Virus blockt teils Internet verbindung

badaboom · 16.01.2012, 09:17

Hallo,

Ich habe ein problem , und zwar scheint sich auf meinem PC ein Virus zu befinden der teils den Kontakt zwischen einigen Programmen und dem Internet blockiert

so kann mein Avira sich keine Updates mehr runterladen (Fehler beim verbinden mit dem Proxyserver).

Immer wenn ich Firefox starte, kommt folgende Fehlermeldung:

Fehler: Proxy-Server verweigert die Verbindung

Firefox wurde konfiguriert, einen Proxy-Server zu nutzen, der die Verbindung zurückweist.

* Überprüfen Sie bitte, ob die Proxy-Einstellungen korrekt sind

* Kontaktieren Sie bitte Ihren Netzwerk-Administrator, um sicherzustellen, dass der Proxy-Server funktioniert

Stellt sich bei jedem Neustart automatisch wieder ein

OTL hab ich laufen lasen, hier die Logs

Code:

ATTFilter

OTL logfile created on: 16.01.2012 09:01:20 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Jana\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,41 Gb Available Physical Memory | 47,15% Memory free
6,21 Gb Paging File | 4,77 Gb Available in Paging File | 76,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 372,60 Gb Total Space | 265,66 Gb Free Space | 71,30% Space Free | Partition Type: NTFS
Drive D: | 1,85 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: JANA-PC | User Name: Jana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Jana\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Gladinet\Gladinet Cloud Desktop\GladFileMonSvc.exe (Gladinet, INC)
PRC - C:\Program Files\Gladinet\Gladinet Cloud Desktop\WOSVSSSvr.exe ()
PRC - C:\Program Files\Verbindungsassistent\wtgservice.exe ()
PRC - C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\C&E\OSD\osd.exe (C&E)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Genesys PC Camera Device\GenePccMon.exe ()
PRC - C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\902ba03598b46f478f3d7561ece592e6\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\311bc26c3ed83409589eb6bae0eeb86e\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\8adb45c62e4c797bd4c706afe9e8bfb9\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8645de531003807d00822e03986a075d\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\8f3b3ab45e3e5fa61aa6cbfe2a8b61af\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\cbfa4bf002c1abaf94ba8634139727eb\System.Security.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\9e53d9921c4bb153f1ffbe1ae0e1b615\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Windows\System32\msjetoledb40.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files\Genesys PC Camera Device\GenePccMon.exe ()
MOD - C:\Programme\Motorola\SMSERIAL\sm56ita.dll ()
MOD - C:\Programme\Motorola\SMSERIAL\sm56esp.dll ()
MOD - C:\Programme\Motorola\SMSERIAL\sm56brz.dll ()
MOD - C:\Programme\Motorola\SMSERIAL\sm56kor.dll ()
MOD - C:\Programme\Motorola\SMSERIAL\sm56ger.dll ()
MOD - C:\Programme\Motorola\SMSERIAL\sm56fra.dll ()
MOD - C:\Programme\Motorola\SMSERIAL\sm56dnk.dll ()
MOD - C:\Programme\Motorola\SMSERIAL\sm56jpn.dll ()
MOD - C:\Programme\Motorola\SMSERIAL\sm56cht.dll ()
MOD - C:\Programme\Motorola\SMSERIAL\sm56chs.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (GladFileMonSvc) -- C:\Program Files\Gladinet\Gladinet Cloud Desktop\GladFileMonSvc.exe (Gladinet, INC)
SRV - (WTGService) -- C:\Program Files\Verbindungsassistent\wtgservice.exe ()
SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
SRV - (OsdService) -- C:\Programme\C&E\OSD\OsdService\OsdService.exe ()
SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (ZTEusbnet) -- C:\Windows\System32\drivers\ZTEusbnet.sys (ZTE Corporation)
DRV - (ZTEusbvoice) -- C:\Windows\System32\drivers\zteusbvoice.sys (ZTE Incorporated)
DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (CEBFilter) -- C:\Programme\C&E\OSD\OsdService\cebuffer.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (CEIO) -- C:\Programme\C&E\OSD\OsdService\ceio.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (cKBFilter) -- C:\Programme\C&E\OSD\OsdService\kbfiltr.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (camfilt2) -- C:\Windows\System32\drivers\camfilt2.sys (Guillemot Corporation)
DRV - (SNPSTD3) -- C:\Windows\System32\drivers\snpstd3.sys (Sonix Co. Ltd.)
DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Si3531) -- C:\Windows\system32\DRIVERS\Si3531.sys (Silicon Image, Inc)
DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (SiRemFil) -- C:\Windows\system32\DRIVERS\SiRemFil.sys (Silicon Image, Inc.)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (SiFilter) -- C:\Windows\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2882031318-3679011231-4054081171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKU\S-1-5-21-2882031318-3679011231-4054081171-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2882031318-3679011231-4054081171-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-2882031318-3679011231-4054081171-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-2882031318-3679011231-4054081171-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-2882031318-3679011231-4054081171-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1
IE - HKU\S-1-5-21-2882031318-3679011231-4054081171-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:60525
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.459
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 60525
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 4
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.13 23:01:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.13 23:01:42 | 000,000,000 | ---D | M]
 
[2009.08.29 16:40:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jana\AppData\Roaming\mozilla\Extensions
[2012.01.15 19:51:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jana\AppData\Roaming\mozilla\Firefox\Profiles\1ssh4blq.default\extensions
[2009.09.06 16:01:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jana\AppData\Roaming\mozilla\Firefox\Profiles\1ssh4blq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.01.03 12:11:12 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Jana\AppData\Roaming\mozilla\Firefox\Profiles\1ssh4blq.default\extensions\personas@christopher.beard
[2012.01.10 15:40:28 | 000,000,955 | ---- | M] () -- C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\1ssh4blq.default\searchplugins\icqplugin.xml
[2012.01.15 22:48:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010.11.30 23:28:07 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\mozilla firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009.09.06 17:19:35 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.12.01 08:58:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.07.25 14:13:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2009.08.30 23:27:29 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\mozilla firefox\extensions\linkfilter@kaspersky.ru
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.08.16 21:09:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.08.16 21:09:54 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.08.16 21:09:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.08.16 21:09:55 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.08.16 21:09:55 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.01.08 19:52:55 | 000,439,947 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 15129 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Eraser] "C:\PROGRA~2\Eraser\Eraser.exe" --atRestart File not found
O4 - HKLM..\Run: [GenePccMon.exe] C:\Program Files\Genesys PC Camera Device\GenePccMon.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OSD] C:\Programme\C&E\OSD\osd.exe (C&E)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2882031318-3679011231-4054081171-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMB Medien-Prüfung.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06F9EAF8-0D78-4724-A948-2080EDC3BFB8}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A376A356-EDD6-47CC-92B6-E3729A19D424}: DhcpNameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7F0CC34-9A49-42B4-94BD-61C67BE406F4}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jana\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jana\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2a4c9589-53a2-11e0-822d-00a0c6000000}\Shell - "" = AutoRun
O33 - MountPoints2\{2a4c9589-53a2-11e0-822d-00a0c6000000}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{452ed3ff-f62e-11e0-8be6-001060d0787c}\Shell - "" = AutoRun
O33 - MountPoints2\{452ed3ff-f62e-11e0-8be6-001060d0787c}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\{4c475e0c-f985-11df-99a1-001060d0787c}\Shell - "" = AutoRun
O33 - MountPoints2\{4c475e0c-f985-11df-99a1-001060d0787c}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4c475e0e-f985-11df-99a1-001060d0787c}\Shell - "" = AutoRun
O33 - MountPoints2\{4c475e0e-f985-11df-99a1-001060d0787c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{647fdc93-fc12-11df-bfe3-001060d0787c}\Shell - "" = AutoRun
O33 - MountPoints2\{647fdc93-fc12-11df-bfe3-001060d0787c}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{a7e9c2c1-fd5e-11df-bdfd-001060d0787c}\Shell - "" = AutoRun
O33 - MountPoints2\{a7e9c2c1-fd5e-11df-bdfd-001060d0787c}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{a7e9c2d4-fd5e-11df-bdfd-001060d0787c}\Shell - "" = AutoRun
O33 - MountPoints2\{a7e9c2d4-fd5e-11df-bdfd-001060d0787c}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{fdd028a3-f8c4-11df-b0ed-001060d0787c}\Shell - "" = AutoRun
O33 - MountPoints2\{fdd028a3-f8c4-11df-b0ed-001060d0787c}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{fdd028b6-f8c4-11df-b0ed-001060d0787c}\Shell - "" = AutoRun
O33 - MountPoints2\{fdd028b6-f8c4-11df-b0ed-001060d0787c}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.15 21:09:14 | 000,000,000 | ---D | C] -- C:\Users\Jana\AppData\Roaming\Malwarebytes
[2012.01.15 21:09:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.15 21:09:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.01.15 21:09:04 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.01.15 21:09:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.01.11 15:53:07 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
[2012.01.11 15:53:05 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012.01.11 15:53:04 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012.01.11 15:52:44 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012.01.11 15:52:44 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012.01.08 20:14:45 | 000,000,000 | ---D | C] -- C:\Users\Jana\AppData\Roaming\Avira
[2012.01.08 20:13:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.01.08 20:13:01 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.01.08 20:13:00 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.01.08 20:13:00 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.01.08 20:13:00 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.01.08 20:12:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.01.08 20:12:49 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.01.08 19:44:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.01.08 19:44:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.01.08 19:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012.01.08 12:18:20 | 000,000,000 | ---D | C] -- C:\Program Files\LP
[2012.01.08 11:50:45 | 000,000,000 | ---D | C] -- C:\Users\Jana\AppData\Roaming\A846C
[2012.01.08 11:50:11 | 000,000,000 | ---D | C] -- C:\Users\Jana\AppData\Roaming\142A8
[2012.01.08 10:36:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012.01.08 10:36:46 | 000,000,000 | ---D | C] -- C:\Users\Jana\AppData\Roaming\DVDVideoSoft
[2012.01.08 10:36:43 | 000,000,000 | ---D | C] -- C:\Users\Jana\Documents\DVDVideoSoft
[2012.01.08 10:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2012.01.08 10:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2012.01.07 19:13:27 | 000,000,000 | ---D | C] -- C:\Users\Jana\Desktop\spike mov
[2011.12.25 18:44:51 | 000,000,000 | ---D | C] -- C:\Users\Jana\Desktop\buecherkiste
[2009.12.23 18:07:46 | 000,057,344 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2009.12.23 18:07:45 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.16 08:19:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.15 22:53:33 | 000,027,240 | ---- | M] () -- C:\Users\Jana\AppData\Roaming\nvModes.001
[2012.01.15 22:52:11 | 000,004,672 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.15 22:52:11 | 000,004,672 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.15 22:51:57 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.15 22:40:28 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.01.15 21:09:07 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.15 19:46:40 | 000,027,240 | ---- | M] () -- C:\Users\Jana\AppData\Roaming\nvModes.dat
[2012.01.15 11:05:06 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{95C7E885-0D28-49D3-B93D-770A31A8E2C5}.job
[2012.01.12 03:03:48 | 000,000,118 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2012.01.10 16:01:54 | 003,700,432 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.10 16:01:54 | 001,546,160 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.10 16:01:54 | 001,133,558 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.10 16:01:54 | 001,022,216 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.09 18:40:31 | 003,772,238 | ---- | M] () -- C:\Users\Jana\Desktop\AdeleRollingInTheDeepOfficialLyricsOnScreenHqhd_2558.mp3
[2012.01.09 03:11:22 | 000,094,208 | ---- | M] () -- C:\Users\Jana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.08 23:54:07 | 278,977,672 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.01.08 20:13:23 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.01.08 19:52:55 | 000,439,947 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.01.08 12:19:05 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011.12.26 18:30:52 | 000,021,929 | ---- | M] () -- C:\Users\Jana\.recently-used.xbel
 
========== Files Created - No Company Name ==========
 
[2012.01.15 21:09:07 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.12 03:03:48 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2012.01.09 18:40:02 | 003,772,238 | ---- | C] () -- C:\Users\Jana\Desktop\AdeleRollingInTheDeepOfficialLyricsOnScreenHqhd_2558.mp3
[2012.01.08 20:13:23 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.01.08 12:18:21 | 000,000,386 | ---- | C] () -- C:\Windows\tasks\At1.job
[2011.12.26 18:30:52 | 000,021,929 | ---- | C] () -- C:\Users\Jana\.recently-used.xbel
[2011.08.07 01:13:33 | 000,017,985 | ---- | C] () -- C:\Windows\War3Unin.dat
[2010.02.07 18:34:24 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.02.07 18:34:24 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.02.07 18:33:30 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.02.07 18:33:08 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.12.23 18:07:53 | 003,600,384 | ---- | C] () -- C:\Windows\ffmpeg.exe
[2009.12.23 18:07:45 | 000,015,478 | ---- | C] () -- C:\Windows\snpstd3.ini
[2009.10.15 19:17:10 | 000,130,520 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2009.09.06 16:52:52 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.08.30 23:32:30 | 000,094,208 | ---- | C] () -- C:\Users\Jana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.29 15:22:44 | 000,027,240 | ---- | C] () -- C:\Users\Jana\AppData\Roaming\nvModes.001
[2009.08.29 14:34:34 | 000,027,240 | ---- | C] () -- C:\Users\Jana\AppData\Roaming\nvModes.dat
[2009.08.25 08:09:00 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2009.08.23 00:21:25 | 003,700,432 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.08.23 00:21:25 | 001,133,558 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.08.23 00:21:25 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.08.23 00:21:25 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.08.22 15:19:27 | 000,000,680 | ---- | C] () -- C:\Users\Jana\AppData\Local\d3d9caps.dat
[2009.08.22 14:28:29 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.11.06 17:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2006.12.05 12:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.11.02 13:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:43 | 000,258,328 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 11:33:01 | 001,546,160 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 001,022,216 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.07.22 20:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
 
========== LOP Check ==========
 
[2012.01.12 04:41:22 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\142A8
[2012.01.15 22:41:13 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\A846C
[2012.01.08 10:36:59 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\DVDVideoSoft
[2011.12.18 23:30:36 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\gtk-2.0
[2009.09.06 17:26:51 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\ICQ
[2010.12.01 09:10:42 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\OpenOffice.org
[2010.11.26 21:38:37 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\TrueCrypt
[2011.03.04 07:40:03 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\Verbindungsassistent
[2011.03.21 16:14:01 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\Vodafone
[2012.01.08 12:19:05 | 000,000,386 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2012.01.15 22:40:30 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.01.15 11:05:06 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{95C7E885-0D28-49D3-B93D-770A31A8E2C5}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.01.12 04:41:22 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\142A8
[2012.01.15 22:41:13 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\A846C
[2011.02.20 22:08:05 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\Adobe
[2011.09.13 23:05:12 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\Apple Computer
[2012.01.08 20:14:45 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\Avira
[2010.06.05 17:58:36 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\DivX
[2011.02.19 15:58:30 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\dvdcss
[2012.01.08 10:36:59 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\DVDVideoSoft
[2011.03.21 16:28:40 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\FLEXnet
[2011.12.18 23:30:36 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\gtk-2.0
[2009.09.06 17:26:51 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\ICQ
[2009.08.22 15:20:02 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\Identities
[2009.08.25 07:24:29 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\InstallShield
[2009.08.29 16:17:39 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\Macromedia
[2012.01.15 21:09:14 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\Malwarebytes
[2012.01.08 20:11:41 | 000,000,000 | --SD | M] -- C:\Users\Jana\AppData\Roaming\Microsoft
[2011.05.19 19:24:23 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\Mozilla
[2010.12.01 09:10:42 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\OpenOffice.org
[2012.01.13 04:21:14 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\Skype
[2010.08.10 20:02:08 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\skypePM
[2011.01.19 14:18:24 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\Sony Corporation
[2010.11.26 21:38:37 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\TrueCrypt
[2011.03.04 07:40:03 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\Verbindungsassistent
[2009.08.30 23:59:29 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\vlc
[2011.03.21 16:14:01 | 000,000,000 | ---D | M] -- C:\Users\Jana\AppData\Roaming\Vodafone
 
< %APPDATA%\*.exe /s >
[2012.01.12 04:37:27 | 000,175,104 | ---- | M] () -- C:\Users\Jana\AppData\Roaming\142A8\D0787.exe
[2011.09.02 09:59:37 | 003,088,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\Jana\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdatepl\fpupdatepl.exe
[2009.01.14 11:09:12 | 000,120,264 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\Jana\AppData\Roaming\Verbindungsassistent\BackUp\Del_CD_ROM.exe
[2009.03.03 12:44:48 | 000,030,160 | ---- | M] () -- C:\Users\Jana\AppData\Roaming\Verbindungsassistent\BackUp\InstallWTGService.exe
[2009.03.03 12:44:55 | 000,251,344 | ---- | M] () -- C:\Users\Jana\AppData\Roaming\Verbindungsassistent\BackUp\OSU.exe
[2009.03.03 12:45:08 | 000,693,712 | ---- | M] () -- C:\Users\Jana\AppData\Roaming\Verbindungsassistent\BackUp\Setup.exe
[2009.03.03 12:45:05 | 001,091,024 | ---- | M] () -- C:\Users\Jana\AppData\Roaming\Verbindungsassistent\BackUp\Uninstaller.exe
[2009.03.03 12:44:52 | 007,009,744 | ---- | M] (WebToGo Mobile Internet GmbH) -- C:\Users\Jana\AppData\Roaming\Verbindungsassistent\BackUp\Verbindungsassistent.exe
[2009.03.04 08:34:41 | 000,468,432 | ---- | M] (WebToGo Mobiles Internet GmbH) -- C:\Users\Jana\AppData\Roaming\Verbindungsassistent\BackUp\Verbindungsassistent_SMSMMS.exe
[2009.03.03 12:45:11 | 000,296,400 | ---- | M] () -- C:\Users\Jana\AppData\Roaming\Verbindungsassistent\BackUp\WTGService.exe
[2009.03.03 12:45:15 | 000,243,152 | ---- | M] () -- C:\Users\Jana\AppData\Roaming\Verbindungsassistent\BackUp\WTGVistaUtil.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2004.08.04 00:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\Windows.old\Windows\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\Windows.old\Windows\Driver Cache\i386\sp3.cab:AGP440.sys
[2004.08.04 00:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\Windows.old\Windows\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\Windows.old\Windows\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\Windows.old\Windows\ServicePackFiles\i386\agp440.sys
[2008.04.13 23:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\Windows.old\Windows\system32\drivers\agp440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2004.08.03 22:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\Windows.old\Windows\$NtServicePackUninstall$\agp440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2003.04.02 15:00:00 | 010,180,476 | ---- | M] () .cab file -- C:\Windows.old\Windows\Driver Cache\i386\sp1.cab:atapi.sys
[2004.08.04 00:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\Windows.old\Windows\Driver Cache\i386\sp2.cab:atapi.sys
[2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\Windows.old\Windows\Driver Cache\i386\sp3.cab:atapi.sys
[2002.08.29 02:52:58 | 010,180,476 | ---- | M] () .cab file -- C:\Windows.old\Windows\ServicePackFiles\i386\sp1.cab:atapi.sys
[2004.08.04 00:10:00 | 018,782,319 | ---- | M] () .cab file -- C:\Windows.old\Windows\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008.04.14 07:03:54 | 020,108,202 | ---- | M] () .cab file -- C:\Windows.old\Windows\ServicePackFiles\i386\sp3.cab:atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007.08.22 09:46:11 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c2a1b5ae\atapi.sys
[2007.08.22 09:46:11 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20518_none_dbd8b4d73d81c9d0\atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Windows.old\Windows\ServicePackFiles\i386\atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Windows.old\Windows\system32\dllcache\atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Windows.old\Windows\system32\drivers\atapi.sys
[2008.04.13 23:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\Windows.old\Windows\system32\ReinstallBackups\0019\DriverFiles\i386\atapi.sys
[2004.08.03 21:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\Windows.old\Windows\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 06:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\Windows.old\Windows\ServicePackFiles\i386\eventlog.dll
[2008.04.14 06:52:12 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\Windows.old\Windows\system32\eventlog.dll
[2004.08.03 23:57:20 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\Windows.old\Windows\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2004.08.03 23:57:54 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=22FE1BE02EADDE1632E478E4125639E0 -- C:\Windows.old\Windows\$NtServicePackUninstall$\explorer.exe
[2009.08.31 03:12:53 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\Windows.old\Windows\explorer.exe
[2008.04.14 06:52:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\Windows.old\Windows\ServicePackFiles\i386\explorer.exe
[2009.08.31 03:12:52 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2009.08.31 03:12:52 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2009.08.31 03:12:53 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 06:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\Windows.old\Windows\ServicePackFiles\i386\netlogon.dll
[2008.04.14 06:52:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\Windows.old\Windows\system32\netlogon.dll
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
[2004.08.03 23:57:32 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\Windows.old\Windows\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2007.01.05 21:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\drivers\nvstor.sys
[2007.01.05 21:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_45f67928\nvstor.sys
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2008.04.14 06:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\Windows.old\Windows\ServicePackFiles\i386\scecli.dll
[2008.04.14 06:52:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\Windows.old\Windows\system32\scecli.dll
[2004.08.03 23:57:34 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\Windows.old\Windows\$NtServicePackUninstall$\scecli.dll
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2004.08.03 23:57:38 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=56785FD5236D7B22CF471A6DA9DB46D8 -- C:\Windows.old\Windows\$NtServicePackUninstall$\user32.dll
[2007.08.22 09:51:14 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2007.08.22 09:51:14 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.04.14 06:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\Windows.old\Windows\ServicePackFiles\i386\user32.dll
[2008.04.14 06:52:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\Windows.old\Windows\system32\user32.dll
[2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
[2008.04.14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\Windows.old\Windows\ServicePackFiles\i386\userinit.exe
[2008.04.14 06:53:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\Windows.old\Windows\system32\userinit.exe
[2004.08.03 23:58:18 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\Windows.old\Windows\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.03 23:58:20 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\Windows.old\Windows\$NtServicePackUninstall$\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2011.12.24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
[2008.04.14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\Windows.old\Windows\ServicePackFiles\i386\winlogon.exe
[2008.04.14 06:53:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\Windows.old\Windows\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2003.04.02 15:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\Windows.old\Windows\system32\dllcache\ws2ifsl.sys
[2003.04.02 15:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\Windows.old\Windows\system32\drivers\ws2ifsl.sys
[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\Jana\Desktop\aoe-narnia.avi:TOC.WMV

< End of report >

extras:

Code:

ATTFilter

OTL Extras logfile created on: 16.01.2012 09:01:20 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Jana\Downloads
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,41 Gb Available Physical Memory | 47,15% Memory free
6,21 Gb Paging File | 4,77 Gb Available in Paging File | 76,76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 372,60 Gb Total Space | 265,66 Gb Free Space | 71,30% Space Free | Partition Type: NTFS
Drive D: | 1,85 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: JANA-PC | User Name: Jana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2882031318-3679011231-4054081171-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{033E5971-C95F-4745-9F62-F9700C305618}" = protocol=6 | dir=in | app=c:\program files\gladinet\gladinet cloud desktop\wosvsssvrxp32.exe | 
"{0A5EDFA3-0DEF-4F6F-A35F-9471B0BFB1DD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1A2BE969-3983-4110-BD6D-E35C872E57D7}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{330CBBD3-DC1C-4CE8-9805-686D76B05071}" = protocol=17 | dir=in | app=c:\program files\gladinet\gladinet cloud desktop\wosvsssvr.exe | 
"{52BF47B1-513B-4FBC-806B-715C19E18F4F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{6875B1E5-7A14-4B7A-8CEA-4EB40C4F1A91}" = protocol=17 | dir=in | app=c:\program files\gladinet\gladinet cloud desktop\wosvsssvrxp32.exe | 
"{88F0C75D-3AD0-4FBF-8844-9EB996BEEDAE}" = protocol=6 | dir=in | app=c:\program files\gladinet\gladinet cloud desktop\wosvsssvr2003.exe | 
"{A29D5125-2FE3-4BEA-84C7-3D96730E9EE0}" = protocol=17 | dir=in | app=c:\program files\gladinet\gladinet cloud desktop\wosvsssvr2003.exe | 
"{AA33D1C7-4E24-4C0B-B45B-EF65511B84BA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D3D84649-94B2-4D95-AE11-0DC7AD17E361}" = protocol=6 | dir=in | app=c:\program files\gladinet\gladinet cloud desktop\wosvsssvr.exe | 
"{DF36310D-057A-4068-89F9-A0C19AA04AD0}" = protocol=17 | dir=in | app=c:\program files\gladinet\gladinet cloud desktop\gladinetclient.exe | 
"{E73E39EE-C0BF-4272-9ED2-D891AFF28734}" = protocol=6 | dir=in | app=c:\program files\gladinet\gladinet cloud desktop\gladinetclient.exe | 
"TCP Query User{5C816E2D-A23C-47CA-A8FA-F8B353A96898}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{63F98864-5177-4A77-851D-87C9FB7ACD73}C:\program files\hercules\classic silver\station2.exe" = protocol=6 | dir=in | app=c:\program files\hercules\classic silver\station2.exe | 
"TCP Query User{E3B429EF-7589-4A4F-95AE-F16684D4F87B}C:\program files\gladinet\gladinet cloud desktop\gladinetclient.exe" = protocol=6 | dir=in | app=c:\program files\gladinet\gladinet cloud desktop\gladinetclient.exe | 
"UDP Query User{857F4369-C288-4925-9DDF-360D58FD73F6}C:\program files\gladinet\gladinet cloud desktop\gladinetclient.exe" = protocol=17 | dir=in | app=c:\program files\gladinet\gladinet cloud desktop\gladinetclient.exe | 
"UDP Query User{BC6CE77A-A693-4D1B-B5D5-B7C035B340B5}C:\program files\hercules\classic silver\station2.exe" = protocol=17 | dir=in | app=c:\program files\hercules\classic silver\station2.exe | 
"UDP Query User{FCDF13C6-8F0B-499D-BD70-79E1C5928CEF}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1C1DF401-0A3E-49C8-85AD-EB3C9F82A275}" = 3531-W-I32-D SATARAID5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{392A74D0-4DFE-49F7-87C3-8A61708F8856}" = Eraser 6.0.8.2273
"{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}" = Genesys PC Camera Device
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96B51C0B-D3BE-4DF3-959C-28B22C10CFBB}" = Vodafone Mobile Connect Lite
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{EB863CFD-6889-47B0-9D79-492DE0D07EE7}" = OSDInstall
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA457433-3A99-4A25-8E20-EBA2D89FAC4A}" = Gladinet Cloud Desktop
"{FD4FE0F7-91FC-43A2-9C3A-187553991FFF}" = Hercules Classic Silver Webcam
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 5.0.4.1228
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"ICQToolbar" = ICQ Toolbar
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"NVIDIA Drivers" = NVIDIA Drivers
"SMSERIAL" = Motorola SM56 Data Fax Modem
"Sony MHS Camera Driver" = Sony MHS Camera Driver
"TrueCrypt" = TrueCrypt
"Verbindungsassistent" = Verbindungsassistent
"VLC media player" = VLC media player 0.9.8a
"Warcraft III" = Warcraft III
"WinGimp-2.0_is1" = GIMP 2.6.10
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 11.01.2012 23:41:56 | Computer Name = Jana-PC | Source = VSS | ID = 12289
Description = 
 
Error - 11.01.2012 23:42:13 | Computer Name = Jana-PC | Source = VSS | ID = 12289
Description = 
 
Error - 11.01.2012 23:42:13 | Computer Name = Jana-PC | Source = VSS | ID = 12289
Description = 
 
Error - 11.01.2012 23:42:25 | Computer Name = Jana-PC | Source = VSS | ID = 12289
Description = 
 
Error - 12.01.2012 23:19:12 | Computer Name = Jana-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 12.01.2012 23:26:10 | Computer Name = Jana-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 13.01.2012 10:19:49 | Computer Name = Jana-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 15.01.2012 17:40:24 | Computer Name = Jana-PC | Source = VMCService | ID = 0
Description = GetProcessOwner
 
Error - 15.01.2012 17:41:50 | Computer Name = Jana-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 15.01.2012 17:52:23 | Computer Name = Jana-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
[ System Events ]
Error - 15.01.2012 19:39:56 | Computer Name = Jana-PC | Source = NETw4v32 | ID = 5005
Description = \DEVICE\{06F9EAF8-0D78-4724-A948-2080EDC3BFB8} : Interner Fehler aufgetreten.
 
Error - 16.01.2012 03:26:18 | Computer Name = Jana-PC | Source = NETw4v32 | ID = 5002
Description = \DEVICE\{06F9EAF8-0D78-4724-A948-2080EDC3BFB8} : Fehlfunktion des 
Netzwerkadapters wurde ermittelt.
 
Error - 16.01.2012 03:26:18 | Computer Name = Jana-PC | Source = NETw4v32 | ID = 5002
Description = Intel(R) PRO/Wireless 3945ABG Network Connection : Fehlfunktion des
 Netzwerkadapters wurde ermittelt.
 
Error - 16.01.2012 03:26:18 | Computer Name = Jana-PC | Source = NETw4v32 | ID = 5002
Description = Intel(R) PRO/Wireless 3945ABG Network Connection : Fehlfunktion des
 Netzwerkadapters wurde ermittelt.
 
Error - 16.01.2012 03:26:18 | Computer Name = Jana-PC | Source = NETw4v32 | ID = 5002
Description = Intel(R) PRO/Wireless 3945ABG Network Connection : Fehlfunktion des
 Netzwerkadapters wurde ermittelt.
 
Error - 16.01.2012 03:26:18 | Computer Name = Jana-PC | Source = NETw4v32 | ID = 5002
Description = Intel(R) PRO/Wireless 3945ABG Network Connection : Fehlfunktion des
 Netzwerkadapters wurde ermittelt.
 
Error - 16.01.2012 03:26:18 | Computer Name = Jana-PC | Source = NETw4v32 | ID = 5002
Description = Intel(R) PRO/Wireless 3945ABG Network Connection : Fehlfunktion des
 Netzwerkadapters wurde ermittelt.
 
Error - 16.01.2012 03:26:18 | Computer Name = Jana-PC | Source = NETw4v32 | ID = 5002
Description = Intel(R) PRO/Wireless 3945ABG Network Connection : Fehlfunktion des
 Netzwerkadapters wurde ermittelt.
 
Error - 16.01.2012 03:26:18 | Computer Name = Jana-PC | Source = NETw4v32 | ID = 5002
Description = Intel(R) PRO/Wireless 3945ABG Network Connection : Fehlfunktion des
 Netzwerkadapters wurde ermittelt.
 
Error - 16.01.2012 03:26:19 | Computer Name = Jana-PC | Source = NETw4v32 | ID = 5005
Description = \DEVICE\{06F9EAF8-0D78-4724-A948-2080EDC3BFB8} : Interner Fehler aufgetreten.
 
 
< End of report >

Bitte um Hilfe

Psychotic · 16.01.2012, 11:47

Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen.

Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass Du Hilfe von einem ausgebildeten Helfer bekommst.

Ich bedanke mich für deine Geduld

Gruß,
PsYcHoTiC

Psychotic · 16.01.2012, 14:00

Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass du clean bist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scans durchführen zu denen du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
Poste die Logfiles direkt in deinen Thread. Nicht anhängen, außer, ich fordere dich dazu auf. Erschwert mir nämlich das Auswerten.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1: TeaTimer deaktivieren

Mit laufendem TeaTimer von Spybot Search&Destroy lässt sich keine Reinigung durchführen, da er alle gelöschten Einträge wiederherstellt. Der Teatimer muss also während der Reinigungsarbeiten abgestellt werden (lasse den Teatimer so lange ausgeschaltet, bis wir mit der Reinigung fertig sind): Starte Spybot S&D => stelle im Menü "Modus" den "Erweiterten Modus" ein => klicke dann links unten auf "Werkzeuge" => klicke auf "Resident" => das Häkchen entfernen bei Resident "TeaTimer" (Schutz aller Systemeinstellungen) => Spybot Search&Destroy schließen => Rechner neu starten. Bebilderte Anleitung.

Schritt 2: Fix mit OTL

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

:OTL
IE - HKU\S-1-5-21-2882031318-3679011231-4054081171-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-2882031318-3679011231-4054081171-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1
IE - HKU\S-1-5-21-2882031318-3679011231-4054081171-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:60525
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 60525
FF - prefs.js..network.proxy.type: 4
[2012.01.08 11:50:45 | 000,000,000 | ---D | C] -- C:\Users\Jana\AppData\Roaming\A846C
[2012.01.08 11:50:11 | 000,000,000 | ---D | C] -- C:\Users\Jana\AppData\Roaming\142A8
[2012.01.12 04:37:27 | 000,175,104 | ---- | M] () -- C:\Users\Jana\AppData\Roaming\142A8\D0787.exe
:files
C:\Windows\Tasks\AT*.job
:COMMANDS
[EMPTYTEMP]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 3: Defogger

Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.

Starte das Tool mit Doppelklick.
Vista und Win7 User mit Rechtsklick "als Administrator starten".
Klicke nun auf den Disable Button um die Treiber gewisser Emulatoren zu deaktivieren.
Wenn der Scan beendet wurde ( Finished ), klicke auf OK.
Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.

Sollte Defogger eine Fehlermeldung ausgeben, poste bitte die defogger_disable Log von deinem Desktop.
Klicke den Re-enable Button nicht ohne Anweisung.

Schritt 4: GMER

Bitte

alle anderen Scanner gegen Viren, Spyware, usw. deaktivieren,
keine bestehende Verbindung zu einem Netzwerk/Internet (WLAN nicht vergessen),
nichts am Rechner arbeiten,
nach jedem Scan der Rechner neu gestarten.

Gmer scannen lassen

Lade Dir Gmer von dieser Seite herunter (auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
Alle anderen Programme sollen geschlossen sein.
Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen). Vista und Win7 User mit Rechtsklick und als Administrator starten.
Sollte sich ein Fenster mit folgender Warnung öffnen:
WARNING !!! GMER has found system modification, which might have been caused by ROOTKIT activity. Do you want to fully scan your system ?
Unbedingt auf "No" klicken.
Entferne rechts den Haken bei:
- IAT/EAT
- Alle Festplatten ausser die Systemplatte (normalerweise ist nur C:\ angehackt)
- Show all (sollte abgehackt sein)
Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

badaboom · 17.01.2012, 00:28

Hallo Marius,

vielen vielen lieben Dank für deine Hilfe!

Hab jetzt soweit alles gemacht:

OTL:

Code:

ATTFilter

All processes killed
========== OTL ==========
HKU\S-1-5-21-2882031318-3679011231-4054081171-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-2882031318-3679011231-4054081171-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\S-1-5-21-2882031318-3679011231-4054081171-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "127.0.0.1" removed from network.proxy.http
Prefs.js: 60525 removed from network.proxy.http_port
Prefs.js: 4 removed from network.proxy.type
C:\Users\Jana\AppData\Roaming\A846C folder moved successfully.
C:\Users\Jana\AppData\Roaming\142A8 folder moved successfully.
File C:\Users\Jana\AppData\Roaming\142A8\D0787.exe not found.
========== FILES ==========
C:\Windows\Tasks\At1.job moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Jana
->Temp folder emptied: 674734344 bytes
->Temporary Internet Files folder emptied: 94808255 bytes
->Java cache emptied: 9557119 bytes
->FireFox cache emptied: 107919871 bytes
->Flash cache emptied: 3142995 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 22059125 bytes
RecycleBin emptied: 1179222999 bytes
 
Total Files Cleaned = 1.995,00 mb
 
 
OTL by OldTimer - Version 3.2.31.0 log created on 01162012_230650

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Defogger:

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 23:39 on 16/01/2012 (Jana)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

GMER:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-01-17 00:22:36
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MJA2400BH_G2 rev.00000018
Running: 56wbhnkv.exe; Driver: C:\Users\Jana\AppData\Local\Temp\kxldypow.sys


---- System - GMER 1.0.15 ----

SSDT            8B1B84DE                                                                                         ZwCreateSection
SSDT            8B1B84E8                                                                                         ZwRequestWaitReplyPort
SSDT            8B1B84E3                                                                                         ZwSetContextThread
SSDT            8B1B84ED                                                                                         ZwSetSecurityObject
SSDT            8B1B84F2                                                                                         ZwSystemDebugControl
SSDT            8B1B847F                                                                                         ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!KeSetEvent + 215                                                                    822B6998 4 Bytes  [DE, 84, 1B, 8B]
.text           ntkrnlpa.exe!KeSetEvent + 539                                                                    822B6CBC 4 Bytes  CALL 95B68845 
.text           ntkrnlpa.exe!KeSetEvent + 56D                                                                    822B6CF0 4 Bytes  [E3, 84, 1B, 8B]
.text           ntkrnlpa.exe!KeSetEvent + 5D1                                                                    822B6D54 4 Bytes  [ED, 84, 1B, 8B]
.text           ntkrnlpa.exe!KeSetEvent + 619                                                                    822B6D9C 4 Bytes  [F2, 84, 1B, 8B]
.text           ...                                                                                              
.text           C:\Windows\system32\DRIVERS\nvlddmkm.sys                                                         section is writeable [0x8E601340, 0x3448B7, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                           SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                          kbfiltr.sys

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060d0787c                      
Reg             HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001060d0787c (not active ControlSet)  

---- EOF - GMER 1.0.15 ----

LG

Psychotic · 17.01.2012, 07:58

Guten Morgen - Kein Ding!

Schritt 1: MBAM

Downloade Dir bitte Malwarebytes

Installiere das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Schritt 2: Neues OTL-Log

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)

Doppelklick auf die OTL.exe
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

Macht der Rechner noch Probleme?

badaboom · 17.01.2012, 08:53

MBAM:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.17.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19170
Jana :: JANA-PC [Administrator]

Schutz: Aktiviert

17.01.2012 08:35:56
mbam-log-2012-01-17 (08-35-56).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 163646
Laufzeit: 4 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

OTL:

Code:

ATTFilter

OTL logfile created on: 17.01.2012 08:41:56 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Jana\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,79 Gb Available Physical Memory | 59,64% Memory free
6,21 Gb Paging File | 4,92 Gb Available in Paging File | 79,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 372,60 Gb Total Space | 268,27 Gb Free Space | 72,00% Space Free | Partition Type: NTFS
Drive D: | 1,85 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: JANA-PC | User Name: Jana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Jana\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files\Gladinet\Gladinet Cloud Desktop\GladFileMonSvc.exe (Gladinet, INC)
PRC - C:\Program Files\Gladinet\Gladinet Cloud Desktop\WOSVSSSvr.exe ()
PRC - C:\Program Files\Verbindungsassistent\wtgservice.exe ()
PRC - C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
PRC - C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
PRC - C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\C&E\OSD\osd.exe (C&E)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\Genesys PC Camera Device\GenePccMon.exe ()
PRC - C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\902ba03598b46f478f3d7561ece592e6\Microsoft.VisualBasic.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\311bc26c3ed83409589eb6bae0eeb86e\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\8adb45c62e4c797bd4c706afe9e8bfb9\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6bc98e9b5eedaa8f71c5454d36a4b772\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8645de531003807d00822e03986a075d\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\8f3b3ab45e3e5fa61aa6cbfe2a8b61af\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Security\cbfa4bf002c1abaf94ba8634139727eb\System.Security.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\9e53d9921c4bb153f1ffbe1ae0e1b615\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Windows\System32\msjetoledb40.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files\Genesys PC Camera Device\GenePccMon.exe ()
MOD - C:\Programme\Motorola\SMSERIAL\sm56ita.dll ()
MOD - C:\Programme\Motorola\SMSERIAL\sm56esp.dll ()
MOD - C:\Programme\Motorola\SMSERIAL\sm56brz.dll ()
MOD - C:\Programme\Motorola\SMSERIAL\sm56kor.dll ()
MOD - C:\Programme\Motorola\SMSERIAL\sm56ger.dll ()
MOD - C:\Programme\Motorola\SMSERIAL\sm56fra.dll ()
MOD - C:\Programme\Motorola\SMSERIAL\sm56dnk.dll ()
MOD - C:\Programme\Motorola\SMSERIAL\sm56jpn.dll ()
MOD - C:\Programme\Motorola\SMSERIAL\sm56cht.dll ()
MOD - C:\Programme\Motorola\SMSERIAL\sm56chs.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (GladFileMonSvc) -- C:\Program Files\Gladinet\Gladinet Cloud Desktop\GladFileMonSvc.exe (Gladinet, INC)
SRV - (WTGService) -- C:\Program Files\Verbindungsassistent\wtgservice.exe ()
SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
SRV - (OsdService) -- C:\Programme\C&E\OSD\OsdService\OsdService.exe ()
SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (ZTEusbnet) -- C:\Windows\System32\drivers\ZTEusbnet.sys (ZTE Corporation)
DRV - (ZTEusbvoice) -- C:\Windows\System32\drivers\zteusbvoice.sys (ZTE Incorporated)
DRV - (ZTEusbser6k) -- C:\Windows\System32\drivers\ZTEusbser6k.sys (ZTE Incorporated)
DRV - (ZTEusbnmea) -- C:\Windows\System32\drivers\ZTEusbnmea.sys (ZTE Incorporated)
DRV - (ZTEusbmdm6k) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys (ZTE Incorporated)
DRV - (massfilter) -- C:\Windows\System32\drivers\massfilter.sys (ZTE Incorporated)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (CEBFilter) -- C:\Programme\C&E\OSD\OsdService\cebuffer.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (CEIO) -- C:\Programme\C&E\OSD\OsdService\ceio.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (cKBFilter) -- C:\Programme\C&E\OSD\OsdService\kbfiltr.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (camfilt2) -- C:\Windows\System32\drivers\camfilt2.sys (Guillemot Corporation)
DRV - (SNPSTD3) -- C:\Windows\System32\drivers\snpstd3.sys (Sonix Co. Ltd.)
DRV - (JRAID) -- C:\Windows\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (Si3531) -- C:\Windows\system32\DRIVERS\Si3531.sys (Silicon Image, Inc)
DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (SiRemFil) -- C:\Windows\system32\DRIVERS\SiRemFil.sys (Silicon Image, Inc.)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (SiFilter) -- C:\Windows\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.459
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.1
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 60525
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 4
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.09.13 23:01:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.09.13 23:01:42 | 000,000,000 | ---D | M]
 
[2009.08.29 16:40:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jana\AppData\Roaming\mozilla\Extensions
[2012.01.15 19:51:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jana\AppData\Roaming\mozilla\Firefox\Profiles\1ssh4blq.default\extensions
[2009.09.06 16:01:38 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jana\AppData\Roaming\mozilla\Firefox\Profiles\1ssh4blq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.01.03 12:11:12 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Jana\AppData\Roaming\mozilla\Firefox\Profiles\1ssh4blq.default\extensions\personas@christopher.beard
[2012.01.10 15:40:28 | 000,000,955 | ---- | M] () -- C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\1ssh4blq.default\searchplugins\icqplugin.xml
[2012.01.15 22:48:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2010.11.30 23:28:07 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\mozilla firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009.09.06 17:19:35 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\mozilla firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.12.01 08:58:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.07.25 14:13:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2009.08.30 23:27:29 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\mozilla firefox\extensions\linkfilter@kaspersky.ru
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.08.16 21:09:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.08.16 21:09:54 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.08.16 21:09:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.08.16 21:09:55 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.08.16 21:09:55 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.01.08 19:52:55 | 000,439,947 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 15129 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Eraser] "C:\PROGRA~2\Eraser\Eraser.exe" --atRestart File not found
O4 - HKLM..\Run: [GenePccMon.exe] C:\Program Files\Genesys PC Camera Device\GenePccMon.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MobileConnect] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OSD] C:\Programme\C&E\OSD\osd.exe (C&E)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SMSERIAL] C:\Programme\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - Startup: C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PMB Medien-Prüfung.lnk = C:\Program Files\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe (Sony Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{06F9EAF8-0D78-4724-A948-2080EDC3BFB8}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A376A356-EDD6-47CC-92B6-E3729A19D424}: DhcpNameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C7F0CC34-9A49-42B4-94BD-61C67BE406F4}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Jana\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Jana\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{2a4c9589-53a2-11e0-822d-00a0c6000000}\Shell - "" = AutoRun
O33 - MountPoints2\{2a4c9589-53a2-11e0-822d-00a0c6000000}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{452ed3ff-f62e-11e0-8be6-001060d0787c}\Shell - "" = AutoRun
O33 - MountPoints2\{452ed3ff-f62e-11e0-8be6-001060d0787c}\Shell\AutoRun\command - "" = F:\Setup.exe
O33 - MountPoints2\{4c475e0c-f985-11df-99a1-001060d0787c}\Shell - "" = AutoRun
O33 - MountPoints2\{4c475e0c-f985-11df-99a1-001060d0787c}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{4c475e0e-f985-11df-99a1-001060d0787c}\Shell - "" = AutoRun
O33 - MountPoints2\{4c475e0e-f985-11df-99a1-001060d0787c}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{647fdc93-fc12-11df-bfe3-001060d0787c}\Shell - "" = AutoRun
O33 - MountPoints2\{647fdc93-fc12-11df-bfe3-001060d0787c}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{a7e9c2c1-fd5e-11df-bdfd-001060d0787c}\Shell - "" = AutoRun
O33 - MountPoints2\{a7e9c2c1-fd5e-11df-bdfd-001060d0787c}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{a7e9c2d4-fd5e-11df-bdfd-001060d0787c}\Shell - "" = AutoRun
O33 - MountPoints2\{a7e9c2d4-fd5e-11df-bdfd-001060d0787c}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{fdd028a3-f8c4-11df-b0ed-001060d0787c}\Shell - "" = AutoRun
O33 - MountPoints2\{fdd028a3-f8c4-11df-b0ed-001060d0787c}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O33 - MountPoints2\{fdd028b6-f8c4-11df-b0ed-001060d0787c}\Shell - "" = AutoRun
O33 - MountPoints2\{fdd028b6-f8c4-11df-b0ed-001060d0787c}\Shell\AutoRun\command - "" = E:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.16 23:06:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.01.16 08:31:32 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Jana\Desktop\OTL.exe
[2012.01.15 21:09:14 | 000,000,000 | ---D | C] -- C:\Users\Jana\AppData\Roaming\Malwarebytes
[2012.01.15 21:09:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.01.15 21:09:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.01.15 21:09:04 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.01.15 21:09:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.01.11 15:53:07 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciseq.dll
[2012.01.11 15:53:05 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2012.01.11 15:53:04 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012.01.11 15:52:44 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2012.01.11 15:52:44 | 000,497,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2012.01.08 20:14:45 | 000,000,000 | ---D | C] -- C:\Users\Jana\AppData\Roaming\Avira
[2012.01.08 20:13:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.01.08 20:13:01 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2012.01.08 20:13:00 | 000,134,856 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2012.01.08 20:13:00 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.01.08 20:13:00 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys
[2012.01.08 20:12:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.01.08 20:12:49 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2012.01.08 19:44:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012.01.08 19:44:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.01.08 19:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012.01.08 12:18:20 | 000,000,000 | ---D | C] -- C:\Program Files\LP
[2012.01.08 10:36:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2012.01.08 10:36:46 | 000,000,000 | ---D | C] -- C:\Users\Jana\AppData\Roaming\DVDVideoSoft
[2012.01.08 10:36:43 | 000,000,000 | ---D | C] -- C:\Users\Jana\Documents\DVDVideoSoft
[2012.01.08 10:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2012.01.08 10:36:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2012.01.07 19:13:27 | 000,000,000 | ---D | C] -- C:\Users\Jana\Desktop\spike mov
[2011.12.25 18:44:51 | 000,000,000 | ---D | C] -- C:\Users\Jana\Desktop\buecherkiste
[2009.12.23 18:07:46 | 000,057,344 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2009.12.23 18:07:45 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.17 08:32:32 | 000,027,240 | ---- | M] () -- C:\Users\Jana\AppData\Roaming\nvModes.001
[2012.01.17 08:32:09 | 000,004,672 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.17 08:32:09 | 000,004,672 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.17 08:32:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.17 08:31:59 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2012.01.17 00:30:15 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.01.16 23:41:19 | 000,302,592 | ---- | M] () -- C:\Users\Jana\Desktop\56wbhnkv.exe
[2012.01.16 23:39:11 | 000,000,000 | ---- | M] () -- C:\Users\Jana\defogger_reenable
[2012.01.16 23:37:35 | 000,050,477 | ---- | M] () -- C:\Users\Jana\Desktop\Defogger.exe
[2012.01.16 22:54:11 | 000,027,240 | ---- | M] () -- C:\Users\Jana\AppData\Roaming\nvModes.dat
[2012.01.16 12:56:37 | 000,000,424 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{95C7E885-0D28-49D3-B93D-770A31A8E2C5}.job
[2012.01.16 08:31:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Jana\Desktop\OTL.exe
[2012.01.15 21:09:07 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.12 03:03:48 | 000,000,118 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2012.01.10 16:01:54 | 003,700,432 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.01.10 16:01:54 | 001,546,160 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.01.10 16:01:54 | 001,133,558 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.01.10 16:01:54 | 001,022,216 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.01.09 18:40:31 | 003,772,238 | ---- | M] () -- C:\Users\Jana\Desktop\AdeleRollingInTheDeepOfficialLyricsOnScreenHqhd_2558.mp3
[2012.01.09 03:11:22 | 000,094,208 | ---- | M] () -- C:\Users\Jana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.08 23:54:07 | 278,977,672 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.01.08 20:13:23 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.01.08 19:52:55 | 000,439,947 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011.12.26 18:30:52 | 000,021,929 | ---- | M] () -- C:\Users\Jana\.recently-used.xbel
 
========== Files Created - No Company Name ==========
 
[2012.01.16 23:41:15 | 000,302,592 | ---- | C] () -- C:\Users\Jana\Desktop\56wbhnkv.exe
[2012.01.16 23:39:11 | 000,000,000 | ---- | C] () -- C:\Users\Jana\defogger_reenable
[2012.01.16 23:37:34 | 000,050,477 | ---- | C] () -- C:\Users\Jana\Desktop\Defogger.exe
[2012.01.15 21:09:07 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.01.12 03:03:48 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2012.01.09 18:40:02 | 003,772,238 | ---- | C] () -- C:\Users\Jana\Desktop\AdeleRollingInTheDeepOfficialLyricsOnScreenHqhd_2558.mp3
[2012.01.08 20:13:23 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.12.26 18:30:52 | 000,021,929 | ---- | C] () -- C:\Users\Jana\.recently-used.xbel
[2011.08.07 01:13:33 | 000,017,985 | ---- | C] () -- C:\Windows\War3Unin.dat
[2010.02.07 18:34:24 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010.02.07 18:34:24 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010.02.07 18:33:30 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010.02.07 18:33:08 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2009.12.23 18:07:53 | 003,600,384 | ---- | C] () -- C:\Windows\ffmpeg.exe
[2009.12.23 18:07:45 | 000,015,478 | ---- | C] () -- C:\Windows\snpstd3.ini
[2009.10.15 19:17:10 | 000,130,520 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2009.09.06 16:52:52 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.08.30 23:32:30 | 000,094,208 | ---- | C] () -- C:\Users\Jana\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.29 15:22:44 | 000,027,240 | ---- | C] () -- C:\Users\Jana\AppData\Roaming\nvModes.001
[2009.08.29 14:34:34 | 000,027,240 | ---- | C] () -- C:\Users\Jana\AppData\Roaming\nvModes.dat
[2009.08.25 08:09:00 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2009.08.23 00:21:25 | 003,700,432 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2009.08.23 00:21:25 | 001,133,558 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2009.08.23 00:21:25 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2009.08.23 00:21:25 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2009.08.22 15:19:27 | 000,000,680 | ---- | C] () -- C:\Users\Jana\AppData\Local\d3d9caps.dat
[2009.08.22 14:28:29 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.11.06 17:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2006.12.05 12:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.11.02 13:56:48 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 13:47:43 | 000,258,328 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 11:33:01 | 001,546,160 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 11:33:01 | 001,022,216 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.07.22 20:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\Jana\Desktop\aoe-narnia.avi:TOC.WMV

< End of report >

Extra:

Code:

ATTFilter

OTL Extras logfile created on: 17.01.2012 08:41:56 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Jana\Desktop
Windows Vista Business Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,79 Gb Available Physical Memory | 59,64% Memory free
6,21 Gb Paging File | 4,92 Gb Available in Paging File | 79,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 372,60 Gb Total Space | 268,27 Gb Free Space | 72,00% Space Free | Partition Type: NTFS
Drive D: | 1,85 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: JANA-PC | User Name: Jana | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{033E5971-C95F-4745-9F62-F9700C305618}" = protocol=6 | dir=in | app=c:\program files\gladinet\gladinet cloud desktop\wosvsssvrxp32.exe | 
"{0A5EDFA3-0DEF-4F6F-A35F-9471B0BFB1DD}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{1A2BE969-3983-4110-BD6D-E35C872E57D7}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{330CBBD3-DC1C-4CE8-9805-686D76B05071}" = protocol=17 | dir=in | app=c:\program files\gladinet\gladinet cloud desktop\wosvsssvr.exe | 
"{52BF47B1-513B-4FBC-806B-715C19E18F4F}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{6875B1E5-7A14-4B7A-8CEA-4EB40C4F1A91}" = protocol=17 | dir=in | app=c:\program files\gladinet\gladinet cloud desktop\wosvsssvrxp32.exe | 
"{88F0C75D-3AD0-4FBF-8844-9EB996BEEDAE}" = protocol=6 | dir=in | app=c:\program files\gladinet\gladinet cloud desktop\wosvsssvr2003.exe | 
"{A29D5125-2FE3-4BEA-84C7-3D96730E9EE0}" = protocol=17 | dir=in | app=c:\program files\gladinet\gladinet cloud desktop\wosvsssvr2003.exe | 
"{AA33D1C7-4E24-4C0B-B45B-EF65511B84BA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D3D84649-94B2-4D95-AE11-0DC7AD17E361}" = protocol=6 | dir=in | app=c:\program files\gladinet\gladinet cloud desktop\wosvsssvr.exe | 
"{DF36310D-057A-4068-89F9-A0C19AA04AD0}" = protocol=17 | dir=in | app=c:\program files\gladinet\gladinet cloud desktop\gladinetclient.exe | 
"{E73E39EE-C0BF-4272-9ED2-D891AFF28734}" = protocol=6 | dir=in | app=c:\program files\gladinet\gladinet cloud desktop\gladinetclient.exe | 
"TCP Query User{5C816E2D-A23C-47CA-A8FA-F8B353A96898}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"TCP Query User{63F98864-5177-4A77-851D-87C9FB7ACD73}C:\program files\hercules\classic silver\station2.exe" = protocol=6 | dir=in | app=c:\program files\hercules\classic silver\station2.exe | 
"TCP Query User{E3B429EF-7589-4A4F-95AE-F16684D4F87B}C:\program files\gladinet\gladinet cloud desktop\gladinetclient.exe" = protocol=6 | dir=in | app=c:\program files\gladinet\gladinet cloud desktop\gladinetclient.exe | 
"UDP Query User{857F4369-C288-4925-9DDF-360D58FD73F6}C:\program files\gladinet\gladinet cloud desktop\gladinetclient.exe" = protocol=17 | dir=in | app=c:\program files\gladinet\gladinet cloud desktop\gladinetclient.exe | 
"UDP Query User{BC6CE77A-A693-4D1B-B5D5-B7C035B340B5}C:\program files\hercules\classic silver\station2.exe" = protocol=17 | dir=in | app=c:\program files\hercules\classic silver\station2.exe | 
"UDP Query User{FCDF13C6-8F0B-499D-BD70-79E1C5928CEF}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1C1DF401-0A3E-49C8-85AD-EB3C9F82A275}" = 3531-W-I32-D SATARAID5
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 26
"{392A74D0-4DFE-49F7-87C3-8A61708F8856}" = Eraser 6.0.8.2273
"{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}" = Genesys PC Camera Device
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{96B51C0B-D3BE-4DF3-959C-28B22C10CFBB}" = Vodafone Mobile Connect Lite
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D5068583-D569-468B-9755-5FBF5848F46F}" = Sony Picture Utility
"{DABF43D9-1104-4764-927B-5BED1274A3B0}" = Runtime
"{DFFC0648-BC4B-47D1-93D2-6CA6B9457641}" = OpenOffice.org 3.2
"{EB863CFD-6889-47B0-9D79-492DE0D07EE7}" = OSDInstall
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FA457433-3A99-4A25-8E20-EBA2D89FAC4A}" = Gladinet Cloud Desktop
"{FD4FE0F7-91FC-43A2-9C3A-187553991FFF}" = Hercules Classic Silver Webcam
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"Free 3GP Video Converter_is1" = Free 3GP Video Converter version 5.0.4.1228
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"ICQToolbar" = ICQ Toolbar
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.0.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"NVIDIA Drivers" = NVIDIA Drivers
"SMSERIAL" = Motorola SM56 Data Fax Modem
"Sony MHS Camera Driver" = Sony MHS Camera Driver
"TrueCrypt" = TrueCrypt
"Verbindungsassistent" = Verbindungsassistent
"VLC media player" = VLC media player 0.9.8a
"Warcraft III" = Warcraft III
"WinGimp-2.0_is1" = GIMP 2.6.10
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 15.01.2012 17:41:50 | Computer Name = Jana-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 15.01.2012 17:52:23 | Computer Name = Jana-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 16.01.2012 07:56:45 | Computer Name = Jana-PC | Source = VMCService | ID = 0
Description = GetProcessOwner
 
Error - 16.01.2012 17:53:42 | Computer Name = Jana-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 16.01.2012 18:01:26 | Computer Name = Jana-PC | Source = VMCService | ID = 0
Description = GetProcessOwner
 
Error - 16.01.2012 18:02:32 | Computer Name = Jana-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 16.01.2012 18:08:57 | Computer Name = Jana-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
Error - 16.01.2012 18:45:58 | Computer Name = Jana-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung 56wbhnkv.exe, Version 1.0.15.15641, Zeitstempel
 0x4e21f2b1, fehlerhaftes Modul 56wbhnkv.exe, Version 1.0.15.15641, Zeitstempel 
0x4e21f2b1, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c676,  Prozess-ID 0xf40, Anwendungsstartzeit
 01ccd4a06bc82dfe.
 
Error - 16.01.2012 18:49:19 | Computer Name = Jana-PC | Source = Perflib | ID = 1010
Description = 
 
Error - 17.01.2012 03:32:14 | Computer Name = Jana-PC | Source = VMCService | ID = 0
Description = conflictManagerTypeValue
 
[ System Events ]
Error - 16.01.2012 06:42:55 | Computer Name = Jana-PC | Source = NETw4v32 | ID = 5002
Description = Intel(R) PRO/Wireless 3945ABG Network Connection : Fehlfunktion des
 Netzwerkadapters wurde ermittelt.
 
Error - 16.01.2012 06:42:56 | Computer Name = Jana-PC | Source = NETw4v32 | ID = 5005
Description = \DEVICE\{06F9EAF8-0D78-4724-A948-2080EDC3BFB8} : Interner Fehler aufgetreten.
 
Error - 16.01.2012 17:53:43 | Computer Name = Jana-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 16.01.2012 17:54:01 | Computer Name = Jana-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 16.01.2012 18:02:32 | Computer Name = Jana-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 16.01.2012 18:02:42 | Computer Name = Jana-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 16.01.2012 18:08:55 | Computer Name = Jana-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 16.01.2012 18:09:06 | Computer Name = Jana-PC | Source = Service Control Manager | ID = 7034
Description = 
 
Error - 17.01.2012 03:32:12 | Computer Name = Jana-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 17.01.2012 03:32:24 | Computer Name = Jana-PC | Source = Service Control Manager | ID = 7034
Description = 
 
 
< End of report >

Der FF wechselt immernoch automatisch den Proxy, der IE funktioniert aucvh nicht hab ich festgestellt

LG

Virus blockt teils Internet verbindung

Plagegeister aller Art und deren Bekämpfung: Virus blockt teils Internet verbindung