- C:\Windows\system32\Drivers\PzWDM.sys (Prassi Technology)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)
DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (Cam5607) -- C:\Windows\System32\drivers\BisonC07.sys (Bison Electronics. Inc. )
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (enecir) -- C:\Windows\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\Play Movie\000.fcl (Cyberlink Corp.)
DRV - (DritekPortIO) -- C:\Programme\Launch Manager\DPortIO.sys (Dritek System Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Yahoo! Deutschland
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Deutschland
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Acer.com Worldwide - Select your local country or region [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Acer.com Worldwide - Select your local country or region [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "www.bpb.de"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.2
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {d7ba87f4-c901-47b7-af80-18d75313aad1}:1.4.1
FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.0.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590
FF - prefs.js..extensions.enabledItems: {084716FF-1F7D-42E4-A30F-21D29CAFFE64}:1.9.1
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.2&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008.03.24 15:03:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.03.27 10:37:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.27 10:37:56 | 000,000,000 | ---D | M]
 
[2008.11.22 13:41:33 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Jennifer\AppData\Roaming\mozilla\Extensions
[2011.04.18 17:17:10 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Jennifer\AppData\Roaming\mozilla\Firefox\Profiles\9r0vfyat.default\extensions
[2011.04.18 21:30:00 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jennifer\AppData\Roaming\mozilla\Firefox\Profiles\9r0vfyat.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.18 21:30:00 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Users\Jennifer\AppData\Roaming\mozilla\Firefox\Profiles\9r0vfyat.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011.04.18 21:30:00 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\Jennifer\AppData\Roaming\mozilla\Firefox\Profiles\9r0vfyat.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.04.18 21:30:06 | 000,000,000 | -H-D | M] (facebookchatbar) -- C:\Users\Jennifer\AppData\Roaming\mozilla\Firefox\Profiles\9r0vfyat.default\extensions\{d7ba87f4-c901-47b7-af80-18d75313aad1}
[2011.04.18 21:30:06 | 000,000,000 | -H-D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Jennifer\AppData\Roaming\mozilla\Firefox\Profiles\9r0vfyat.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2011.04.18 21:29:58 | 000,000,000 | -H-D | M] (Foxit PDF Creator Toolbar) -- C:\Users\Jennifer\AppData\Roaming\mozilla\Firefox\Profiles\9r0vfyat.default\extensions\toolbar@ask.com
[2011.04.14 13:29:42 | 000,000,950 | -H-- | M] () -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\9r0vfyat.default\searchplugins\icqplugin-1.xml
[2011.01.05 10:24:36 | 000,000,950 | -H-- | M] () -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\9r0vfyat.default\searchplugins\icqplugin-10.xml
[2011.03.07 11:22:13 | 000,000,950 | -H-- | M] () -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\9r0vfyat.default\searchplugins\icqplugin-11.xml
[2011.03.10 08:40:22 | 000,000,950 | -H-- | M] () -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\9r0vfyat.default\searchplugins\icqplugin-12.xml
[2011.03.28 20:55:34 | 000,000,950 | -H-- | M] () -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\9r0vfyat.default\searchplugins\icqplugin-13.xml
[2010.06.25 09:34:41 | 000,000,950 | -H-- | M] () -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\9r0vfyat.default\searchplugins\icqplugin-2.xml
[2010.06.28 16:55:17 | 000,000,950 | -H-- | M] () -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\9r0vfyat.default\searchplugins\icqplugin-3.xml
[2010.07.28 12:33:54 | 000,000,950 | -H-- | M] () -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\9r0vfyat.default\searchplugins\icqplugin-4.xml
[2010.09.10 22:34:08 | 000,000,950 | -H-- | M] () -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\9r0vfyat.default\searchplugins\icqplugin-5.xml
[2010.09.16 23:01:12 | 000,000,950 | -H-- | M] () -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\9r0vfyat.default\searchplugins\icqplugin-6.xml
[2010.09.17 09:28:34 | 000,000,950 | -H-- | M] () -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\9r0vfyat.default\searchplugins\icqplugin-7.xml
[2010.10.28 22:52:05 | 000,000,950 | -H-- | M] () -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\9r0vfyat.default\searchplugins\icqplugin-8.xml
[2010.12.10 18:40:19 | 000,000,950 | -H-- | M] () -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\9r0vfyat.default\searchplugins\icqplugin-9.xml
[2010.02.03 14:37:50 | 000,000,947 | -H-- | M] () -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\9r0vfyat.default\searchplugins\icqplugin.xml
[2010.04.29 22:09:29 | 000,003,915 | -H-- | M] () -- C:\Users\Jennifer\AppData\Roaming\Mozilla\Firefox\Profiles\9r0vfyat.default\searchplugins\sweetim.xml
[2010.11.19 10:47:29 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.05.07 23:46:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.09 07:43:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.19 10:47:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.06.28 16:54:22 | 000,000,000 | ---D | M] (Facemoods) -- C:\Programme\Mozilla Firefox\extensions\ffxtlbr@Facemoods.com
[2008.02.22 22:17:44 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008.04.05 17:14:56 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008.08.10 10:49:01 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2008.11.20 19:15:21 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2009.10.27 00:54:16 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
[2010.04.12 22:34:40 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
[2010.05.07 23:46:37 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.09 07:43:23 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.19 10:47:29 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.06.28 16:54:22 | 000,000,000 | ---D | M] (Facemoods) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\FFXTLBR@FACEMOODS.COM
[2011.04.18 17:16:57 | 000,000,000 | -H-D | M] (XULRunner) -- C:\USERS\JENNIFER\APPDATA\LOCAL\{084716FF-1F7D-42E4-A30F-21D29CAFFE64}
[2010.09.15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.03.27 10:37:45 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.03.27 10:37:45 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.27 14:32:50 | 000,002,025 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\fcmdSrch.xml
[2011.03.27 10:37:46 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.03.27 10:37:46 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.03.27 10:37:46 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.3.62.1\facemoods.dll (facemoods.com)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Programme\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.3.62.1\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKCU..\Run: [Nnatuzu] C:\Users\Jennifer\AppData\Local\azovikikikodu.dll (Realtek Semiconductor)
O4 - HKCU..\Run: [PFmPbJoHGuT] C:\ProgramData\PFmPbJoHGuT.exe (BitSprx)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Umire] C:\Users\Jennifer\AppData\Local\xtnhrfgr.dll (FileZilla Project)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CD-MENU.LNK =  File not found
O4 - Startup: C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Jennifer\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1753d368-95cb-11dd-9123-001b385cee03}\Shell\AutoRun\command - "" = F:\
O33 - MountPoints2\{1753d368-95cb-11dd-9123-001b385cee03}\Shell\open\Command - "" = rundll32.exe .\\nethi1.dll,InstallM
O33 - MountPoints2\{1c1d823c-c18f-11df-bd78-001b385cee03}\Shell - "" = Autorun
O33 - MountPoints2\{1c1d823c-c18f-11df-bd78-001b385cee03}\Shell\downloadsb\command - "" = C:\Windows\explorer.exe -- [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{5919cfcc-fde2-11df-994f-001b385cee03}\Shell\AutoRun\command - "" = F:\start.exe
O33 - MountPoints2\{8f0cf6e9-6c8d-11df-80dd-001b385cee03}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RuNdLl32.EXE      .\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx,ahaezedrn
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.18 22:22:28 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTL.exe
[2011.04.18 22:12:06 | 000,000,000 | ---D | C] -- C:\Users\Jennifer\AppData\Roaming\Malwarebytes
[2011.04.18 22:10:53 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.04.18 22:10:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.04.18 22:10:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.04.18 22:10:48 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011.04.18 22:10:48 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2011.04.18 22:08:28 | 007,734,208 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Jennifer\Desktop\mbam-setup.exe
[2011.04.18 17:22:37 | 000,000,000 | -H-D | C] -- C:\Users\Jennifer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Recovery
[2011.04.18 17:16:57 | 000,000,000 | -H-D | C] -- C:\Users\Jennifer\AppData\Local\{084716FF-1F7D-42E4-A30F-21D29CAFFE64}
[2011.04.18 17:15:20 | 000,569,344 | -H-- | C] (BitSprx) -- C:\ProgramData\PFmPbJoHGuT.exe
[2011.04.15 15:58:50 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.15 15:58:49 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.15 15:58:43 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.15 15:58:43 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.15 15:58:34 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.15 15:58:29 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.15 15:58:25 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.03.23 11:19:22 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011.03.23 11:19:22 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2009.10.20 21:27:51 | 000,375,296 | -H-- | C] (Realtek Semiconductor) -- C:\Users\Jennifer\AppData\Local\azovikikikodu.dll
[2009.10.20 21:27:51 | 000,089,088 | -H-- | C] (FileZilla Project) -- C:\Users\Jennifer\AppData\Local\xtnhrfgr.dll
[2007.10.19 12:05:51 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe
[2007.07.28 11:24:55 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.18 22:22:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Jennifer\Desktop\OTL.exe
[2011.04.18 22:10:53 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.18 22:10:23 | 007,734,208 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Jennifer\Desktop\mbam-setup.exe
[2011.04.18 22:00:10 | 000,000,506 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2011.04.18 21:57:47 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.18 21:57:47 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.18 21:57:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.18 17:29:53 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.18 17:29:53 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.18 17:29:53 | 000,126,260 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.18 17:29:53 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.18 17:24:35 | 000,000,392 | -H-- | M] () -- C:\ProgramData\38133512
[2011.04.18 17:22:38 | 000,000,160 | -H-- | M] () -- C:\ProgramData\~38133512r
[2011.04.18 17:22:38 | 000,000,128 | -H-- | M] () -- C:\ProgramData\~38133512
[2011.04.18 17:22:06 | 000,028,124 | -H-- | M] () -- C:\ProgramData\nvModes.001
[2011.04.18 17:22:03 | 000,028,124 | -H-- | M] () -- C:\ProgramData\nvModes.dat
[2011.04.18 17:15:20 | 000,569,344 | -H-- | M] (BitSprx) -- C:\ProgramData\PFmPbJoHGuT.exe
[2011.04.18 12:00:31 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{81EAE660-C283-4F5C-A59C-085C1A4C3F98}.job
[2011.04.18 11:56:45 | 000,403,584 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.03.28 23:11:36 | 005,792,349 | -H-- | M] () -- C:\Users\Jennifer\Desktop\IMG_6113.jpg
[2011.03.27 00:44:54 | 000,000,680 | -H-- | M] () -- C:\Users\Jennifer\AppData\Local\d3d9caps.dat
 
========== Files Created - No Company Name ==========
 
[2011.04.18 22:10:53 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.04.18 17:22:38 | 000,000,160 | -H-- | C] () -- C:\ProgramData\~38133512r
[2011.04.18 17:22:38 | 000,000,128 | -H-- | C] () -- C:\ProgramData\~38133512
[2011.04.18 17:22:23 | 000,000,392 | -H-- | C] () -- C:\ProgramData\38133512
[2011.03.28 23:09:53 | 005,792,349 | -H-- | C] () -- C:\Users\Jennifer\Desktop\IMG_6113.jpg
[2010.08.02 22:55:03 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2009.12.21 03:42:18 | 000,000,314 | ---- | C] () -- C:\Windows\primopdf.ini
[2009.10.20 21:27:53 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.10.20 21:27:53 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.05.01 11:40:46 | 000,028,124 | -H-- | C] () -- C:\ProgramData\nvModes.001
[2009.05.01 11:40:45 | 000,028,124 | -H-- | C] () -- C:\ProgramData\nvModes.dat
[2008.12.29 18:22:30 | 000,000,680 | -H-- | C] () -- C:\Users\Jennifer\AppData\Local\d3d9caps.dat
[2008.12.10 12:45:33 | 000,124,432 | ---- | C] () -- C:\Windows\System32\PanInstaller.dll
[2008.12.10 12:45:30 | 000,083,480 | ---- | C] () -- C:\Windows\System32\FirstLoad.dll
[2008.08.26 12:03:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.08.08 13:04:33 | 000,000,000 | -H-- | C] () -- C:\ProgramData\LauncherAccess.dt
[2008.08.08 13:03:19 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2008.08.07 10:44:25 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.08.03 14:20:35 | 000,027,965 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_JP.dat
[2008.07.13 21:21:55 | 000,000,104 | -H-- | C] () -- C:\Users\Jennifer\AppData\Roaming\wklnhst.dat
[2008.02.05 15:38:57 | 000,000,540 | -H-- | C] () -- C:\Users\Jennifer\AppData\Roaming\AutoGK.ini
[2008.01.29 16:46:31 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2008.01.29 16:46:31 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2008.01.29 16:46:31 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2008.01.29 16:46:31 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2008.01.29 16:46:31 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2008.01.29 16:46:31 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008.01.29 16:46:30 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2008.01.29 16:46:30 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2008.01.29 16:46:30 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2008.01.29 16:46:30 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2008.01.29 16:46:30 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2008.01.29 16:46:30 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2008.01.29 16:46:30 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2008.01.29 16:46:30 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2008.01.29 16:46:30 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2008.01.29 16:46:30 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2008.01.29 16:46:30 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2008.01.29 16:46:30 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2008.01.29 16:46:30 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2008.01.29 16:34:50 | 000,000,025 | ---- | C] () -- C:\Windows\CDE D78DEFGIPS.ini
[2008.01.28 20:26:38 | 000,026,112 | -H-- | C] () -- C:\Users\Jennifer\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.01.23 16:14:00 | 000,027,620 | -H-- | C] () -- C:\Users\Jennifer\AppData\Roaming\nvModes.001
[2008.01.23 12:24:21 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.01.23 11:31:33 | 000,027,620 | -H-- | C] () -- C:\Users\Jennifer\AppData\Roaming\nvModes.dat
[2007.10.26 15:28:18 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2007.10.19 21:37:52 | 000,000,030 | ---- | C] () -- C:\Windows\SETPANEL.INI
[2007.10.19 21:37:51 | 000,000,092 | ---- | C] () -- C:\Windows\CLEANUP.INI
[2007.10.19 12:05:51 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe
[2007.07.28 21:54:24 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007.07.28 19:02:40 | 000,015,190 | ---- | C] () -- C:\Windows\M2000T07.ini
[2007.07.28 11:38:36 | 000,076,584 | ---- | C] () -- C:\Windows\System32\drivers\int15.sys
[2007.07.28 11:38:36 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2007.07.28 11:37:48 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2007.07.28 11:24:52 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007.07.28 10:35:23 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007.07.28 10:32:12 | 000,000,775 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2007.07.28 10:23:38 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin
[2007.04.25 16:33:22 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007.04.25 16:32:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007.04.25 16:32:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007.04.25 16:31:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007.04.25 16:30:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007.04.25 16:30:44 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006.12.25 15:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006.11.13 05:50:06 | 000,071,680 | ---- | C] () -- C:\Windows\System32\HTCA_SelfExtract.bin
[2006.11.02 17:33:31 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,126,260 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,403,584 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.12.15 07:17:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\EPSPTDV.DLL
[2002.10.16 00:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[1997.10.18 01:00:00 | 000,212,480 | ---- | C] () -- C:\Windows\System32\PCDLIB32.DLL
[1997.10.18 01:00:00 | 000,022,016 | ---- | C] () -- C:\Windows\System32\DOCOBJ.DLL
[1997.10.18 01:00:00 | 000,012,288 | ---- | C] () -- C:\Windows\System32\HLINKPRX.DLL
 
========== LOP Check ==========
 
[2009.06.03 22:38:11 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\Amazon
[2008.10.13 10:41:15 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\Binary Fortress Software
[2011.04.18 21:29:55 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\BrainYoo
[2011.04.18 16:09:41 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\Dropbox
[2008.03.27 14:54:53 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\EPSON
[2011.01.04 16:02:07 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\Foxit
[2011.01.04 16:02:08 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\Foxit Software
[2011.03.29 22:20:51 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\ICQ
[2008.01.22 22:51:14 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\ICQ Toolbar
[2008.11.04 20:37:47 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\OpenOffice.org
[2010.08.02 22:57:30 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\PrimoPDF
[2008.08.08 13:13:16 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\Samsung
[2008.07.13 21:21:57 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\Template
[2009.11.13 22:45:15 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\TubeBox
[2008.11.19 18:01:36 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\TuneUp Software
[2011.01.04 16:11:28 | 000,000,000 | -H-D | M] -- C:\Users\Jennifer\AppData\Roaming\UDC Profiles
[2011.04.18 22:00:10 | 000,000,506 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2011.04.18 21:55:47 | 000,032,628 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.04.18 12:00:31 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{81EAE660-C283-4F5C-A59C-085C1A4C3F98}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:30A9E86A

< End of report >
         
--- --- ---
__________________

Alt 18.04.2011, 22:06   #4
Jennifer86
 
TR/Kazy.mekml.1 - Standard

TR/Kazy.mekml.1



OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 18.04.2011 22:35:16 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Jennifer\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.17193)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 66,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,77 Gb Total Space | 1,72 Gb Free Space | 2,47% Space Free | Partition Type: NTFS
Drive D: | 69,52 Gb Total Space | 68,55 Gb Free Space | 98,61% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: JENNIFER-PC | User Name: Jennifer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.pif [@ = piffile] -- "%1" %*"
.scr [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- Reg Error: Key error.
scrfile [install] -- Reg Error: Key error.
scrfile [open] -- Reg Error: Key error.
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 0
"DisableConfig" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe" = C:\Acer\Empowering Technology\eDataSecurity\eDSfsu.exe:*:Enabled:eDSfsu -- (Acer Inc.)
"C:\Acer\Empowering Technology\eDataSecurity\encryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\encryption.exe:*:Enabled:encryption -- (HiTRUST)
"C:\Acer\Empowering Technology\eDataSecurity\decryption.exe" = C:\Acer\Empowering Technology\eDataSecurity\decryption.exe:*:Enabled:decryption -- (HiTRUST)
"C:\Program Files\PANDORA.TV\Video Streamer\VideoStreamer.exe" = C:\Program Files\PANDORA.TV\Video Streamer\VideoStreamer.exe:*:Enabled:VideoStreamer.exe
"C:\Program Files\PANDORA.TV\Video Streamer\VSStream.exe" = C:\Program Files\PANDORA.TV\Video Streamer\VSStream.exe:*:Enabled:VSStream.exe
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{353A5E07-32ED-43D3-93B5-7DD83CD15902}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{3F5452E9-4C5A-4CD3-9C31-B0CFA2D672AE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{834FB350-5B4B-48F6-A535-E44E03D2DBB9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{839F4564-06CE-48FA-891F-19FD20631B24}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{9C57776E-A095-4BC7-9BA4-85F5E3919FDC}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{A6767C26-6553-4A9C-AABD-DCCE5823BFCB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B78D0E45-4FA5-4278-9673-DB6F280DDED7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{EFFBE1C6-DF32-45AD-BB88-6588ACD9ABBA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F3DE5A83-1280-4FBB-95AB-D2B0FA97F4B9}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{018F7362-0DCD-43D8-B852-578DADFA2D3B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{01FDF2E2-61B8-4223-88AA-CA3FEC6DECC1}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{0A98FC4A-7196-49F2-897F-F5D4B40CC724}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{0C1E79E8-4451-428C-89F0-77CCAD6A1D1D}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe | 
"{18D73F3B-962B-4B8B-8BBF-0D466DFD2948}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe | 
"{238903E6-7444-4655-85C8-8CD5F283E382}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{248D6400-71A4-4441-A385-4E23E9C6C5A6}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{267E2DA6-95A9-4028-9494-783E9FE1C0DD}" = dir=in | app=c:\program files\acer arcade deluxe\dvdivine\dvdivine.exe | 
"{4A01BB93-D766-4B1A-926A-D3D648A6F683}" = protocol=17 | dir=in | app=c:\users\jennifer\appdata\roaming\dropbox\bin\dropbox.exe | 
"{52DA59DA-9EE6-47CA-8117-DDA5C93F3218}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{605B024C-2994-43FF-89BA-D2E0AB3626ED}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe | 
"{69EC19AF-DA7F-4291-87A0-069C35163F2F}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{6BBC0B77-3402-4DB7-8DE3-1A1005952638}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\pmvservice.exe | 
"{6F4DE7DC-177D-4F6B-811B-715F6A5689DB}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orbstreamerclient.exe | 
"{7CF9701D-96BA-4477-9BC2-389F556D0239}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{801D3CFF-CF0E-4CF8-91B6-C76BCDD59657}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{83410490-AFA3-42C5-B38B-F4D0D20C81CD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{84A78388-7387-45DA-B4BD-0EB8811C92CD}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{86AB7A59-9F9C-4DA8-89AF-8223084D95A9}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{8F254A9F-91E6-4117-B0DC-941C52F666F3}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{94911075-A7F5-44E1-9584-9CBDE1495CD3}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{98DF96F5-9139-4FBE-AECF-5C48B390C819}" = protocol=6 | dir=in | app=c:\program files\winamp remote\bin\orb.exe | 
"{AB45B683-A136-4FF2-B83E-51E6D678A20A}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orb.exe | 
"{ABD333AC-86BE-4ED9-B1F6-886CED34F64E}" = dir=in | app=c:\program files\acer arcade deluxe\dv wizard\dv wizard.exe | 
"{B26172B7-E001-44E2-8885-2AE07B7D57EE}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{B31AA003-B8CE-496C-9C41-5FAB54C90F14}" = protocol=17 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{B4BC6E99-465B-4340-AEBA-D62152F064BE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{C4128D3F-BEE7-44A8-BBF5-0719DF474FB9}" = protocol=6 | dir=in | app=c:\users\jennifer\appdata\roaming\dropbox\bin\dropbox.exe | 
"{C8EE00CE-7B28-452D-84AC-6CD0ACBF9D18}" = dir=in | app=c:\program files\acer arcade deluxe\videomagician\videomagician.exe | 
"{C99AB95E-D341-4DAD-AD45-6E243BBA83AA}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbir.exe | 
"{CE6E8439-4A1F-4557-87D6-3B3F2D409A83}" = dir=in | app=c:\program files\acer arcade deluxe\play movie\playmovie.exe | 
"{CFBEBB1B-2157-4687-9A2A-30F4203572F8}" = protocol=17 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{CFD62AA6-468D-4A39-A7C3-2AE0288C6E37}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D033DA20-65D1-4A19-80D9-462792854C0E}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe | 
"{D0E6612E-1AFC-478D-A77B-6AD7F5609FC5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D33908BE-59CC-4221-9C49-EA6A5D1A6ABC}" = protocol=6 | dir=in | app=c:\program files\icq7.1\icq.exe | 
"{D8633836-199B-45F1-A07B-C19B81BB10A5}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{E146B02B-E00B-4FDD-8446-838EAF7B29B6}" = protocol=6 | dir=in | app=c:\program files\icq7.1\aolload.exe | 
"{E76769EA-B5CA-46C2-9489-B22AD962E403}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"{E941F152-9EDC-4AF5-9B51-2C973BC93C70}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EE10BAFE-7677-4FE1-91B0-D7E12CB1AFDD}" = protocol=17 | dir=in | app=c:\program files\winamp remote\bin\orbtray.exe | 
"{EF6DB405-C6E4-4BCC-9BBC-986FFE4DA449}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"TCP Query User{00B927C6-BF1C-4E9B-BDB3-B12C40828F04}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{0AE1472C-4A7C-46F0-8802-39B2DC4F9E85}F:\apache2\bin\httpd.exe" = protocol=6 | dir=in | app=f:\apache2\bin\httpd.exe | 
"TCP Query User{0D5AB236-6DCD-4F33-B6F5-07361385F7A7}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"TCP Query User{8F7D7D0F-DA2C-4068-B0A3-FBFE8A27F637}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"UDP Query User{50085F9E-3935-491A-8BD4-FC56A0A10B15}F:\apache2\bin\httpd.exe" = protocol=17 | dir=in | app=f:\apache2\bin\httpd.exe | 
"UDP Query User{674E96ED-9621-4A58-8B4F-C1C270B2F85D}C:\program files\veoh networks\veohwebplayer\veohwebplayer.exe" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 
"UDP Query User{8E6C8BEB-B8AA-444A-9235-4FD3DFC93CA4}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
"UDP Query User{B507AF29-E1E9-4F3C-9171-8C62CA5D90E3}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{1B0098FF-1816-4F42-8203-FA29F5735596}" = Samsung PC Studio 3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FC4125B-4657-4D1C-B358-E921F4883ED7}" = Skylook
"{20AB57C7-FED7-4394-8166-A409DEA20253}" = TubeBox!
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 22
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{455547CE-0DB3-4C5D-879D-255059FE9650}_is1" = BrainYoo 1.46d
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BB1DCED-84D3-47F9-B718-5947E904593E}" = Acer Crystal Eye webcam
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{55A29068-F2CE-456C-9148-C869879E2357}" = TuneUp Utilities 2009
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7A27764B-5434-4DAA-BD43-3ACF4FFCD7FE}" = SweetIM Toolbar for Internet Explorer 3.8
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{7ECD962A-03CE-4122-B5D5-CAE6346F76E4}" = HOT ALBUM MYBOX
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{871DF2BE-41D2-4334-AC33-839AF16FC8FE}" = Cisco Systems VPN Client 5.0.02.0090
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C2690CF-5B74-4F93-8139-7B5644CD6A3B}" = MobileMe Control Panel
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.6
"{AE605F97-6C55-407D-8078-5436914B88FB}" = Richi MP3 Ringback Tones 1.0
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer 3.72
"{B90450DF-E781-46FD-B1F1-0C86DA40E443}" = PIF DESIGNER
"{BC69DDB8-4840-4D9B-BB31-0D4DB2BA1312}" = EPSON Easy Photo Print
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1
"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DD1DED37-2486-4F56-8F89-56AA814003F5}" = Acer Crystal Eye Webcam
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E86BC406-944E-41F6-ADE6-2C136734C96B}" = EPSON File Manager
"{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}" = Samsung PC Studio 3 USB Driver Installer
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Deluxe
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F727DCA7-4B7B-4CF5-8348-881BF3B0D046}" = SweetIM for Messenger 3.1
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"8089B79E-5E25-4872-8AC9-058E5F5599EC_is1" = iTunes Sync 1.5.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AviSynth" = AviSynth 2.5
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Printer and Utilities" = EPSON Printer Software
"ESC79_D78 Benutzerhandbuch" = ESC79_D78 Benutzerhandbuch
"facemoods" = facemoods
"Foxit Reader" = Foxit Reader
"GridVista" = Acer GridVista
"ICQToolbar" = ICQ Toolbar
"InstallShield_{7ECD962A-03CE-4122-B5D5-CAE6346F76E4}" = HOT ALBUM MYBOX
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"NVIDIA Drivers" = NVIDIA Drivers
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"Orb" = Winamp Remote
"Picasa 3" = Picasa 3
"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software
"RealPlayer 6.0" = RealPlayer
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"Universal Document Converter_is1" = Universal Document Converter (Demo)
"Veoh Web Player Beta" = Veoh Web Player
"VobSub" = VobSub v2.23 (Remove Only)
"Winamp" = Winamp
"Word8.0" = Microsoft Word 97
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 16.04.2011 14:54:40 | Computer Name = Jennifer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 16.04.2011 14:54:40 | Computer Name = Jennifer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 9797
 
Error - 16.04.2011 14:54:40 | Computer Name = Jennifer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 9797
 
Error - 18.04.2011 11:19:16 | Computer Name = Jennifer-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung mobsync.exe, Version 6.0.6001.18000, Zeitstempel
 0x47918e41, fehlerhaftes Modul dll.dll, Version 0.0.0.0, Zeitstempel 0x4d776bbf,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00002c46,  Prozess-ID 0xd0c, Anwendungsstartzeit
 01cbfddbf1747a1f.
 
Error - 18.04.2011 11:19:19 | Computer Name = Jennifer-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung GUARDGUI.EXE, Version 9.0.3.0, Zeitstempel 0x49e5b363,
 fehlerhaftes Modul dll.dll, Version 0.0.0.0, Zeitstempel 0x4d776bbf, Ausnahmecode
 0xc0000005, Fehleroffset 0x00002c46,  Prozess-ID 0xfb4, Anwendungsstartzeit 01cbfddbf761911f.
 
Error - 18.04.2011 11:20:07 | Computer Name = Jennifer-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung spoolsv.exe, Version 6.0.6002.18294, Zeitstempel
 0x4c6a9898, fehlerhaftes Modul dll.dll, Version 0.0.0.0, Zeitstempel 0x4d776bbf,
 Ausnahmecode 0xc0000005, Fehleroffset 0x00002c46,  Prozess-ID 0x690, Anwendungsstartzeit
 01cbfddbf6baf0df.
 
Error - 18.04.2011 11:26:28 | Computer Name = Jennifer-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung PFmPbJoHGuT.exe, Version 3.0.1.1, Zeitstempel
 0x21475346, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0xe1859e06,  Prozess-ID 0x8f4, Anwendungsstartzeit
 01cbfddc5e17ddd7.
 
Error - 18.04.2011 15:33:47 | Computer Name = Jennifer-PC | Source = System Restore | ID = 8209
Description = 
 
Error - 18.04.2011 15:39:21 | Computer Name = Jennifer-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel
 0x49e01da5, fehlerhaftes Modul BROWSEUI.dll, Version 6.0.6002.18005, Zeitstempel
 0x49e0372c, Ausnahmecode 0xc0000005, Fehleroffset 0x00026a9d,  Prozess-ID 0x7f8, 
Anwendungsstartzeit 01cbfdff652da0ad.
 
Error - 18.04.2011 16:00:19 | Computer Name = Jennifer-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung PFmPbJoHGuT.exe, Version 3.0.1.1, Zeitstempel
 0x21475346, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0xe1859e06,  Prozess-ID 0xae4, Anwendungsstartzeit
 01cbfe02d8942b87.
 
[ OSession Events ]
Error - 18.05.2009 14:51:42 | Computer Name = Jennifer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 859
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 21.08.2010 16:11:37 | Computer Name = Jennifer-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 32384
 seconds with 1680 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 18.04.2011 11:23:10 | Computer Name = Jennifer-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 18.04.2011 11:23:10 | Computer Name = Jennifer-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 18.04.2011 11:29:23 | Computer Name = Jennifer-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 18.04.2011 15:33:09 | Computer Name = Jennifer-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 18.04.2011 15:53:01 | Computer Name = Jennifer-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{C66F2917-D5D8-4200-AC42-A165F822EB73} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 18.04.2011 15:53:00 | Computer Name = Jennifer-PC | Source = netbt | ID = 4321
Description = Der Name "JENNIFER-PC    :0" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.1.34  registriert werden. Der Computer mit IP-Adresse 192.168.1.36
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 18.04.2011 15:53:01 | Computer Name = Jennifer-PC | Source = netbt | ID = 4321
Description = Der Name "JENNIFER-PC    :20" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.1.34  registriert werden. Der Computer mit IP-Adresse 192.168.1.36
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 18.04.2011 15:57:28 | Computer Name = Jennifer-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{C66F2917-D5D8-4200-AC42-A165F822EB73} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 18.04.2011 15:57:28 | Computer Name = Jennifer-PC | Source = netbt | ID = 4321
Description = Der Name "JENNIFER-PC    :20" konnte nicht auf der Schnittstelle mit
 IP-Adresse 192.168.1.34  registriert werden. Der Computer mit IP-Adresse 192.168.1.36
 hat nicht  zugelassen, dass dieser Computer diesen Namen verwendet.
 
Error - 18.04.2011 15:57:39 | Computer Name = Jennifer-PC | Source = Service Control Manager | ID = 7000
Description = 
 
[ TuneUp Events ]
Error - 18.04.2011 16:12:07 | Computer Name = Jennifer-PC | Source = TuneUp Program Statistics | ID = 131840
Description = SQL Error: near "anti": syntax error; when executing SQL: INSERT INTO
 ActiveApps (Started, Exe, ProcID, Resumed) VALUES ('2011-04-18 22:12:07', '\device\harddiskvolume2\program
 files\malwarebytes' anti-malware\mbam.exe','2300',0)
 
 
< End of report >
         
--- --- ---

Alt 18.04.2011, 23:02   #5
Jennifer86
 
TR/Kazy.mekml.1 - Standard

TR/Kazy.mekml.1



Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 6392

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.17193

18.04.2011 23:55:57
mbam-log-2011-04-18 (23-55-36).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 294559
Laufzeit: 1 Stunde(n), 40 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 2
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 3
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 8

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
c:\Users\Jennifer\AppData\Local\xtnhrfgr.dll (Trojan.Hiloti) -> No action taken.
c:\Users\Jennifer\AppData\Local\azovikikikodu.dll (Trojan.Agent.U) -> No action taken.

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\NordBull (Malware.Trace) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\PopRock (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Umire (Trojan.Hiloti) -> Value: Umire -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PFmPbJoHGuT (Trojan.Agent) -> Value: PFmPbJoHGuT -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Nnatuzu (Trojan.Agent.U) -> Value: Nnatuzu -> No action taken.

Infizierte Dateiobjekte der Registrierung:
HKEY_CLASSES_ROOT\scrfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: () Good: ("%1" /S) -> No action taken.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\Jennifer\AppData\Local\xtnhrfgr.dll (Trojan.Hiloti) -> No action taken.
c:\programdata\pfmpbjohgut.exe (Trojan.Agent) -> No action taken.
c:\Users\Jennifer\AppData\Local\Temp\adobe_flash_player.exe (Trojan.Agent) -> No action taken.
c:\Users\Jennifer\AppData\Local\Temp\err.log4040020 (Trojan.FakeAlert) -> No action taken.
c:\Users\Jennifer\AppData\Local\Temp\tmp2DA5.tmp (Trojan.Agent) -> No action taken.
c:\Users\Jennifer\AppData\Local\Temp\tmpF4CA.tmp (Trojan.Agent) -> No action taken.
c:\Users\Jennifer\AppData\Local\Temp\xrsncwamoe.exe (Trojan.Hiloti) -> No action taken.
c:\Users\Jennifer\AppData\Local\azovikikikodu.dll (Trojan.Agent.U) -> No action taken.


Antwort

Themen zu TR/Kazy.mekml.1
andere, bezüglich, dankbar, durchgeführt, einfach, erklärt, fotos, gen, poste, private, problem, scans, tr/kazy.mekml.1, wirklich, öfter



Ähnliche Themen: TR/Kazy.mekml.1


  1. TR/Kazy.mekml.1 ; 'TR/FakeSysdef.A.621 ; 'TR/Kazy.22847'..
    Log-Analyse und Auswertung - 15.05.2011 (33)
  2. TR/Kazy.mekml.1 - was tun?
    Plagegeister aller Art und deren Bekämpfung - 12.05.2011 (5)
  3. TR/Kazy.mekml.1
    Log-Analyse und Auswertung - 06.05.2011 (1)
  4. Tr/kazy.mekml.1
    Log-Analyse und Auswertung - 03.05.2011 (13)
  5. TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 02.05.2011 (2)
  6. TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 01.05.2011 (37)
  7. TR/Kazy.mekml.1 - OTL Fix?
    Log-Analyse und Auswertung - 01.05.2011 (17)
  8. TR/Kazy.mekml.1 ... SOS
    Plagegeister aller Art und deren Bekämpfung - 30.04.2011 (34)
  9. TR/kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 29.04.2011 (10)
  10. TR/kazy.mekml.1
    Mülltonne - 26.04.2011 (0)
  11. TR/Kazy.mekml.1
    Log-Analyse und Auswertung - 26.04.2011 (1)
  12. Osterei: TR/Kazy.mekml.1 und TR/Kazy.20364
    Log-Analyse und Auswertung - 25.04.2011 (1)
  13. tr/kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 23.04.2011 (9)
  14. kazy.mekml.1
    Log-Analyse und Auswertung - 23.04.2011 (3)
  15. TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 22.04.2011 (6)
  16. TR/Kazy.mekml.1
    Plagegeister aller Art und deren Bekämpfung - 22.04.2011 (11)
  17. TR/kazy.mekml.1
    Log-Analyse und Auswertung - 20.04.2011 (16)

Zum Thema TR/Kazy.mekml.1 - Hallo, leider habe ich das gleiche Problem wie einige andere User des Forums. Habe nun auch die Scans durchgeführt und poste sie im Anschluss. Ich wäre um jede Hilfe dankbar, - TR/Kazy.mekml.1...
Archiv
Du betrachtest: TR/Kazy.mekml.1 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.