Zurck   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekmpfung

Plagegeister aller Art und deren Bekmpfung: Tr/Agent.ruo in: C\Windows\System32\wineqd.dll

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwnschte Software zu deinstallieren bzw. zu lschen. Bitte schildere dein Problem so genau wie mglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 27.03.2010, 18:03   #1
Julius-Sl
 
Tr/Agent.ruo in: C\Windows\System32\wineqd.dll - Ausrufezeichen

Tr/Agent.ruo in: C\Windows\System32\wineqd.dll



Hallo,

Seit ca. 1 Stunde erscheint, sobald ich Mozilla Firefox starte, eine Meldung meines Antivir-Programms. Ich habe im Thread unter mir bereits einen hnlichen Beitrag gelesen, jedoch ist der Trojaner bei mir unter anderer Datei zu finden.

Folgende Meldung erscheint:

C:\Windows\Sytem32\wineqd.dll ist das Trojanische Pferd TR/Agent.ruo

Ich habe einen Logfile erstellt:

Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 17:53:53 on 27.03.2010

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 3.6.2

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"ISUSPM.cpl" - "InstallShield Software Corporation" - C:\Windows\system32\ISUSPM.cpl
"PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"adfs" (adfs) - "Adobe Systems, Inc." - C:\Windows\system32\drivers\adfs.sys
"ALSysIO" (ALSysIO) - ? - C:\Users\Julius\AppData\Local\Temp\ALSysIO.sys (File not found)
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys (File found, but it contains no detailed information)
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"BVRPMPR5 NDIS Protocol Driver" (BVRPMPR5) - "Avanquest Software" - C:\Windows\system32\drivers\BVRPMPR5.SYS
"Ekahau User Protocol Driver for NDIS 6" (EkaProt6) - "Windows (R) Codename Longhorn DDK provider" - C:\Windows\System32\DRIVERS\ekaprot6.sys
"int15" (int15) - "Acer, Inc." - C:\Windows\system32\drivers\int15.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found)
"kbdqquj" (kbdqquj) - "Microsoft Corporation" - C:\Windows\system32\drivers\kbdqquj.sys
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys (File found, but it contains no detailed information)
"NTIPPKernel" (NTIPPKernel) - "Cyberlink Corp." - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
"PSDFilter" (PSDFilter) - "Egis Incorporated" - C:\Windows\System32\DRIVERS\psdfilter.sys
"PSDNServ" (PSDNServ) - "Egis Incorporated" - C:\Windows\System32\DRIVERS\PSDNServ.sys
"PSDVdisk" (psdvdisk) - "Egis Incorporated" - C:\Windows\System32\DRIVERS\PSDVdisk.sys
"SSHDRV86" (SSHDRV86) - ? - C:\Windows\system32\drivers\SSHDRV86.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"StarForce Protection Environment Driver (version 1.x)" (sfdrv01) - "Protection Technology (StarForce)" - C:\Windows\System32\drivers\sfdrv01.sys
"StarForce Protection Helper Driver (version 2.x)" (sfhlp02) - "Protection Technology (StarForce)" - C:\Windows\System32\drivers\sfhlp02.sys
"StarForce Protection Synchronization Driver (version 4.x)" (sfsync04) - "Protection Technology (StarForce)" - C:\Windows\System32\drivers\sfsync04.sys
"StarForce Protection VFS Driver (version 2.x)" (sfvfs02) - "Protection Technology (StarForce)" - C:\Windows\System32\drivers\sfvfs02.sys
"TfFsMon" (TfFsMon) - ? - C:\Windows\System32\drivers\TfFsMon.sys (File not found)
"TfNetMon" (TfNetMon) - ? - C:\Windows\system32\drivers\TfNetMon.sys (File not found)
"TfSysMon" (TfSysMon) - ? - C:\Windows\System32\drivers\TfSysMon.sys (File not found)
"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - D:\Programme\TuneUpUtilities10\TuneUpUtilitiesDriver32.sys
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\DRIVERS\NTIDrvr.sys
"{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}" ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) - "Cyberlink Corp." - C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{9462A756-7B47-47BC-8C80-C34B9B80B32B} "BackWeb GA Pluggable Protocol" - "Logitech Inc." - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found)
{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "DragDropProtect Class" - "Egis Inc." - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} "EPM-PO Shell Extensions" - ? - epm-po.dll (File not found)
{8BE13461-936F-11D1-A87D-444553540000} "Eraser Shell Extension" - "-" - C:\Windows\System32\erasext.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found)
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - D:\Programme\TuneUpUtilities10\DseShExt-x86.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - D:\Programme\TuneUpUtilities10\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Ask Toolbar" - "Ask.com" - C:\Program Files\Ask.com\GenericAskToolbar.dll
ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found)
<binary data> "SweetIM Toolbar for Internet Explorer" - "SweetIM Technologies Ltd." - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
"{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? - (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_17" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_17.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
{6E718D87-6909-4FCE-92D4-EDCB2F725727} "Navigram Control" - "Navigram" - C:\PROGRA~1\Navigram\NAVIGR~1\navigram.ocx / hxxp://www.navigram.com/engine/v1026/Navigram.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10e.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? - (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{855F3B16-6D32-4FE6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "@C:\Windows\WindowsMobile\INetRepl.dll,-222" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll
"ICQ7" - "ICQ, Inc." - C:\Program Files\ICQ7.0\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Acer eDataSecurity Management" - "Egis Incorporated." - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
<binary data> "Ask Toolbar" - "Ask.com" - C:\Program Files\Ask.com\GenericAskToolbar.dll
{855F3B16-6D32-4FE6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
{0BF43445-2F28-4351-9252-17FE6E806AA0} "McAfee SiteAdvisor" - ? - (File not found | COM-object registry key not found)
<binary data> "SweetIM Toolbar for Internet Explorer" - "SweetIM Technologies Ltd." - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{D4027C7F-154A-4066-A1AD-4243D8127440} "Ask Toolbar" - "Ask.com" - C:\Program Files\Ask.com\GenericAskToolbar.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} "ShowBarObj Class" - "Egis" - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
{EEE6C35C-6118-11DC-9C72-001320C79847} "SweetIM Toolbar Helper" - "SweetIM Technologies Ltd." - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Julius\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - D:\Programme\HP\Digital Imaging\bin\hpqtra08.exe (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Duden Korrektor SysTray" - "Expert System S.p.A." - C:\Program Files\Duden\Duden Korrektor\DKTray.exe
"Eraser" - "The Eraser Project" - C:\Program Files\Eraser\Eraser.exe -hide
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"AdobeCS4ServiceManager" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"ArcadeDeluxeAgent" - "CyberLink Corp." - "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"eAudio" - "Acer Incorporated" - "C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe"
"eDataSecurity Loader" - "Egis Incorporated" - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
"ePower_DMC" - "Acer Inc." - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"HP Software Update" - "Hewlett-Packard Co." - D:\Programme\HP\HP Software Update\HPWuSchd2.exe
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"Launch LGDCore" - "Logitech Inc." - "C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe" /SHOWHIDE
"LManager" - "Dritek System Inc." - C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE Systemboot
"Ocs_SM" - "OCS" - C:\Users\Julius\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
"PLFSetI" - ? - C:\Windows\PLFSetI.exe
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime

[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"Adobe Drive CS4 Network" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PCL hpz3l4v2" - "Hewlett-Packard Company" - C:\Windows\system32\hpz3l4v2.dll
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll (File found, but it contains no detailed information)
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
"@D:\Programme\TuneUpUtilities10\TuneUpDefragService.exe,-1" (TuneUp.Defrag) - "TuneUp Software" - D:\Programme\TuneUpUtilities10\TuneUpDefragService.exe
"Akamai NetSession Interface" (Akamai) - ? - c:\program files\common files\akamai\rswin_3648.dll (File found, but it contains no detailed information)
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Bonjour-Dienst" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"CLHNService" (CLHNService) - ? - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
"eDataSecurity Service" (eDataSecurity Service) - "Egis Incorporated" - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
"Empowering Technology Service" (ETService) - ? - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate1ca10a6b6f48323)" (gupdate1ca10a6b6f48323) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - D:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - D:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"LVSrvLauncher" (LVSrvLauncher) - "Logitech Inc." - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"MobilityService" (MobilityService) - ? - C:\Acer\Mobility Center\MobilityService.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"SearchAnonymizer" (SearchAnonymizer) - ? - C:\Users\Julius\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - D:\Programme\TuneUpUtilities10\TuneUpUtilitiesService32.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

______________________________

Wre dankbar, wenn ihr mir sagt, was nun zu tun ist.

Alt 28.03.2010, 00:55   #2
myrtille
/// TB-Ausbilder
 
Tr/Agent.ruo in: C\Windows\System32\wineqd.dll - Standard

Tr/Agent.ruo in: C\Windows\System32\wineqd.dll



Hi,

knntest du bitte auch ein Log mit OTL erstellen:
Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausfhren" whlen
  • Oben findest Du ein Kstchen mit Output. Whle bitte Minimal Output
  • Unter Extra Registry, whle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles in hier in den Thread.

MfG myrtille
__________________

__________________

Alt 28.03.2010, 12:12   #3
Julius-Sl
 
Tr/Agent.ruo in: C\Windows\System32\wineqd.dll - Standard

Tr/Agent.ruo in: C\Windows\System32\wineqd.dll



Jo. Gemacht und gepostet:

OTL logfile created on: 28.03.2010 12:02:47 - Run 1
OTL by OldTimer - Version 3.1.37.3 Folder = C:\Users\Julius\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 70,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111,44 Gb Total Space | 41,13 Gb Free Space | 36,90% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 226,25 Gb Free Space | 97,15% Space Free | Partition Type: NTFS
Drive E: | 111,44 Gb Total Space | 111,35 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
Drive F: | 6,74 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: COMPUTER
Current User Name: Julius
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Julius\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 09\avp.exe (Kaspersky Lab)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Users\Julius\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
PRC - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, Inc.)
PRC - C:\Program Files\Office-Bibliothek\officebib.exe (Bibliographisches Institut & F. A. Brockhaus AG)
PRC - D:\Programme\TuneUpUtilities10\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - D:\Programme\TuneUpUtilities10\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
PRC - C:\Users\Julius\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
PRC - C:\Program Files\Duden\Duden Korrektor\DKTray.exe (Expert System S.p.A.)
PRC - C:\Program Files\Duden\Duden Korrektor\DKCore.exe (Expert System S.p.A.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
PRC - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
PRC - C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
PRC - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
PRC - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
PRC - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
PRC - C:\ACER\Mobility Center\MobilityService.exe ()
PRC - C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe (Logitech Inc.)


========== Modules (SafeList) ==========

MOD - C:\Users\Julius\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 09\kloehk.dll (Kaspersky Lab)
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 09\adialhk.dll (Kaspersky Lab)
MOD - C:\Windows\System32\powrprof.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
MOD - C:\Windows\System32\wtsapi32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 09\avp.exe (Kaspersky Lab)
SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\rswin_3648.dll ()
SRV - (SearchAnonymizer) -- C:\Users\Julius\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (TuneUp.Defrag) -- D:\Programme\TuneUpUtilities10\TuneUpDefragService.exe (TuneUp Software)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (TuneUp.UtilitiesSvc) -- D:\Programme\TuneUpUtilities10\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (eDataSecurity Service) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)
SRV - (ETService) -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (CLHNService) -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (MobilityService) -- C:\Acer\Mobility Center\MobilityService.exe ()
SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (TuneUpUtilitiesDrv) -- D:\Programme\TuneUpUtilities10\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (SSHDRV86) -- C:\Windows\System32\drivers\SSHDRV86.sys ()
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (EkaProt6) -- C:\Windows\System32\drivers\ekaprot6.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (sfsync04) StarForce Protection Synchronization Driver (version 4.x) -- C:\Windows\System32\drivers\sfsync04.sys (Protection Technology (StarForce))
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (KMWDFILTER) -- C:\Windows\System32\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (adfs) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation)
DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (psdvdisk) -- C:\Windows\System32\drivers\PSDVdisk.sys (Egis Incorporated)
DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (Egis Incorporated)
DRV - (PSDNServ) -- C:\Windows\System32\drivers\PSDNServ.sys (Egis Incorporated)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl (Cyberlink Corp.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (Ltn_stk7070P) -- C:\Windows\System32\drivers\Ltn_stk7070P.sys (LiteOn)
DRV - (int15) -- C:\Windows\System32\drivers\int15.sys (Acer, Inc.)
DRV - (KLFLTDEV) -- C:\Windows\System32\drivers\klfltdev.sys (Kaspersky Lab)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (klbg) -- C:\Windows\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (NTIPPKernel) -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys (Cyberlink Corp.)
DRV - (LVMVDrv) -- C:\Windows\System32\drivers\LVMVdrv.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (pepifilter) -- C:\Windows\System32\drivers\lv302af.sys (Logitech Inc.)
DRV - (BVRPMPR5) -- C:\Windows\System32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology (StarForce))
DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Acer.com Worldwide - Select your local country or region [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = ICQ.com Suche
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.1.115
FF - prefs.js..extensions.enabledItems: {d49175b3-3fd8-43b8-b28e-da5d47f3c398}:1.0.27
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100211.5
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:3.3.0.3971
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10
FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.8
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=icqskins&q="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"


FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.13 22:14:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.03.23 23:06:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.03.23 23:06:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.3\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.03.27 21:28:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.3\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 09\THBExt [2010.03.27 19:36:24 | 000,000,000 | ---D | M]

[2010.03.27 21:28:13 | 000,000,000 | ---D | M] -- C:\Users\Julius\AppData\Roaming\mozilla\Extensions
[2010.03.27 21:28:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julius\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.03.27 21:08:12 | 000,000,000 | ---D | M] -- C:\Users\Julius\AppData\Roaming\mozilla\Firefox\Profiles\kblvltfi.default\extensions
[2009.06.27 16:47:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Julius\AppData\Roaming\mozilla\Firefox\Profiles\kblvltfi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.03.08 20:32:47 | 000,000,000 | ---D | M] (Stylish) -- C:\Users\Julius\AppData\Roaming\mozilla\Firefox\Profiles\kblvltfi.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}
[2010.03.23 17:03:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julius\AppData\Roaming\mozilla\Firefox\Profiles\kblvltfi.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2010.03.27 21:08:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Julius\AppData\Roaming\mozilla\Firefox\Profiles\kblvltfi.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.01.31 10:24:00 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Julius\AppData\Roaming\mozilla\Firefox\Profiles\kblvltfi.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.03.11 20:59:14 | 000,000,000 | ---D | M] (COMPUTERBILD-Abzockschutz) -- C:\Users\Julius\AppData\Roaming\mozilla\Firefox\Profiles\kblvltfi.default\extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398}
[2010.02.12 13:45:40 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Julius\AppData\Roaming\mozilla\Firefox\Profiles\kblvltfi.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.03.19 15:21:37 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Julius\AppData\Roaming\mozilla\Firefox\Profiles\kblvltfi.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2009.06.25 17:40:10 | 000,000,000 | ---D | M] -- C:\Users\Julius\AppData\Roaming\mozilla\Firefox\Profiles\kblvltfi.default\extensions\moveplayer@movenetworks.com
[2010.03.27 21:08:12 | 000,000,000 | ---D | M] -- C:\Users\Julius\AppData\Roaming\mozilla\Firefox\Profiles\kblvltfi.default\extensions\staged-xpis
[2010.02.12 12:05:29 | 000,000,000 | ---D | M] -- C:\Users\Julius\AppData\Roaming\mozilla\Firefox\Profiles\kblvltfi.default\extensions\toolbar@ask.com
[2010.03.25 15:52:36 | 000,000,950 | ---- | M] () -- C:\Users\Julius\AppData\Roaming\Mozilla\FireFox\Profiles\kblvltfi.default\searchplugins\icqplugin-1.xml
[2008.03.31 15:52:00 | 000,000,168 | ---- | M] () -- C:\Users\Julius\AppData\Roaming\Mozilla\FireFox\Profiles\kblvltfi.default\searchplugins\icqplugin.gif
[2009.11.19 16:35:02 | 000,000,615 | ---- | M] () -- C:\Users\Julius\AppData\Roaming\Mozilla\FireFox\Profiles\kblvltfi.default\searchplugins\icqplugin.src
[2010.03.03 20:59:35 | 000,001,064 | ---- | M] () -- C:\Users\Julius\AppData\Roaming\Mozilla\FireFox\Profiles\kblvltfi.default\searchplugins\icqplugin.xml
[2010.03.19 15:19:59 | 000,003,915 | ---- | M] () -- C:\Users\Julius\AppData\Roaming\Mozilla\FireFox\Profiles\kblvltfi.default\searchplugins\sweetim.xml
[2010.03.03 20:59:35 | 000,001,834 | ---- | M] () -- C:\Users\Julius\AppData\Roaming\Mozilla\FireFox\Profiles\kblvltfi.default\searchplugins\{6BFC2BDB-19BE-4066-A70A-CFCBAD503537}.xml
[2010.03.03 20:59:35 | 000,002,041 | ---- | M] () -- C:\Users\Julius\AppData\Roaming\Mozilla\FireFox\Profiles\kblvltfi.default\searchplugins\{9E484F50-C899-4EA2-B3EF-7519D3D8B370}.xml
[2010.03.03 20:59:35 | 000,002,152 | ---- | M] () -- C:\Users\Julius\AppData\Roaming\Mozilla\FireFox\Profiles\kblvltfi.default\searchplugins\{B97B5981-52E4-4E0F-B470-1412FADAEEFA}.xml
[2010.03.13 17:25:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.01.17 21:40:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.03.03 20:59:35 | 000,001,648 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.03 20:59:35 | 000,002,617 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.03 20:59:35 | 000,007,015 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.03 20:59:35 | 000,001,242 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.03 20:59:35 | 000,001,134 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 09\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 09\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Common Files\Logitech\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Ocs_SM] C:\Users\Julius\AppData\Roaming\OCS\SM\SearchAnonymizer.exe (OCS)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Duden Korrektor SysTray] C:\Program Files\Duden\Duden Korrektor\DKTray.exe (Expert System S.p.A.)
O4 - HKCU..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O8 - Extra context menu item: Hinzufgen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 09\ie_banner_deny.htm ()
O9 - Extra Button: Statistik fr den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 09\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {6E718D87-6909-4FCE-92D4-EDCB2F725727} hxxp://www.navigram.com/engine/v1026/Navigram.cab (Navigram Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 09\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 09\adialhk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Security Suite CBE 09\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img33.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img33.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009.07.02 14:27:43 | 000,000,074 | R--- | M] () - F:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{487174d8-a1ad-11dd-bb7d-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{487174d8-a1ad-11dd-bb7d-806e6f6e6963}\Shell\AutoRun\command - "" = F:\zdata\cobi.exe -- [2009.09.22 15:39:30 | 001,144,832 | R--- | M] (getanet.MEDIA)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.03.28 12:01:32 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\Julius\Desktop\OTL.exe
[2010.03.27 21:28:08 | 000,000,000 | ---D | C] -- C:\Users\Julius\AppData\Roaming\Thunderbird
[2010.03.27 21:28:08 | 000,000,000 | ---D | C] -- C:\Users\Julius\AppData\Local\Thunderbird
[2010.03.27 21:27:59 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2010.03.27 19:35:49 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2010.03.27 19:35:33 | 000,239,632 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2010.03.24 14:40:10 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010.03.11 16:02:31 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010.03.11 16:02:27 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010.03.07 14:02:19 | 000,000,000 | ---D | C] -- C:\Program Files\Duden
[2010.03.07 14:01:18 | 000,000,000 | ---D | C] -- C:\ProgramData\BIFAB
[2010.03.07 13:59:54 | 000,000,000 | ---D | C] -- C:\Program Files\Office-Bibliothek
[2010.03.07 13:09:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010.03.07 13:09:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010.03.07 13:07:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010.03.07 13:03:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 8
[2010.03.07 12:59:56 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010.03.04 14:29:02 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.03.03 20:59:36 | 000,000,000 | ---D | C] -- C:\Users\Julius\AppData\Roaming\Opera
[2010.03.03 20:59:18 | 000,000,000 | ---D | C] -- C:\Users\Julius\AppData\Roaming\OCS
[2010.02.28 12:29:47 | 000,000,000 | ---D | C] -- C:\Program Files\Axife Mouse Recorder DEMO
[2010.02.28 12:28:27 | 000,497,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdqquj.sys
[2010.02.28 12:28:27 | 000,458,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wineqd.dll
[2008.07.22 10:01:25 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

[2010.03.28 12:08:31 | 005,242,880 | ---- | M] () -- C:\Users\Julius\NTUSER.DAT
[2010.03.28 12:04:37 | 000,876,576 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox2.dat
[2010.03.28 12:04:35 | 003,125,280 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.dat
[2010.03.28 12:04:30 | 000,027,592 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.idx
[2010.03.28 12:04:01 | 000,005,124 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox2.idx
[2010.03.28 12:02:12 | 000,147,030 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.03.28 12:02:12 | 000,147,030 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.03.28 12:01:36 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Julius\Desktop\OTL.exe
[2010.03.28 11:45:52 | 001,427,406 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.03.28 11:45:52 | 000,621,952 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.03.28 11:45:52 | 000,590,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.03.28 11:45:52 | 000,123,852 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.03.28 11:45:52 | 000,102,094 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.03.28 11:41:16 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.03.28 11:40:26 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2010.03.28 11:40:00 | 000,000,428 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{96B215B6-7A38-485A-80D5-AD3C42A6ED33}.job
[2010.03.28 11:38:21 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.03.28 11:38:01 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.03.28 11:38:01 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.03.28 11:37:59 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.03.28 11:37:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.03.28 11:37:51 | 2682,650,624 | -HS- | M] () -- C:\hiberfil.sys
[2010.03.28 00:15:28 | 000,524,288 | -HS- | M] () -- C:\Users\Julius\NTUSER.DAT{c94c3230-cafd-11de-bd85-00238b0d37db}.TMContainer00000000000000000001.regtrans-ms
[2010.03.28 00:15:28 | 000,065,536 | -HS- | M] () -- C:\Users\Julius\NTUSER.DAT{c94c3230-cafd-11de-bd85-00238b0d37db}.TM.blf
[2010.03.28 00:15:08 | 006,291,456 | -H-- | M] () -- C:\Users\Julius\AppData\Local\IconCache.db
[2010.03.27 23:30:19 | 000,024,307 | ---- | M] () -- C:\Users\Julius\Desktop\doodle_jump_icon.jpg
[2010.03.27 23:19:01 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.03.27 21:28:04 | 000,001,754 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2010.03.27 19:51:16 | 000,108,059 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2010.03.27 19:51:16 | 000,095,259 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2010.03.27 19:35:33 | 000,239,632 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2010.03.26 19:46:44 | 000,309,777 | ---- | M] () -- C:\Users\Julius\Desktop\wallpaper170.jpe.jpg
[2010.03.25 15:16:09 | 000,001,356 | ---- | M] () -- C:\Users\Julius\AppData\Local\d3d9caps.dat
[2010.03.23 23:00:52 | 000,030,352 | ---- | M] () -- C:\Users\Julius\Desktop\30700-115040_Austria_Panda_Baby_VIE101.jpg
[2010.03.19 18:53:28 | 000,012,589 | ---- | M] () -- C:\Users\Julius\Desktop\Einleitung Projekt.docx
[2010.03.17 22:43:19 | 000,020,153 | ---- | M] () -- C:\Users\Julius\Desktop\panda3.jpg
[2010.03.13 17:07:46 | 000,140,772 | -H-- | M] () -- C:\Windows\System32\mlfcache.dat
[2010.03.10 17:04:36 | 000,000,254 | ---- | M] () -- C:\Windows\win.ini
[2010.03.08 15:26:08 | 002,337,952 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.03.07 15:37:22 | 000,114,544 | ---- | M] () -- C:\Windows\System32\GDIPFONTCACHEV1.DAT
[2010.03.04 14:28:51 | 402,424,664 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.02.28 12:28:28 | 000,497,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\drivers\kbdqquj.sys
[2010.02.28 12:28:27 | 000,458,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wineqd.dll

========== Files Created - No Company Name ==========

[2010.03.27 23:30:15 | 000,024,307 | ---- | C] () -- C:\Users\Julius\Desktop\doodle_jump_icon.jpg
[2010.03.27 21:28:04 | 000,001,754 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2010.03.27 19:36:51 | 000,108,059 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2010.03.27 19:36:51 | 000,095,259 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2010.03.27 19:35:50 | 002,906,656 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.dat
[2010.03.27 19:35:50 | 000,868,384 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox2.dat
[2010.03.27 19:35:50 | 000,025,660 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox.idx
[2010.03.27 19:35:50 | 000,005,096 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox2.idx
[2010.03.26 19:46:43 | 000,309,777 | ---- | C] () -- C:\Users\Julius\Desktop\wallpaper170.jpe.jpg
[2010.03.23 23:00:49 | 000,030,352 | ---- | C] () -- C:\Users\Julius\Desktop\30700-115040_Austria_Panda_Baby_VIE101.jpg
[2010.03.19 18:52:20 | 000,012,589 | ---- | C] () -- C:\Users\Julius\Desktop\Einleitung Projekt.docx
[2010.03.17 22:43:17 | 000,020,153 | ---- | C] () -- C:\Users\Julius\Desktop\panda3.jpg
[2010.03.04 14:28:51 | 402,424,664 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.02.14 13:01:47 | 001,970,176 | ---- | C] () -- C:\Windows\System32\d3dx9.dll
[2010.01.15 19:33:42 | 000,000,072 | ---- | C] () -- C:\Windows\EurekaLog.ini
[2009.12.26 13:21:43 | 000,000,076 | ---- | C] () -- C:\Windows\Atlas.INI
[2009.11.24 17:33:53 | 000,000,046 | ---- | C] () -- C:\Windows\xmasbaby.ini
[2009.11.15 22:19:52 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.11.08 21:38:34 | 001,053,056 | ---- | C] () -- C:\Windows\System32\drivers\CAMTHWDM.sys
[2009.09.08 18:56:23 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009.08.07 10:26:34 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.08.07 10:26:34 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.06.30 19:02:26 | 000,081,408 | ---- | C] () -- C:\Windows\System32\drivers\SSHDRV86.sys
[2009.06.06 14:11:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.05.09 21:02:26 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.05.04 18:35:58 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.04.21 09:55:33 | 000,000,228 | ---- | C] () -- C:\Users\Julius\AppData\Roaming\wklnhst.dat
[2009.04.13 14:37:29 | 000,058,163 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009.04.10 17:27:15 | 000,033,280 | ---- | C] () -- C:\Users\Julius\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.09 22:33:53 | 000,003,536 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe2.log
[2009.04.09 22:33:31 | 000,001,356 | ---- | C] () -- C:\Users\Julius\AppData\Local\d3d9caps.dat
[2009.04.08 18:23:49 | 000,008,403 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008.10.24 12:21:06 | 000,147,030 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.10.24 12:21:01 | 000,147,030 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.10.24 12:06:08 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2008.10.24 12:06:08 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.05.16 04:24:58 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.04.01 10:39:14 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.04.01 10:39:14 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.04.01 10:14:24 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2008.04.01 10:09:50 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.04.01 09:59:39 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2007.03.12 18:59:00 | 000,299,008 | ---- | C] () -- C:\Program Files\navigram_register.exe
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 186 bytes -> C:\ProgramData\TEMPFC5A2B2
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:6B803FAA
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\X:@Epctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\x:@Epctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\:@Epctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\t:@Epctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\Pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\:@Epctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\fwp:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\d:@Xpctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\:@Epctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\:@Epctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\:@Epctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\:pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\0:3pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\:@Epctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\ctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\`~:wpctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\:@Epctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32\ :@Epctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32:YwzwYw[t,pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32:YVwzXwYVwZupctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32:YwzwYw Fwhpctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32:YOwzQwYOwFv,pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32:YOwzQwYOw*vDpctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32:YwzwYwL+pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32:YgwziwYgwЗupctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32:YvzvYv>4u4pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32:YwzwYw7upctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32:YwzwYwpctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32:YwzwYw9v(pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32:YwzwYwv~pctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32:YwzwYwmtpctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32:YwzwYw7Ovpctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32:Ywpctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32:YwzwYwupctlsp.log
@Alternate Data Stream - 142 bytes -> C:\Windows\System32:Y}wzwY}wZgupctlsp.log
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:1CA73D29
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:8173A019
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:2B99FE60
< End of report >
__________________

Alt 28.03.2010, 12:32   #4
myrtille
/// TB-Ausbilder
 
Tr/Agent.ruo in: C\Windows\System32\wineqd.dll - Standard

Tr/Agent.ruo in: C\Windows\System32\wineqd.dll



Hi,

Kannst du bitt einen Scan mit GMER machen und folgende Dateien bei Virustotal hochladen:

Dateien Online berprfen lassen:
  • Suche die Seite Virtustotal auf, klicke auf den Button Durchsuchen und suche folgende Datei/Dateien:
Code:
ATTFilter
C:\Windows\System32\drivers\kbdqquj.sys
C:\Windows\System32\wineqd.dll
         
  • Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
  • Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag einfgen.
  • Wichtig: Auch die Grenangabe sowie den HASH mit kopieren!

MfG myrtille
__________________
Anfragen per Email, Profil- oder privater Nachricht werden ignoriert!
Hilfe gibts NUR im Forum!


Wer nach 24 Stunden keine weitere Antwort von mir bekommen hat, schickt bitte eine PM

Spelling mistakes? Never, but keybaord malfunctions constantly!

Antwort

Themen zu Tr/Agent.ruo in: C\Windows\System32\wineqd.dll
adobe, akamai, antivir guard, ask toolbar, ask.com, autorun, avgnt.exe, avira, bho, browser, desktop, desktop.ini, diagnostics, eraser, firefox, gupdate, helper, home, home premium, internet, internet explorer, local\temp, logfile, malware, mozilla, nt.dll, pdfcreator, programdata, registry, registry key, senden, server, shortcut, siteadvisor, software, start menu, sweetim, system, systray, tr/agent.ruo, trojaner, tunnel, vista, windows, windows vista home, wineqd.dll



hnliche Themen: Tr/Agent.ruo in: C\Windows\System32\wineqd.dll


  1. TR/Agent.ruo in C:\Windows\system32\ntnmdm.dll
    Plagegeister aller Art und deren Bekmpfung - 31.05.2010 (55)
  2. Drop.Agent.amh in C:\Windows\System32\help.txt
    Plagegeister aller Art und deren Bekmpfung - 15.05.2010 (2)
  3. TR/Agent.ruo C:\Windows\System32\ntnzwdg.dll
    Plagegeister aller Art und deren Bekmpfung - 15.04.2010 (23)
  4. TR/Agent.RUO.3 in der Datei 'C:\Windows\System32\wineon.dll' und DR/Agent.ruo ...
    Plagegeister aller Art und deren Bekmpfung - 14.04.2010 (6)
  5. TR/Agent.ruo in C:\Windows\system32\ntnluj.dll
    Plagegeister aller Art und deren Bekmpfung - 08.04.2010 (9)
  6. TR/Agent.ruo in C:/WINDOWS/System32/winevpn.dll
    Plagegeister aller Art und deren Bekmpfung - 07.04.2010 (32)
  7. TR/Agent.RUO.4 in 'C:\Windows\System32\d3dshtr.dll'
    Plagegeister aller Art und deren Bekmpfung - 03.04.2010 (11)
  8. TR/Agent.ruo in C:\Windows\system32\winepnb.dll
    Mlltonne - 01.04.2010 (1)
  9. TR/Agent.ruo in in C:\Windows\system32\d3dsnpq.dll
    Plagegeister aller Art und deren Bekmpfung - 31.03.2010 (10)
  10. Antivir: Tr/Agent.ruo in C:\Windows\System32\wineqd.dll
    Plagegeister aller Art und deren Bekmpfung - 30.03.2010 (37)
  11. tr/agent.ruo in C:\Windows\System32\winexxqd.dll
    Plagegeister aller Art und deren Bekmpfung - 30.03.2010 (10)
  12. TR/Agent.ruo in Windows System32 d3dszdmd.dll
    Plagegeister aller Art und deren Bekmpfung - 29.03.2010 (3)
  13. TR/Agent.ruo C:\WINDOWS\system32\ntnbk.dll
    Plagegeister aller Art und deren Bekmpfung - 29.03.2010 (1)
  14. TR/Agent.ruo C:\WINDOWS\system32\ntnaeu.dll
    Plagegeister aller Art und deren Bekmpfung - 29.03.2010 (26)
  15. TR/Agent.ruo in in C:\Windows\system32\wineayy.dll
    Plagegeister aller Art und deren Bekmpfung - 29.03.2010 (4)
  16. TR/Agent.ruo in C:\Windows\System32\d3dsmnpb.dll
    Plagegeister aller Art und deren Bekmpfung - 29.03.2010 (2)
  17. TR/agent.ruo in C:WINDOWS\System32\ntnyjop.dll
    Plagegeister aller Art und deren Bekmpfung - 29.03.2010 (1)

Zum Thema Tr/Agent.ruo in: C\Windows\System32\wineqd.dll - Hallo, Seit ca. 1 Stunde erscheint, sobald ich Mozilla Firefox starte, eine Meldung meines Antivir-Programms. Ich habe im Thread unter mir bereits einen hnlichen Beitrag gelesen, jedoch ist der Trojaner - Tr/Agent.ruo in: C\Windows\System32\wineqd.dll...
Archiv
Du betrachtest: Tr/Agent.ruo in: C\Windows\System32\wineqd.dll auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.