Trojaner-Board
Seite 1 von 4 1 23 Letzte »
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   5O euro Trojaner (https://www.trojaner-board.de/111349-5o-euro-trojaner.html)

reggie 12.03.2012 19:06
5O euro Trojaner
 
Guten Tag habe mir heute Morgen diesen 50ig Euro Trojaner eingefangen, der Angeblich von Avira und Kapersky ist und den Computer sperrt wegen Sicherheitgefährdenter Internetseiten die besucht wurden..

Hab jetzt mal Hijackthis durchlaufen lassen.

Genau wie Malewarebytes.

IM Systemstart hatten sich zwei Programme eingeschlichen! Einmal eine Skype exe, die ich gleich gelöscht habe.
Das andere Programm hat Chinesische Schriftzeichen, auch der Ort ist in Chinesisch so das ich nicht weis wo genau es liegt...

Nunja ich hänge jetzt mal die Logfiles an:

Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:27:42, on 12.03.2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\mobsync.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Common Files\aol\1189262390\ee\aolsoftware.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\aol\aol toolbar 4.0\AolTbServer.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\Macromed\Flash\FlashUtil11f_ActiveX.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Heiko\Downloads\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/su/*hxxp://de.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 115.108.177.230:1080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - (no file)
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Windows\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1189262390\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: &AOL Toolbar-Suche - c:\program files\aol\aol toolbar 4.0\resources\de-DE\local\search.html
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Avira Planer (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Echtzeit Scanner (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Syntek STK1150 Service (StkASSrv) - Syntek America Inc. - C:\Windows\System32\StkASv2K.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\Windows\wanmpsvc.exe

--
End of file - 9119 bytes
Erstes Malewarebytes Log mit funden:

Code:
Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.12.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Heiko :: HEIKO-PC [Administrator]

Schutz: Aktiviert

12.03.2012 17:48:37
mbam-log-2012-03-12 (17-48-37).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 175212
Laufzeit: 7 Minute(n), 45 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 9
HKCU\SOFTWARE\MSupdate (Backdoor.CEP) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\MSupdate (Backdoor.CEP) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{77D6DDFA-7834-4541-B2B3-A8B0FB0E3924} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\ToolBand.XTTBPos00.1 (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\ToolBand.XTTBPos00 (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 1
HKCR\regfile\shell\open\command| (Broken.OpenCommand) -> Bösartig: ("regedit.exe" "%1") Gut: (regedit.exe "%1") -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Program Files\ICQToolbar\toolbaru.dll (Trojan.BHO) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Zweites LOG ohne Funde:

Code:
Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.12.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Heiko :: HEIKO-PC [Administrator]

Schutz: Aktiviert

12.03.2012 18:09:16
mbam-log-2012-03-12 (18-09-16).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 175495
Laufzeit: 8 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Habe das alles ohne dieses Bord durchgeführt, da ich es nicht kannte...
Wollte jetzt mal wissen ob alles wieder sauber ist, oder ich weitere Schritte erledigen muss?

gruß reggie

reggie 12.03.2012 19:18
Hier mal ein Screenshot, der im Systemstart befindlichen programme, das Skype habe ich bereits gelöscht...
http://img6.imagebanana.com/img/5tla...ystemstart.jpg

Zudem hatten sich zur gleichen Urzeit als mein Pc gesperrt wurde einige Programme erstellt, die ich sofort gelöscht habe.
Anbei ein Screenshot davon:

http://img6.imagebanana.com/img/e00vbz03/HeavyW.jpg

cosinus 12.03.2012 20:08
Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

reggie 12.03.2012 20:36
Hier erstmal das Malewarebytes Log, vorherige habe ich ja oben schon gepostet!

Code:
Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.12.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Heiko :: HEIKO-PC [Administrator]

Schutz: Aktiviert

12.03.2012 20:25:44
mbam-log-2012-03-12 (20-25-44).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 176028
Laufzeit: 7 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
So jetzt mache ich das mit dem eset!

cosinus 12.03.2012 20:40
Du solltest einen Vollscan mti Malwarebytes machen und keinen Quickscan!

reggie 12.03.2012 23:43
Sorry nochmal Malwarebytes
Code:
Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.12.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Heiko :: HEIKO-PC [Administrator]

Schutz: Aktiviert

12.03.2012 22:34:29
mbam-log-2012-03-12 (22-34-29).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 311621
Laufzeit: 1 Stunde(n), 2 Minute(n), 50 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Dann ESET, da wurde was gefunden!

Code:
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=32186a663c6ffd4f922973b38a60cb57
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-12 09:33:10
# local_time=2012-03-12 10:33:10 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=1792 16777215 100 0 12972637 12972637 0 0
# compatibility_mode=5892 16776573 100 100 13628 169114303 0 0
# compatibility_mode=8192 67108863 100 0 4941 4941 0 0
# scanned=162121
# found=3
# cleaned=0
# scan_time=6414
C:\Program Files\FoxTabAVIConverter\AviConverter.exe        a variant of Win32/InstallCore.A application (unable to clean)        00000000000000000000000000000000        I
C:\Users\Heiko\AppData\Local\Temp\Main.class        Java/TrojanDownloader.Agent.NDQ trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\Heiko\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14\5440888e-4b461876        Java/Agent.EE trojan (unable to clean)        00000000000000000000000000000000        I

reggie 13.03.2012 11:09
Hab schonmal OTL drüberlaufen lassen:

Code:
OTL logfile created on: 13.03.2012 10:30:50 - Run 1
OTL by OldTimer - Version 3.2.36.3    Folder = C:\Users\*****\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
893,77 Mb Total Physical Memory | 239,13 Mb Available Physical Memory | 26,76% Memory free
2,16 Gb Paging File | 0,47 Gb Available in Paging File | 21,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 113,20 Gb Total Space | 24,33 Gb Free Space | 21,49% Space Free | Partition Type: NTFS
Drive D: | 112,85 Gb Total Space | 6,22 Gb Free Space | 5,52% Space Free | Partition Type: NTFS
Drive J: | 3,73 Gb Total Space | 1,24 Gb Free Space | 33,14% Space Free | Partition Type: FAT32
 
Computer Name: ***** | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil11f_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\System32\iashost.exe (Microsoft Corporation)
PRC - c:\Programme\AOL\AOL Toolbar 4.0\AolTbServer.exe (AOL LLC)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
PRC - C:\Windows\System32\SysMonitor.exe ()
PRC - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
PRC - C:\Programme\Common Files\aol\acs\AOLacsd.exe (AOL LLC)
PRC - C:\Programme\Common Files\aol\1189262390\ee\aolsoftware.exe (America Online, Inc.)
PRC - C:\Windows\System32\StkASv2K.exe (Syntek America Inc.)
PRC - C:\Programme\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
PRC - C:\Windows\wanmpsvc.exe (America Online, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\8b5f54e3b382fc1720c76557ef8c8bc3\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d0cf808e33a5123b33010b933d3b1597\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\2598077ccea480c6120d3a1ad4455be0\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - c:\Programme\AOL\AOL Toolbar 4.0\apopup.dll ()
MOD - C:\Acer\Empowering Technology\ePerformance\de\ePerformance.Plugin.resources.dll ()
MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Plugin.dll ()
MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Presenter.dll ()
MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Library.dll ()
MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.dll ()
MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.Interface.dll ()
MOD - C:\Acer\Empowering Technology\MemCheck.Interface.dll ()
MOD - C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Windows\System32\SysMonitor.exe ()
MOD - C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll ()
MOD - C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll ()
MOD - C:\Acer\Empowering Technology\eDataSecurity\eDSplugin.dll ()
MOD - C:\Windows\System32\ShowErrMsg.dll ()
MOD - C:\Programme\ICQLite\ICQLiteShell.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
SRV - (StkASSrv) -- C:\Windows\System32\StkASv2K.exe (Syntek America Inc.)
SRV - (WANMiniportService) WAN Miniport (ATW) -- C:\Windows\wanmpsvc.exe (America Online, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) --  File not found
DRV - (NwlnkFlt) --  File not found
DRV - (IpInIp) --  File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (s1018mdm) -- C:\Windows\System32\drivers\s1018mdm.sys (MCCI Corporation)
DRV - (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) -- C:\Windows\System32\drivers\s1018unic.sys (MCCI Corporation)
DRV - (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s1018mgmt.sys (MCCI Corporation)
DRV - (s1018obex) -- C:\Windows\System32\drivers\s1018obex.sys (MCCI Corporation)
DRV - (s1018bus) Sony Ericsson Device 1018 driver (WDM) -- C:\Windows\System32\drivers\s1018bus.sys (MCCI Corporation)
DRV - (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) -- C:\Windows\System32\drivers\s1018nd5.sys (MCCI Corporation)
DRV - (s1018mdfl) -- C:\Windows\System32\drivers\s1018mdfl.sys (MCCI Corporation)
DRV - (RT73) -- C:\Windows\System32\drivers\Dr71WU.sys (Ralink Technology, Corp.)
DRV - (StkTMini) -- C:\Windows\System32\drivers\StkTMini.sys (Syntek)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (StkAMini) -- C:\Windows\System32\drivers\StkAMini.sys (Syntek America Inc.)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (StkScan) -- C:\Windows\System32\drivers\StkScan.sys (Syntek America Inc.)
DRV - (ZD1211U(WLAN)) WLAN ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(WLAN) -- C:\Windows\System32\drivers\ZD1211U.sys (ZyDAS Technology Corporation)
DRV - (AVMUNET) -- C:\Windows\System32\drivers\avmunet.sys (AVM GmbH)
DRV - (wanatw) WAN Miniport (ATW) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://google.icq.com/search/search_frame.php
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - No CLSID value found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = hxxp://suche.aol.de/suche/web/search.jsp?q={searchTerms}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{83DC1FFC-A4AA-484B-A9FB-88E10FD89DB7}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 115.108.177.230:1080
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.2.20080910
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: afurladvisor@anchorfree.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.09 09:10:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.02 13:07:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.23 08:00:19 | 000,000,000 | ---D | M]
 
[2009.01.12 12:25:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heiko\AppData\Roaming\mozilla\Extensions
[2012.02.01 19:04:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heiko\AppData\Roaming\mozilla\Firefox\Profiles\l1fkkb7w.default\extensions
[2009.09.16 12:14:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Heiko\AppData\Roaming\mozilla\Firefox\Profiles\l1fkkb7w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.02.01 19:04:43 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Heiko\AppData\Roaming\mozilla\Firefox\Profiles\l1fkkb7w.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.02.23 07:51:35 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-1.xml
[2009.06.01 18:29:41 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-10.xml
[2009.08.25 19:40:49 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-11.xml
[2009.11.08 17:14:11 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-12.xml
[2009.11.27 21:11:32 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-13.xml
[2009.12.18 13:24:03 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-14.xml
[2010.01.06 19:01:48 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-15.xml
[2010.02.18 20:07:52 | 000,000,961 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-16.xml
[2010.03.11 20:53:37 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-17.xml
[2010.03.23 20:20:17 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-18.xml
[2010.04.03 22:19:05 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-19.xml
[2007.10.28 12:52:31 | 000,000,949 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-2.xml
[2010.06.24 20:28:21 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-20.xml
[2010.06.28 16:39:24 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-21.xml
[2010.07.24 16:18:14 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-22.xml
[2010.07.26 19:02:40 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-23.xml
[2010.09.09 17:13:36 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-24.xml
[2010.09.16 19:11:59 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-25.xml
[2010.10.24 08:51:32 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-26.xml
[2010.10.30 10:12:17 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-27.xml
[2011.01.02 14:42:46 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-28.xml
[2011.03.10 21:06:58 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-29.xml
[2007.11.24 12:18:49 | 000,000,949 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-3.xml
[2008.04.16 19:19:24 | 000,000,949 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-4.xml
[2008.04.17 08:21:05 | 000,000,949 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-5.xml
[2008.12.23 20:02:07 | 000,000,949 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-6.xml
[2009.01.12 12:25:55 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-7.xml
[2009.01.12 12:46:16 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-8.xml
[2009.02.05 10:26:28 | 000,000,950 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-9.xml
[2009.06.07 13:21:06 | 000,000,944 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin.xml
[2012.02.17 12:06:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.06.11 10:52:25 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.02.02 13:07:18 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2006.08.09 11:16:08 | 000,030,408 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npWebLaunch.dll
[2012.02.02 13:07:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.02 13:07:13 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.02 13:07:13 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.02 13:07:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.02 13:07:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.02 13:07:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.12.21 11:13:20 | 000,430,000 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 127.0.0.1        babe.the-killer.bz
O1 - Hosts: 127.0.0.1        www.babe.the-killer.bz
O1 - Hosts: 127.0.0.1        babe.k-lined.com
O1 - Hosts: 127.0.0.1        www.babe.k-lined.com
O1 - Hosts: 127.0.0.1        did.i-used.cc
O1 - Hosts: 127.0.0.1        www.did.i-used.cc
O1 - Hosts: 127.0.0.1        coolwwwsearch.com
O1 - Hosts: 127.0.0.1        www.coolwwwsearch.com
O1 - Hosts: 127.0.0.1        coolwebsearch.com
O1 - Hosts: 127.0.0.1        www.coolwebsearch.com
O1 - Hosts: 127.0.0.1        hi.studioaperto.net
O1 - Hosts: 127.0.0.1        www.hi.studioaperto.net
O1 - Hosts: 127.0.0.1        wazzupnet.com
O1 - Hosts: 127.0.0.1        www.wazzupnet.com
O1 - Hosts: 127.0.0.1        gueb.com
O1 - Hosts: 127.0.0.1        www.gueb.com
O1 - Hosts: 127.0.0.1        kabex.com
O1 - Hosts: 127.0.0.1        www.kabex.com
O1 - Hosts: 127.0.0.1        hityou.com
O1 - Hosts: 127.0.0.1        www.hityou.com
O1 - Hosts: 127.0.0.1        miosearch.com
O1 - Hosts: 127.0.0.1        www.miosearch.com
O1 - Hosts: 127.0.0.1        blue-elefant.com
O1 - Hosts: 14814 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Windows\System32\SysMonitor.exe ()
O4 - HKLM..\Run: [Acer Tour]  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [HostManager] C:\Programme\Common Files\aol\1189262390\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [捁牥吠畯r]  File not found
O8 - Extra context menu item: &AOL Toolbar-Suche - c:\Programme\AOL\AOL Toolbar 4.0\resources\de-DE\local\search.html ()
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E6B5357-A9D8-4C32-84DC-42ABD529A336}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A1050BE-A6CF-481B-BE23-A0A8E208FAFA}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50BB292F-60ED-4692-A710-424913D3F639}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A2DEC78-CAD0-46D4-A487-F50F0959DFBA}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D6A2FB18-98AD-4E0F-9662-5F975372D5FB}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DFA4E1FF-BFBB-4316-A7ED-DB5B3C572165}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\*****\Desktop\DSC00303.JPG
O24 - Desktop BackupWallPaper: C:\Users\*****\Desktop\DSC00303.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0c5dc34a-3da7-11df-8706-00040e10bcda}\Shell - "" = AutoRun
O33 - MountPoints2\{0c5dc34a-3da7-11df-8706-00040e10bcda}\Shell\AutoRun\command - "" = J:\Startme.exe
O33 - MountPoints2\{419d7449-eec1-11dc-9c12-00040e10bcda}\Shell - "" = AutoRun
O33 - MountPoints2\{419d7449-eec1-11dc-9c12-00040e10bcda}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.13 00:06:48 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\Heiko\Desktop\OTL.exe
[2012.03.12 20:23:54 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.03.12 17:37:38 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes
[2012.03.12 17:37:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.12 17:37:31 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.03.12 17:37:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.12 17:37:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.12 17:36:51 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Heiko\Documents\mbam-setup-1.60.1.1000.exe
[2012.02.27 11:36:17 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.02.23 07:55:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.02.17 03:01:29 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.02.17 03:01:26 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.02.17 03:01:24 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.02.17 03:01:24 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.02.17 03:01:24 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.02.17 03:01:18 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.02.16 09:45:06 | 002,044,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.13 10:01:15 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.13 10:01:15 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.13 00:06:49 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2012.03.12 18:26:25 | 000,204,800 | ---- | M] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.12 18:01:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.12 18:01:06 | 937,943,040 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.12 17:46:30 | 000,002,078 | ---- | M] () -- C:\Users\*****\Documents\cc_20120312_174619.reg
[2012.03.12 17:37:32 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.12 17:34:38 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Heiko\Documents\mbam-setup-1.60.1.1000.exe
[2012.03.12 13:36:37 | 000,000,680 | ---- | M] () -- C:\Users\*****\AppData\Local\d3d9caps.dat
[2012.03.12 13:34:13 | 000,002,228 | ---- | M] () -- C:\Users\*****\Documents\cc_20120312_133407.reg
[2012.03.06 00:00:35 | 000,000,104 | ---- | M] () -- C:\Users\*****\Desktop\Papierkorb - Verknüpfung.lnk
[2012.03.03 22:39:37 | 000,432,883 | ---- | M] () -- C:\Users\*****\Documents\todesminen.pdf
[2012.03.02 22:12:22 | 000,628,210 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.02 22:12:22 | 000,595,308 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.02 22:12:22 | 000,126,850 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.02 22:12:22 | 000,104,742 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.27 14:39:03 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.02.27 11:50:20 | 000,257,668 | ---- | M] () -- C:\Users\*****\Documents\cc_20120227_114646.reg
[2012.02.27 11:36:20 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.02.23 10:56:05 | 000,000,407 | ---- | M] () -- C:\Users\*****\AppData\Roaming\Checksum.ini
[2012.02.23 09:18:36 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012.02.23 08:00:19 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.02.23 07:48:48 | 000,000,152 | ---- | M] () -- C:\Users\Public\Documents\AcRdB7_1_0.sta
[2012.02.17 03:24:38 | 000,270,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.02.15 19:57:52 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.12 17:46:23 | 000,002,078 | ---- | C] () -- C:\Users\*****\Documents\cc_20120312_174619.reg
[2012.03.12 17:41:03 | 937,943,040 | -HS- | C] () -- C:\hiberfil.sys
[2012.03.12 17:37:32 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.12 13:36:37 | 000,000,680 | ---- | C] () -- C:\Users\*****\AppData\Local\d3d9caps.dat
[2012.03.12 13:34:11 | 000,002,228 | ---- | C] () -- C:\Users\*****\Documents\cc_20120312_133407.reg
[2012.03.06 00:00:35 | 000,000,104 | ---- | C] () -- C:\Users\*****\Desktop\Papierkorb - Verknüpfung.lnk
[2012.03.03 22:39:36 | 000,432,883 | ---- | C] () -- C:\Users\*****\Documents\todesminen.pdf
[2012.02.27 11:46:52 | 000,257,668 | ---- | C] () -- C:\Users\*****\Documents\cc_20120227_114646.reg
[2012.02.27 11:36:20 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.02.23 10:11:49 | 000,000,407 | ---- | C] () -- C:\Users\*****\AppData\Roaming\Checksum.ini
[2012.02.23 08:00:19 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.02.23 08:00:19 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.02.23 07:46:36 | 000,000,152 | ---- | C] () -- C:\Users\Public\Documents\AcRdB7_1_0.sta
[2011.10.30 21:15:03 | 000,001,059 | ---- | C] () -- C:\Users\*****\AppData\Roaming\DVDSubEdit.ini
[2011.10.08 15:33:30 | 000,000,232 | ---- | C] () -- C:\Windows\reimage.ini
[2011.03.27 16:28:44 | 000,000,120 | ---- | C] () -- C:\Users\*****\AppData\Roaming\FixVTS.ini
[2011.03.11 21:28:15 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.03.11 21:28:14 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.01.31 18:33:46 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.01.31 17:25:07 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2010.11.12 08:17:01 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
 
========== LOP Check ==========
 
[2012.02.11 16:53:14 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DVDVideoSoft
[2010.08.05 19:43:13 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ICQ
[2007.09.14 17:42:35 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ICQLite
[2011.02.03 10:40:36 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Local
[2011.08.15 15:39:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\mkvtoolnix
[2011.08.06 17:10:16 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\OpenOffice.org
[2010.01.19 15:11:27 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Ulead Systems
[2012.03.12 17:59:20 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:59756FA4

< End of report >
Code:
OTL Extras logfile created on: 13.03.2012 10:30:50 - Run 1
OTL by OldTimer - Version 3.2.36.3    Folder = C:\Users\*****\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
893,77 Mb Total Physical Memory | 239,13 Mb Available Physical Memory | 26,76% Memory free
2,16 Gb Paging File | 0,47 Gb Available in Paging File | 21,68% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 113,20 Gb Total Space | 24,33 Gb Free Space | 21,49% Space Free | Partition Type: NTFS
Drive D: | 112,85 Gb Total Space | 6,22 Gb Free Space | 5,52% Space Free | Partition Type: NTFS
Drive J: | 3,73 Gb Total Space | 1,24 Gb Free Space | 33,14% Space Free | Partition Type: FAT32
 
Computer Name: ***** | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{16151656-9479-4499-BCD3-9F6C1AD4342E}" = lport=445 | protocol=6 | dir=in | app=system |
"{298DE6E7-3231-4C5A-A81D-DC5FDA973A93}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{32E642EF-FB93-48F7-80B3-9E735281D31F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{48BDE921-305C-47C7-B4FF-B80D8745126C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5BF891C3-24C6-4C71-898E-3ACB9BF5840F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5D3F6CD5-180C-4F2E-896E-83FB24162273}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8022DD7C-CE5D-426A-87DD-D4B2119CF848}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{91886A2E-1A55-43D5-BFC5-864A8A35B39E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{99FDF929-22EE-405C-B6DE-C619EC907504}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ABF297D9-7B09-4D95-8770-D920326A13A0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{AC453D09-D81F-45B8-A3EA-B32864A2B3AD}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{B44180F7-47D3-4231-97CE-63B832AEA34A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D6435F4E-F006-4A42-9BE7-5C88E485B80A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{069F99BF-5BC6-4333-96CF-5189FD2A89B0}" = protocol=17 | dir=in | app=c:\program files\avira\antivir desktop\avcenter.exe |
"{0BA27B5E-C54E-4B55-9618-0FF7220DC2D1}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{0D8CAA3C-61EC-4F8B-84D6-0FF4F946314E}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{0E2D3D59-208A-4F74-8768-AEA828F96BFA}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{189089C0-45BC-4C22-8E9B-99E7F58B7175}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{19D9B808-F746-490F-9010-5883CE8F3010}" = protocol=6 | dir=out | app=c:\windows\system32\wudfhost.exe |
"{289CB4E1-815F-462B-BBF0-01C8B3A41583}" = protocol=6 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{3BAD34E0-589E-477B-8533-C815F2FA2DE2}" = protocol=17 | dir=in | app=c:\program files\common files\aol\1189262390\ee\aolsoftware.exe |
"{3FCE4DCC-281E-491C-A583-0B88E5219DE3}" = protocol=6 | dir=in | app=c:\program files\acer zone\acer picture slide dvd\component\clsldvd.exe |
"{44295C03-C6D0-4A29-8F22-49A8955B686A}" = protocol=6 | dir=in | app=c:\program files\acer zone\acer plug and record\component\arawp.exe |
"{4A1B6788-0617-4474-B729-C3EEAADFBE41}" = protocol=17 | dir=in | app=c:\program files\acer zone\acer zone main page\mce deluxe suite.exe |
"{51FB9794-B409-4D6B-B010-D45ABFC64F7C}" = protocol=6 | dir=in | app=c:\program files\avira\antivir desktop\update.exe |
"{57C2586C-D9DE-497E-8FCC-6F3205CF9C02}" = protocol=6 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{5EB1AFD1-FD11-4B97-A213-5BB9CFFE55A8}" = protocol=6 | dir=in | app=c:\program files\common files\aolshare\sysinfo\sinf.exe |
"{69B7054F-D4AD-446E-9B68-D554B3A1608B}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{7010D6F6-5DE2-449A-B50F-6049E4BDAC9E}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{74E03CB3-52EB-46E7-8A9E-A1C0E336C305}" = protocol=6 | dir=in | app=c:\program files\acer zone\acer zone softdma\softdma.exe |
"{818D0CC8-E5FA-44FD-8A36-7818D3ED063C}" = protocol=6 | dir=in | app=c:\program files\acer zone\acer plug and record\component\dvax2process.exe |
"{851A7BF6-39F8-4166-9485-D3EFDE4BC411}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{85FF2D39-4205-4B94-898B-B8E59BD28592}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{8B878FED-2ADC-4CAC-88FD-0C851F0E4FE3}" = protocol=6 | dir=in | app=c:\program files\acer zone\acer zone main page\mce deluxe suite.exe |
"{8CFA3349-1CA8-4B62-AB71-3C92430D8F33}" = protocol=6 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{929FC9C6-7FEF-4662-8A9E-6D4E50AC1E49}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{93435471-75BE-41BE-86FA-2F6C73383396}" = protocol=17 | dir=in | app=c:\program files\acer zone\acer picture slide dvd\component\clsldvd.exe |
"{A157887B-BA1E-4497-B0A7-E222E8F96B68}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{A6650730-BF1E-4DA8-92E8-2B39CB1BA187}" = protocol=17 | dir=in | app=c:\program files\acer zone\acer zone softdma\softdma.exe |
"{AED97BBD-4321-4309-85D2-D46B5763C9B3}" = protocol=17 | dir=in | app=c:\program files\acer zone\acer plug and record\component\dvax2process.exe |
"{B36F4AFD-4062-439B-84C4-C02240E9F018}" = protocol=17 | dir=in | app=c:\program files\aol 9.0 vr\waol.exe |
"{B3A2DD6D-AFF4-444B-A593-11AB7A35892B}" = protocol=6 | dir=out | app=system |
"{BB37C231-A786-47EA-8438-36A33C9A8792}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{BD4E8989-BEDD-4249-85C2-4576D5255BFF}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{BFCCAF4B-933C-46A3-84AE-AA72E799E049}" = protocol=17 | dir=in | app=c:\program files\avira\antivir desktop\update.exe |
"{BFFEBCDE-26F8-4811-B203-57C6349541F5}" = protocol=17 | dir=in | app=c:\program files\common files\aolshare\sysinfo\sinf.exe |
"{C9A96EFA-49BD-4AC7-9C4D-A4465F16DC10}" = protocol=17 | dir=in | app=c:\program files\acer zone\acer plug and record\component\arawp.exe |
"{D0C3F5EE-6AFC-42A4-BBE6-46AC0819FF87}" = protocol=17 | dir=in | app=c:\program files\common files\aol\topspeed\3.0\aoltpsd3.exe |
"{D2BE195C-11FC-47DE-BEDA-6D8F40D35AEA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{D57FD54A-A2B4-471C-8482-BB6BEDAE0451}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{D75F59BE-0A40-4DA3-9D89-18A5C60DB45C}" = protocol=6 | dir=in | app=c:\program files\common files\aol\1189262390\ee\aolsoftware.exe |
"{E06555F5-0FC7-4538-9BE3-3F21CCCFFD35}" = protocol=17 | dir=in | app=c:\program files\common files\aol\acs\aoldial.exe |
"{E07A494A-2AA0-41AD-8F9A-28E4418E8846}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{ECCFCF74-C86A-43FE-B2FB-30AC2969F788}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{F0A04DF1-63B0-484F-BB50-054AADCE47B4}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{F150FF19-3D43-475A-A3C2-D0DCA6414F4E}" = protocol=17 | dir=in | app=c:\program files\common files\aol\system information\sinf.exe |
"{F1CCE602-48B7-47BC-ABD8-21B6CC8A7342}" = protocol=6 | dir=in | app=c:\program files\common files\aol\acs\aolacsd.exe |
"{F5BEA71C-8E7A-4B05-A227-FC86467E35CE}" = protocol=6 | dir=in | app=c:\program files\avira\antivir desktop\avcenter.exe |
"TCP Query User{13DDBAA0-1B59-4783-B578-EF34F5A49914}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{24335CC3-74DD-4ACC-BF8B-E4FF54FE7B86}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{07C542AB-7B93-49D7-828C-EB41F1261964}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{E27EEA51-3D30-4A90-B878-5F0E016A3D3B}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 26
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{3C873221-12B9-475D-8DCB-62D0B2179AF9}" = USB2.0 ATV
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer Picture Slide DVD
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{43602F34-1AA3-44FB-AEB2-D08C2C73743F}" = Paint.NET v3.36
"{44CDBD1B-89FB-4E02-8319-2A4C550F664A}" = RTC Client API v1.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{6E65247F-58F9-41CA-BE69-0316F7907170}" = Disc2Phone
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{847CAE64-4CD2-4B2D-AF00-978FF5431031}" = Nero 7
"{90840407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{90AF0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{94F5A370-E9E0-E543-E33D-BB80C25967B9}" = ATI Catalyst Control Center Ex
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer Zone SoftDMA
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{AEEAE013-92F1-4515-B278-139F1A692A35}" = Acer eDataSecurity Management
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer Zone MakeDisk
"{B1914510-38B5-4835-83D8-A188073E542F}" = Cheetah Audio Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe  1.4.124.1
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Zone Main Page
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony Ericsson PC Companion 1.60.13
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer Plug and Record
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer Zone MagicDirector
"ActualCoach Bundesliga Manager_is1" = ActualCoach Bundesliga Manager 2.32
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AOL Deinstallation" = AOL Deinstallation
"AOL Installations-Manager" = AOL Installations-Manager
"AOL Toolbar 4.0" =
"AOL YGP Screensaver" = AOL Meine Fotos Bildschirmschoner
"AVIedit 3.39" = AVIedit 3.39
"Avira AntiVir Desktop" = Avira Free Antivirus
"CCleaner" = CCleaner
"Collab" = Collab
"DivX Setup" = DivX-Setup
"DVD Shrink_is1" = DVD Shrink 3.2
"DVDFab" = DVDFab (remove only)
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow v1.1.3721 [2011-01-07]
"FL Studio 7" = FL Studio 7
"Free Video to DVD Converter_is1" = Free Video to DVD Converter version 1.6.22.804
"ICQToolbar" = ICQ Toolbar
"IL Download Manager" = IL Download Manager
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"Intelore - RAR Password Recovery" = RAR Password Recovery v1.1 RC17 (remove only)
"JDownloader" = JDownloader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MKVtoolnix" = MKVtoolnix 4.9.0
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"MPEG AVI DVD Cutter 1" = MPEG AVI DVD Cutter 1
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"Native Instruments Limelite Solo" = Native Instruments Limelite Solo
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SubtitleCreator" = SubtitleCreator
"ViewpointMediaPlayer" = Viewpoint Media Player
"VobSub" = VobSub v2.23 (Remove Only)
"WinRAR archiver" = WinRAR
"x264vfw" = x264vfw - H.264/MPEG-4 AVC codec (remove only)
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Yahoo! Toolbar" = Yahoo! Toolbar
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >

cosinus 13.03.2012 17:07
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

reggie 13.03.2012 17:10
Vielen, vielen dank dass du mich meiner annimst! Werde ich gleich erledigen!!

:daumenhoc

reggie 13.03.2012 17:48
So hier der OTL text:

Code:
OTL logfile created on: 13.03.2012 17:16:42 - Run 2
OTL by OldTimer - Version 3.2.36.3    Folder = C:\Users\Heiko\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
893,77 Mb Total Physical Memory | 417,71 Mb Available Physical Memory | 46,74% Memory free
2,37 Gb Paging File | 0,96 Gb Available in Paging File | 40,26% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 113,20 Gb Total Space | 24,05 Gb Free Space | 21,25% Space Free | Partition Type: NTFS
Drive D: | 112,85 Gb Total Space | 6,22 Gb Free Space | 5,52% Space Free | Partition Type: NTFS
Drive J: | 3,73 Gb Total Space | 1,24 Gb Free Space | 33,14% Space Free | Partition Type: FAT32
 
Computer Name: ***** | User Name: Heiko | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Heiko\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Programme\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Windows\System32\iashost.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
PRC - C:\Windows\System32\SysMonitor.exe ()
PRC - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
PRC - C:\Programme\Common Files\aol\acs\AOLacsd.exe (AOL LLC)
PRC - C:\Windows\System32\StkASv2K.exe (Syntek America Inc.)
PRC - C:\Programme\ATI Technologies\ATI.ACE\CLI.exe (ATI Technologies Inc.)
PRC - C:\Windows\wanmpsvc.exe (America Online, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\8b5f54e3b382fc1720c76557ef8c8bc3\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d0cf808e33a5123b33010b933d3b1597\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\2598077ccea480c6120d3a1ad4455be0\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65450889f3742aada2a6c0cf8e6173e3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\137696d0416b65dbc1561152971488b4\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Acer\Empowering Technology\ePerformance\de\ePerformance.Plugin.resources.dll ()
MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Plugin.dll ()
MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Presenter.dll ()
MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Library.dll ()
MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.dll ()
MOD - C:\Acer\Empowering Technology\ePerformance\ePerformance.Model.Interface.dll ()
MOD - C:\Acer\Empowering Technology\MemCheck.Interface.dll ()
MOD - C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll ()
MOD - C:\Windows\System32\atitmmxx.dll ()
MOD - C:\Windows\System32\SysMonitor.exe ()
MOD - C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll ()
MOD - C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll ()
MOD - C:\Acer\Empowering Technology\eDataSecurity\eDSplugin.dll ()
MOD - C:\Windows\System32\ShowErrMsg.dll ()
MOD - C:\Programme\ICQLite\ICQLiteShell.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)
SRV - (StkASSrv) -- C:\Windows\System32\StkASv2K.exe (Syntek America Inc.)
SRV - (WANMiniportService) WAN Miniport (ATW) -- C:\Windows\wanmpsvc.exe (America Online, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) --  File not found
DRV - (NwlnkFlt) --  File not found
DRV - (IpInIp) --  File not found
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (s1018mdm) -- C:\Windows\System32\drivers\s1018mdm.sys (MCCI Corporation)
DRV - (s1018unic) Sony Ericsson Device 1018 USB Ethernet Emulation (WDM) -- C:\Windows\System32\drivers\s1018unic.sys (MCCI Corporation)
DRV - (s1018mgmt) Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s1018mgmt.sys (MCCI Corporation)
DRV - (s1018obex) -- C:\Windows\System32\drivers\s1018obex.sys (MCCI Corporation)
DRV - (s1018bus) Sony Ericsson Device 1018 driver (WDM) -- C:\Windows\System32\drivers\s1018bus.sys (MCCI Corporation)
DRV - (s1018nd5) Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS) -- C:\Windows\System32\drivers\s1018nd5.sys (MCCI Corporation)
DRV - (s1018mdfl) -- C:\Windows\System32\drivers\s1018mdfl.sys (MCCI Corporation)
DRV - (RT73) -- C:\Windows\System32\drivers\Dr71WU.sys (Ralink Technology, Corp.)
DRV - (StkTMini) -- C:\Windows\System32\drivers\StkTMini.sys (Syntek)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (StkAMini) -- C:\Windows\System32\drivers\StkAMini.sys (Syntek America Inc.)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (StkScan) -- C:\Windows\System32\drivers\StkScan.sys (Syntek America Inc.)
DRV - (ZD1211U(WLAN)) WLAN ZD1211 IEEE 802.11b+g Wireless LAN Driver (USB)(WLAN) -- C:\Windows\System32\drivers\ZD1211U.sys (ZyDAS Technology Corporation)
DRV - (AVMUNET) -- C:\Windows\System32\drivers\avmunet.sys (AVM GmbH)
DRV - (wanatw) WAN Miniport (ATW) -- C:\Windows\System32\drivers\wanatw4.sys (America Online, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://google.icq.com/search/search_frame.php
IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com
IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\..\URLSearchHook: {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - No CLSID value found
IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = hxxp://suche.aol.de/suche/web/search.jsp?q={searchTerms}
IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\..\SearchScopes\{83DC1FFC-A4AA-484B-A9FB-88E10FD89DB7}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 115.108.177.230:1080
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.2.20080910
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: afurladvisor@anchorfree.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@thrixxx.com/WebLaunch: C:\Program Files\thriXXX\WebLaunch\Binaries\npWebLaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@thrixxx.com/WebLaunch: C:\Program Files\thriXXX\WebLaunch\Binaries\npWebLaunch.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.09 09:10:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.02 13:07:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.03.13 10:55:15 | 000,000,000 | ---D | M]
 
[2009.01.12 12:25:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heiko\AppData\Roaming\mozilla\Extensions
[2012.02.01 19:04:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Heiko\AppData\Roaming\mozilla\Firefox\Profiles\l1fkkb7w.default\extensions
[2009.09.16 12:14:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Heiko\AppData\Roaming\mozilla\Firefox\Profiles\l1fkkb7w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.02.01 19:04:43 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Heiko\AppData\Roaming\mozilla\Firefox\Profiles\l1fkkb7w.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.02.23 07:51:35 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-1.xml
[2009.06.01 18:29:41 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-10.xml
[2009.08.25 19:40:49 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-11.xml
[2009.11.08 17:14:11 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-12.xml
[2009.11.27 21:11:32 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-13.xml
[2009.12.18 13:24:03 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-14.xml
[2010.01.06 19:01:48 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-15.xml
[2010.02.18 20:07:52 | 000,000,961 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-16.xml
[2010.03.11 20:53:37 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-17.xml
[2010.03.23 20:20:17 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-18.xml
[2010.04.03 22:19:05 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-19.xml
[2007.10.28 12:52:31 | 000,000,949 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-2.xml
[2010.06.24 20:28:21 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-20.xml
[2010.06.28 16:39:24 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-21.xml
[2010.07.24 16:18:14 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-22.xml
[2010.07.26 19:02:40 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-23.xml
[2010.09.09 17:13:36 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-24.xml
[2010.09.16 19:11:59 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-25.xml
[2010.10.24 08:51:32 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-26.xml
[2010.10.30 10:12:17 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-27.xml
[2011.01.02 14:42:46 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-28.xml
[2011.03.10 21:06:58 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-29.xml
[2007.11.24 12:18:49 | 000,000,949 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-3.xml
[2008.04.16 19:19:24 | 000,000,949 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-4.xml
[2008.04.17 08:21:05 | 000,000,949 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-5.xml
[2008.12.23 20:02:07 | 000,000,949 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-6.xml
[2009.01.12 12:25:55 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-7.xml
[2009.01.12 12:46:16 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-8.xml
[2009.02.05 10:26:28 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-9.xml
[2009.06.07 13:21:06 | 000,000,944 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin.xml
[2012.02.17 12:06:44 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.06.11 10:52:25 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.02.02 13:07:18 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.02 13:07:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.02 13:07:13 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.02 13:07:13 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.02 13:07:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.02 13:07:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.02 13:07:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.12.21 11:13:20 | 000,430,000 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O1 - Hosts: 127.0.0.1        babe.the-killer.bz
O1 - Hosts: 127.0.0.1        www.babe.the-killer.bz
O1 - Hosts: 127.0.0.1        babe.k-lined.com
O1 - Hosts: 127.0.0.1        www.babe.k-lined.com
O1 - Hosts: 127.0.0.1        did.i-used.cc
O1 - Hosts: 127.0.0.1        www.did.i-used.cc
O1 - Hosts: 127.0.0.1        coolwwwsearch.com
O1 - Hosts: 127.0.0.1        www.coolwwwsearch.com
O1 - Hosts: 127.0.0.1        coolwebsearch.com
O1 - Hosts: 127.0.0.1        www.coolwebsearch.com
O1 - Hosts: 127.0.0.1        hi.studioaperto.net
O1 - Hosts: 127.0.0.1        www.hi.studioaperto.net
O1 - Hosts: 127.0.0.1        wazzupnet.com
O1 - Hosts: 127.0.0.1        www.wazzupnet.com
O1 - Hosts: 127.0.0.1        gueb.com
O1 - Hosts: 127.0.0.1        www.gueb.com
O1 - Hosts: 127.0.0.1        kabex.com
O1 - Hosts: 127.0.0.1        www.kabex.com
O1 - Hosts: 127.0.0.1        hityou.com
O1 - Hosts: 127.0.0.1        www.hityou.com
O1 - Hosts: 127.0.0.1        miosearch.com
O1 - Hosts: 127.0.0.1        www.miosearch.com
O1 - Hosts: 127.0.0.1        blue-elefant.com
O1 - Hosts: 14814 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Windows\System32\SysMonitor.exe ()
O4 - HKLM..\Run: [Acer Tour]  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [HostManager] C:\Programme\Common Files\aol\1189262390\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000..\Run: [捁牥吠畯r]  File not found
O8 - Extra context menu item: &AOL Toolbar-Suche - c:\Programme\AOL\AOL Toolbar 4.0\resources\de-DE\local\search.html ()
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0E6B5357-A9D8-4C32-84DC-42ABD529A336}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2A1050BE-A6CF-481B-BE23-A0A8E208FAFA}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{50BB292F-60ED-4692-A710-424913D3F639}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A2DEC78-CAD0-46D4-A487-F50F0959DFBA}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D6A2FB18-98AD-4E0F-9662-5F975372D5FB}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DFA4E1FF-BFBB-4316-A7ED-DB5B3C572165}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Heiko\Desktop\DSC00303.JPG
O24 - Desktop BackupWallPaper: C:\Users\Heiko\Desktop\DSC00303.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0c5dc34a-3da7-11df-8706-00040e10bcda}\Shell - "" = AutoRun
O33 - MountPoints2\{0c5dc34a-3da7-11df-8706-00040e10bcda}\Shell\AutoRun\command - "" = J:\Startme.exe
O33 - MountPoints2\{419d7449-eec1-11dc-9c12-00040e10bcda}\Shell - "" = AutoRun
O33 - MountPoints2\{419d7449-eec1-11dc-9c12-00040e10bcda}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpReg: SkypeM - hkey= - key= -  File not found
MsConfig - StartUpReg: Sony Ericsson PC Companion - hkey= - key= - C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe (Sony Ericsson Mobile Communications AB)
MsConfig - StartUpReg: 捁牥吠畯⁲敒業摮牥 - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.mkdmp3enc - C:\PROGRA~1\ACERZO~1\ACERZO~2\Kernel\Burner\MKDMP3Enc.ACM File not found
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS hxxp://hp.vector.co.jp/authors/VA012897/)
Drivers32: msacm.voxacm160 - C:\Windows\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: VIDC.I420 - MSh263.drv File not found
Drivers32: vidc.x264 - C:\Programme\x264vfw\x264vfw.dll ()
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.03.13 00:06:48 | 000,594,944 | ---- | C] (OldTimer Tools) -- C:\Users\Heiko\Desktop\OTL.exe
[2012.03.12 20:23:54 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.03.12 17:37:38 | 000,000,000 | ---D | C] -- C:\Users\Heiko\AppData\Roaming\Malwarebytes
[2012.03.12 17:37:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.03.12 17:37:31 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.03.12 17:37:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.03.12 17:37:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.03.12 17:36:51 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Heiko\Documents\mbam-setup-1.60.1.1000.exe
[2012.02.27 11:36:17 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.02.24 11:46:13 | 000,000,000 | ---D | C] -- C:\Users\Heiko\Desktop\bluescreens
[2012.02.23 14:50:11 | 000,000,000 | ---D | C] -- C:\Users\Heiko\Desktop\bootcd
[2012.02.23 07:55:51 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.03.13 16:04:47 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.03.13 16:04:47 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.03.13 00:06:49 | 000,594,944 | ---- | M] (OldTimer Tools) -- C:\Users\Heiko\Desktop\OTL.exe
[2012.03.12 18:26:25 | 000,204,800 | ---- | M] () -- C:\Users\Heiko\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.03.12 18:01:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.03.12 18:01:06 | 937,943,040 | -HS- | M] () -- C:\hiberfil.sys
[2012.03.12 17:46:30 | 000,002,078 | ---- | M] () -- C:\Users\Heiko\Documents\cc_20120312_174619.reg
[2012.03.12 17:37:32 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.12 17:34:38 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Heiko\Documents\mbam-setup-1.60.1.1000.exe
[2012.03.12 13:36:37 | 000,000,680 | ---- | M] () -- C:\Users\Heiko\AppData\Local\d3d9caps.dat
[2012.03.12 13:34:13 | 000,002,228 | ---- | M] () -- C:\Users\Heiko\Documents\cc_20120312_133407.reg
[2012.03.06 00:00:35 | 000,000,104 | ---- | M] () -- C:\Users\Heiko\Desktop\Papierkorb - Verknüpfung.lnk
[2012.03.03 22:39:37 | 000,432,883 | ---- | M] () -- C:\Users\Heiko\Documents\todesminen.pdf
[2012.03.02 22:12:22 | 000,628,210 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.03.02 22:12:22 | 000,595,308 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.03.02 22:12:22 | 000,126,850 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.03.02 22:12:22 | 000,104,742 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.02.27 11:50:20 | 000,257,668 | ---- | M] () -- C:\Users\Heiko\Documents\cc_20120227_114646.reg
[2012.02.27 11:36:20 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.02.23 10:56:05 | 000,000,407 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Checksum.ini
[2012.02.23 08:00:19 | 000,001,896 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.02.23 07:48:48 | 000,000,152 | ---- | M] () -- C:\Users\Public\Documents\AcRdB7_1_0.sta
[2012.02.17 03:24:38 | 000,270,784 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.02.15 19:57:52 | 000,137,416 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.03.12 17:46:23 | 000,002,078 | ---- | C] () -- C:\Users\Heiko\Documents\cc_20120312_174619.reg
[2012.03.12 17:41:03 | 937,943,040 | -HS- | C] () -- C:\hiberfil.sys
[2012.03.12 17:37:32 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.03.12 13:36:37 | 000,000,680 | ---- | C] () -- C:\Users\Heiko\AppData\Local\d3d9caps.dat
[2012.03.12 13:34:11 | 000,002,228 | ---- | C] () -- C:\Users\Heiko\Documents\cc_20120312_133407.reg
[2012.03.06 00:00:35 | 000,000,104 | ---- | C] () -- C:\Users\Heiko\Desktop\Papierkorb - Verknüpfung.lnk
[2012.03.03 22:39:36 | 000,432,883 | ---- | C] () -- C:\Users\Heiko\Documents\todesminen.pdf
[2012.02.27 11:46:52 | 000,257,668 | ---- | C] () -- C:\Users\Heiko\Documents\cc_20120227_114646.reg
[2012.02.27 11:36:20 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.02.23 10:11:49 | 000,000,407 | ---- | C] () -- C:\Users\Heiko\AppData\Roaming\Checksum.ini
[2012.02.23 08:00:19 | 000,001,896 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.02.23 08:00:19 | 000,001,804 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2012.02.23 07:46:36 | 000,000,152 | ---- | C] () -- C:\Users\Public\Documents\AcRdB7_1_0.sta
[2011.10.30 21:15:03 | 000,001,059 | ---- | C] () -- C:\Users\Heiko\AppData\Roaming\DVDSubEdit.ini
[2011.10.08 15:33:30 | 000,000,232 | ---- | C] () -- C:\Windows\reimage.ini
[2011.03.27 16:28:44 | 000,000,120 | ---- | C] () -- C:\Users\Heiko\AppData\Roaming\FixVTS.ini
[2011.03.11 21:28:15 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.03.11 21:28:14 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.01.31 18:33:46 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.01.31 17:25:07 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2010.11.12 08:17:01 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
 
========== LOP Check ==========
 
[2012.02.11 16:53:14 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\DVDVideoSoft
[2010.08.05 19:43:13 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\ICQ
[2007.09.14 17:42:35 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\ICQLite
[2011.02.03 10:40:36 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\Local
[2011.08.15 15:39:03 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\mkvtoolnix
[2011.08.06 17:10:16 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\OpenOffice.org
[2010.01.19 15:11:27 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\Ulead Systems
[2012.03.12 17:59:20 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.02.23 08:09:11 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\Adobe
[2007.09.10 09:19:38 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\AdobeUM
[2010.07.23 19:42:03 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\Ahead
[2008.09.08 17:49:21 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\AOL
[2011.10.31 09:22:55 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\Apple Computer
[2007.09.08 10:39:07 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\ATI
[2011.10.14 17:16:59 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\Avira
[2008.08.16 08:54:09 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\AVS4YOU
[2011.02.03 14:32:26 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\DivX
[2012.02.11 16:53:14 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\DVDVideoSoft
[2010.08.05 19:43:13 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\ICQ
[2007.09.14 17:42:35 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\ICQLite
[2007.09.08 10:38:35 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\Identities
[2011.12.30 14:53:57 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\InstallShield
[2011.02.03 10:40:36 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\Local
[2007.09.08 10:48:08 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\Macromedia
[2012.03.12 17:37:38 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\Malwarebytes
[2006.11.02 13:37:34 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\Media Center Programs
[2012.02.23 08:09:11 | 000,000,000 | --SD | M] -- C:\Users\Heiko\AppData\Roaming\Microsoft
[2011.08.15 15:39:03 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\mkvtoolnix
[2009.12.22 08:21:47 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\Mozilla
[2010.07.23 19:06:54 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\Nero
[2011.08.06 17:10:16 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\OpenOffice.org
[2010.01.19 15:11:27 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\Ulead Systems
[2007.09.08 21:40:02 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\WinRAR
[2007.09.08 14:45:43 | 000,000,000 | ---D | M] -- C:\Users\Heiko\AppData\Roaming\You've Got Pictures Screensaver
 
< %APPDATA%\*.exe /s >
[2008.06.14 18:12:07 | 019,900,192 | ---- | M] (                                  ) -- C:\Users\Heiko\AppData\Roaming\Adobe\Acrobat\7.0\Updater\AdbeRdr710_en_US.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 08:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: AHCIX86S.SYS  >
[2006.08.14 05:27:02 | 000,117,760 | ---- | M] (ATI Technologies Inc.) MD5=6241F2C3073FEAB1EB1BCEE7EEE7A95A -- C:\DRV\ATI-8.31\8.31\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys
[2006.08.14 05:27:02 | 000,117,760 | ---- | M] (ATI Technologies Inc.) MD5=6241F2C3073FEAB1EB1BCEE7EEE7A95A -- C:\Windows\System32\DriverStore\FileRepository\ahcix86s.inf_f6dd3386\ahcix86s.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 08:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 08:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 08:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 08:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 08:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2007.09.09 02:01:45 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2007.09.09 02:01:45 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2008.01.19 08:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2006.11.02 10:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 08:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006.11.02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 09:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 06:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:59756FA4

< End of report >

cosinus 13.03.2012 17:59
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.intl.acer.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = http://de.rd.yahoo.com/customize/ycomp/defaults/sp/*http://de.yahoo.com
IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\..\URLSearchHook: {1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} - No CLSID value found
IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\..\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}: "URL" = http://suche.aol.de/suche/web/search.jsp?q={searchTerms}
IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\..\SearchScopes\{83DC1FFC-A4AA-484B-A9FB-88E10FD89DB7}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\..\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}: "URL" = http://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 115.108.177.230:1080
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&q="
[2009.09.16 12:14:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Heiko\AppData\Roaming\mozilla\Firefox\Profiles\l1fkkb7w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.02.01 19:04:43 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Heiko\AppData\Roaming\mozilla\Firefox\Profiles\l1fkkb7w.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.02.23 07:51:35 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-1.xml
[2009.06.01 18:29:41 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-10.xml
[2009.08.25 19:40:49 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-11.xml
[2009.11.08 17:14:11 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-12.xml
[2009.11.27 21:11:32 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-13.xml
[2009.12.18 13:24:03 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-14.xml
[2010.01.06 19:01:48 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-15.xml
[2010.02.18 20:07:52 | 000,000,961 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-16.xml
[2010.03.11 20:53:37 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-17.xml
[2010.03.23 20:20:17 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-18.xml
[2010.04.03 22:19:05 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-19.xml
[2007.10.28 12:52:31 | 000,000,949 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-2.xml
[2010.06.24 20:28:21 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-20.xml
[2010.06.28 16:39:24 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-21.xml
[2010.07.24 16:18:14 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-22.xml
[2010.07.26 19:02:40 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-23.xml
[2010.09.09 17:13:36 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-24.xml
[2010.09.16 19:11:59 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-25.xml
[2010.10.24 08:51:32 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-26.xml
[2010.10.30 10:12:17 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-27.xml
[2011.01.02 14:42:46 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-28.xml
[2011.03.10 21:06:58 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-29.xml
[2007.11.24 12:18:49 | 000,000,949 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-3.xml
[2008.04.16 19:19:24 | 000,000,949 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-4.xml
[2008.04.17 08:21:05 | 000,000,949 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-5.xml
[2008.12.23 20:02:07 | 000,000,949 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-6.xml
[2009.01.12 12:25:55 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-7.xml
[2009.01.12 12:46:16 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-8.xml
[2009.02.05 10:26:28 | 000,000,950 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-9.xml
[2009.06.07 13:21:06 | 000,000,944 | ---- | M] () -- C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin.xml
[2009.06.11 10:52:25 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (no name) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1022118940-2984043573-3184735710-1000..\Run: [捁牥吠畯r]  File not found
O8 - Extra context menu item: &AOL Toolbar-Suche - c:\Programme\AOL\AOL Toolbar 4.0\resources\de-DE\local\search.html ()
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0c5dc34a-3da7-11df-8706-00040e10bcda}\Shell - "" = AutoRun
O33 - MountPoints2\{0c5dc34a-3da7-11df-8706-00040e10bcda}\Shell\AutoRun\command - "" = J:\Startme.exe
O33 - MountPoints2\{419d7449-eec1-11dc-9c12-00040e10bcda}\Shell - "" = AutoRun
O33 - MountPoints2\{419d7449-eec1-11dc-9c12-00040e10bcda}\Shell\AutoRun\command - "" = K:\LaunchU3.exe -a
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:59756FA4
:Files
c:\Programme\AOL\AOL Toolbar 4.0
C:\Programme\ICQ6Toolbar
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

reggie 13.03.2012 18:18
So das hat erstmal geklappt! Danke!

Code:
All processes killed
========== OTL ==========
Process ICQ Service.exe killed successfully!
No active process named TeaTimer.exe was found!
Service ICQ Service stopped successfully!
Service ICQ Service deleted successfully!
C:\Programme\ICQ6Toolbar\ICQ Service.exe moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\SEARCH PAGE| /E : value set successfully!
HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultName| /E : value set successfully!
HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchMigratedDefaultURL| /E : value set successfully!
HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1022118940-2984043573-3184735710-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{1CFFA392-0898-4b1c-89D1-6E98F9D8EF78} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1CFFA392-0898-4b1c-89D1-6E98F9D8EF78}\ not found.
Registry value HKEY_USERS\S-1-5-21-1022118940-2984043573-3184735710-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
HKEY_USERS\S-1-5-21-1022118940-2984043573-3184735710-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1022118940-2984043573-3184735710-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1022118940-2984043573-3184735710-1000\Software\Microsoft\Internet Explorer\SearchScopes\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{443789B7-F39C-4b5c-9287-DA72D38F4FE6}\ not found.
Registry key HKEY_USERS\S-1-5-21-1022118940-2984043573-3184735710-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-1022118940-2984043573-3184735710-1000\Software\Microsoft\Internet Explorer\SearchScopes\{83DC1FFC-A4AA-484B-A9FB-88E10FD89DB7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83DC1FFC-A4AA-484B-A9FB-88E10FD89DB7}\ not found.
Registry key HKEY_USERS\S-1-5-21-1022118940-2984043573-3184735710-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BE9654C9-9D79-42ec-B55A-3CAEB12DBF58}\ not found.
HKU\S-1-5-21-1022118940-2984043573-3184735710-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=" removed from keyword.URL
C:\Users\Heiko\AppData\Roaming\mozilla\Firefox\Profiles\l1fkkb7w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.
C:\Users\Heiko\AppData\Roaming\mozilla\Firefox\Profiles\l1fkkb7w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.
C:\Users\Heiko\AppData\Roaming\mozilla\Firefox\Profiles\l1fkkb7w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.
C:\Users\Heiko\AppData\Roaming\mozilla\Firefox\Profiles\l1fkkb7w.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.
C:\Users\Heiko\AppData\Roaming\mozilla\Firefox\Profiles\l1fkkb7w.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF folder moved successfully.
C:\Users\Heiko\AppData\Roaming\mozilla\Firefox\Profiles\l1fkkb7w.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences folder moved successfully.
C:\Users\Heiko\AppData\Roaming\mozilla\Firefox\Profiles\l1fkkb7w.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults folder moved successfully.
C:\Users\Heiko\AppData\Roaming\mozilla\Firefox\Profiles\l1fkkb7w.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components folder moved successfully.
C:\Users\Heiko\AppData\Roaming\mozilla\Firefox\Profiles\l1fkkb7w.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome folder moved successfully.
C:\Users\Heiko\AppData\Roaming\mozilla\Firefox\Profiles\l1fkkb7w.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} folder moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-10.xml moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-11.xml moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-12.xml moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-13.xml moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-14.xml moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-15.xml moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-16.xml moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-17.xml moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-18.xml moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-19.xml moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-20.xml moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-21.xml moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-22.xml moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-23.xml moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-24.xml moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-25.xml moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-26.xml moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-27.xml moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-28.xml moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-29.xml moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-8.xml moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin-9.xml moved successfully.
C:\Users\Heiko\AppData\Roaming\Mozilla\Firefox\Profiles\l1fkkb7w.default\searchplugins\icqplugin.xml moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.
C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.
C:\Programme\Spybot - Search & Destroy\SDHelper.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7C554162-8CB7-45A4-B8F4-8EA1C75885F9}\ deleted successfully.
C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CBE3B7C-1E47-477e-A7DD-396DB0476E29}\ deleted successfully.
C:\Windows\System32\eDStoolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Programme\ICQ6Toolbar\ICQToolBar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DE9C389F-3316-41A7-809B-AA305ED9D922} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DE9C389F-3316-41A7-809B-AA305ED9D922}\ deleted successfully.
File C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry value HKEY_USERS\S-1-5-21-1022118940-2984043573-3184735710-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}\ not found.
File C:\Windows\System32\eDStoolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-1022118940-2984043573-3184735710-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-1022118940-2984043573-3184735710-1000\Software\Microsoft\Windows\CurrentVersion\Run\\捁牥吠畯r deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&AOL Toolbar-Suche\ deleted successfully.
File Suche - c:\Programme\AOL\AOL Toolbar 4.0\resources\de-DE\local\search.html not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3369AF0D-62E9-4bda-8103-B4C75499B578}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3369AF0D-62E9-4bda-8103-B4C75499B578}\ not found.
File C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c5dc34a-3da7-11df-8706-00040e10bcda}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c5dc34a-3da7-11df-8706-00040e10bcda}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c5dc34a-3da7-11df-8706-00040e10bcda}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c5dc34a-3da7-11df-8706-00040e10bcda}\ not found.
File J:\Startme.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{419d7449-eec1-11dc-9c12-00040e10bcda}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{419d7449-eec1-11dc-9c12-00040e10bcda}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{419d7449-eec1-11dc-9c12-00040e10bcda}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{419d7449-eec1-11dc-9c12-00040e10bcda}\ not found.
File K:\LaunchU3.exe -a not found.
ADS C:\ProgramData\TEMP:59756FA4 deleted successfully.
========== FILES ==========
c:\Programme\AOL\AOL Toolbar 4.0\resources\de-DE\ui folder moved successfully.
c:\Programme\AOL\AOL Toolbar 4.0\resources\de-DE\rss folder moved successfully.
c:\Programme\AOL\AOL Toolbar 4.0\resources\de-DE\local folder moved successfully.
c:\Programme\AOL\AOL Toolbar 4.0\resources\de-DE\buttons folder moved successfully.
c:\Programme\AOL\AOL Toolbar 4.0\resources\de-DE\ba folder moved successfully.
c:\Programme\AOL\AOL Toolbar 4.0\resources\de-DE\aimPages folder moved successfully.
c:\Programme\AOL\AOL Toolbar 4.0\resources\de-DE folder moved successfully.
c:\Programme\AOL\AOL Toolbar 4.0\resources folder moved successfully.
c:\Programme\AOL\AOL Toolbar 4.0 folder moved successfully.
File\Folder C:\Programme\ICQ6Toolbar not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Heiko
->Temp folder emptied: 27690081 bytes
->Temporary Internet Files folder emptied: 74491895 bytes
->Java cache emptied: 15183729 bytes
->FireFox cache emptied: 48911267 bytes
->Flash cache emptied: 2808 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 847872 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 526186 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 160,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.36.3 log created on 03132012_180947

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 13.03.2012 19:08
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

reggie 13.03.2012 19:16
Also hier weiter gehts:

Code:
19:11:33.0113 2876        TDSS rootkit removing tool 2.7.20.0 Mar  9 2012 17:10:43
19:11:33.0503 2876        ============================================================
19:11:33.0503 2876        Current date / time: 2012/03/13 19:11:33.0503
19:11:33.0503 2876        SystemInfo:
19:11:33.0503 2876       
19:11:33.0503 2876        OS Version: 6.0.6002 ServicePack: 2.0
19:11:33.0503 2876        Product type: Workstation
19:11:33.0503 2876        ComputerName: HEIKO-PC
19:11:33.0503 2876        UserName: Heiko
19:11:33.0503 2876        Windows directory: C:\Windows
19:11:33.0503 2876        System windows directory: C:\Windows
19:11:33.0503 2876        Processor architecture: Intel x86
19:11:33.0503 2876        Number of processors: 2
19:11:33.0503 2876        Page size: 0x1000
19:11:33.0503 2876        Boot type: Normal boot
19:11:33.0503 2876        ============================================================
19:11:35.0250 2876        Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:11:35.0359 2876        Drive \Device\Harddisk1\DR1 - Size: 0xEF000000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:11:35.0421 2876        \Device\Harddisk0\DR0:
19:11:35.0437 2876        MBR used
19:11:35.0437 2876        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x6, StartLBA 0xDAA87C, BlocksNum 0xE265279
19:11:35.0437 2876        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xF00FAF5, BlocksNum 0xE1B4A8C
19:11:35.0437 2876        \Device\Harddisk1\DR1:
19:11:35.0437 2876        MBR used
19:11:35.0437 2876        \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x30, BlocksNum 0x777FD0
19:11:35.0671 2876        Initialize success
19:11:35.0671 2876        ============================================================
19:13:02.0407 2552        ============================================================
19:13:02.0407 2552        Scan started
19:13:02.0407 2552        Mode: Manual; SigCheck; TDLFS;
19:13:02.0407 2552        ============================================================
19:13:05.0215 2552        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
19:13:05.0496 2552        ACPI - ok
19:13:05.0667 2552        adp94xx        (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
19:13:05.0777 2552        adp94xx - ok
19:13:05.0964 2552        adpahci        (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
19:13:06.0026 2552        adpahci - ok
19:13:06.0104 2552        adpu160m        (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
19:13:06.0151 2552        adpu160m - ok
19:13:06.0167 2552        adpu320        (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
19:13:06.0245 2552        adpu320 - ok
19:13:06.0416 2552        AFD            (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
19:13:06.0728 2552        AFD - ok
19:13:06.0853 2552        agp440          (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
19:13:06.0915 2552        agp440 - ok
19:13:07.0009 2552        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
19:13:07.0071 2552        aic78xx - ok
19:13:07.0087 2552        aliide          (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
19:13:07.0134 2552        aliide - ok
19:13:07.0305 2552        amdagp          (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
19:13:07.0352 2552        amdagp - ok
19:13:07.0399 2552        amdide          (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
19:13:07.0446 2552        amdide - ok
19:13:07.0571 2552        AmdK7          (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
19:13:07.0805 2552        AmdK7 - ok
19:13:07.0992 2552        AmdK8          (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
19:13:08.0117 2552        AmdK8 - ok
19:13:08.0304 2552        arc            (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
19:13:08.0351 2552        arc - ok
19:13:08.0382 2552        arcsas          (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
19:13:08.0429 2552        arcsas - ok
19:13:08.0553 2552        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
19:13:08.0694 2552        AsyncMac - ok
19:13:08.0803 2552        atapi          (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
19:13:08.0819 2552        atapi - ok
19:13:08.0834 2552        AtiPcie        (b44417b29c4760a86f65702fd92ea3d7) C:\Windows\system32\DRIVERS\AtiPcie.sys
19:13:08.0959 2552        AtiPcie - ok
19:13:09.0053 2552        avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys
19:13:09.0131 2552        avgntflt - ok
19:13:09.0224 2552        avipbb          (13b02b9b969dde270cd7c351203dad3c) C:\Windows\system32\DRIVERS\avipbb.sys
19:13:09.0271 2552        avipbb - ok
19:13:09.0302 2552        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
19:13:09.0302 2552        avkmgr - ok
19:13:09.0411 2552        AVMUNET        (74463afc648ad3c2fd4bc25b711fda7f) C:\Windows\system32\DRIVERS\avmunet.sys
19:13:09.0443 2552        AVMUNET ( UnsignedFile.Multi.Generic ) - warning
19:13:09.0443 2552        AVMUNET - detected UnsignedFile.Multi.Generic (1)
19:13:09.0552 2552        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
19:13:09.0630 2552        Beep - ok
19:13:09.0708 2552        blbdrive - ok
19:13:09.0755 2552        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
19:13:09.0833 2552        bowser - ok
19:13:09.0926 2552        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
19:13:10.0082 2552        BrFiltLo - ok
19:13:10.0160 2552        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
19:13:10.0238 2552        BrFiltUp - ok
19:13:10.0347 2552        Bridge          (b1564976d98e91fc764d5dc28a0297da) C:\Windows\system32\DRIVERS\bridge.sys
19:13:10.0394 2552        Bridge - ok
19:13:10.0410 2552        BridgeMP        (b1564976d98e91fc764d5dc28a0297da) C:\Windows\system32\DRIVERS\bridge.sys
19:13:10.0441 2552        BridgeMP - ok
19:13:10.0472 2552        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
19:13:10.0581 2552        Brserid - ok
19:13:10.0706 2552        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
19:13:10.0815 2552        BrSerWdm - ok
19:13:10.0878 2552        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
19:13:10.0971 2552        BrUsbMdm - ok
19:13:11.0018 2552        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
19:13:11.0127 2552        BrUsbSer - ok
19:13:11.0237 2552        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
19:13:11.0346 2552        BTHMODEM - ok
19:13:11.0439 2552        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
19:13:11.0517 2552        cdfs - ok
19:13:11.0642 2552        cdrom          (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
19:13:11.0705 2552        cdrom - ok
19:13:11.0814 2552        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
19:13:11.0907 2552        circlass - ok
19:13:11.0954 2552        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
19:13:12.0017 2552        CLFS - ok
19:13:12.0095 2552        cmdide          (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
19:13:12.0126 2552        cmdide - ok
19:13:12.0157 2552        Compbatt        (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
19:13:12.0204 2552        Compbatt - ok
19:13:12.0235 2552        crcdisk        (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
19:13:12.0282 2552        crcdisk - ok
19:13:12.0360 2552        Crusoe          (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
19:13:12.0453 2552        Crusoe - ok
19:13:12.0500 2552        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
19:13:12.0547 2552        DfsC - ok
19:13:12.0656 2552        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
19:13:12.0687 2552        disk - ok
19:13:12.0828 2552        drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
19:13:12.0890 2552        drmkaud - ok
19:13:12.0999 2552        DXGKrnl        (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
19:13:13.0046 2552        DXGKrnl - ok
19:13:13.0062 2552        E1G60          (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
19:13:13.0202 2552        E1G60 - ok
19:13:13.0343 2552        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
19:13:13.0405 2552        Ecache - ok
19:13:13.0514 2552        elxstor        (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
19:13:13.0561 2552        elxstor - ok
19:13:13.0655 2552        exfat          (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
19:13:13.0717 2552        exfat - ok
19:13:13.0779 2552        fastfat        (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
19:13:13.0842 2552        fastfat - ok
19:13:13.0904 2552        fdc            (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
19:13:13.0967 2552        fdc - ok
19:13:14.0076 2552        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
19:13:14.0123 2552        FileInfo - ok
19:13:14.0154 2552        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
19:13:14.0232 2552        Filetrace - ok
19:13:14.0310 2552        flpydisk        (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
19:13:14.0419 2552        flpydisk - ok
19:13:14.0466 2552        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
19:13:14.0528 2552        FltMgr - ok
19:13:14.0622 2552        Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
19:13:14.0684 2552        Fs_Rec - ok
19:13:14.0715 2552        gagp30kx        (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
19:13:14.0762 2552        gagp30kx - ok
19:13:14.0840 2552        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
19:13:14.0965 2552        HdAudAddService - ok
19:13:15.0027 2552        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:13:15.0121 2552        HDAudBus - ok
19:13:15.0183 2552        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
19:13:15.0308 2552        HidBth - ok
19:13:15.0386 2552        HidIr          (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
19:13:15.0464 2552        HidIr - ok
19:13:15.0573 2552        HidUsb          (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
19:13:15.0683 2552        HidUsb - ok
19:13:15.0698 2552        HpCISSs        (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
19:13:15.0745 2552        HpCISSs - ok
19:13:15.0854 2552        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
19:13:16.0010 2552        HTTP - ok
19:13:16.0182 2552        i2omp          (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
19:13:16.0213 2552        i2omp - ok
19:13:16.0291 2552        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
19:13:16.0353 2552        i8042prt - ok
19:13:16.0463 2552        iaStorV        (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
19:13:16.0509 2552        iaStorV - ok
19:13:16.0556 2552        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
19:13:16.0603 2552        iirsp - ok
19:13:16.0681 2552        int15          (9d64201c9e5ac8d1f088762ba00ff3ab) C:\Acer\Empowering Technology\eRecovery\int15.sys
19:13:16.0712 2552        int15 - ok
19:13:16.0853 2552        IntcAzAudAddService (aef2fa29204056b81bc4cbf30260dee1) C:\Windows\system32\drivers\RTKVHDA.sys
19:13:16.0977 2552        IntcAzAudAddService - ok
19:13:17.0071 2552        intelide        (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys
19:13:17.0118 2552        intelide - ok
19:13:17.0165 2552        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
19:13:17.0211 2552        intelppm - ok
19:13:17.0336 2552        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:13:17.0414 2552        IpFilterDriver - ok
19:13:17.0492 2552        IpInIp - ok
19:13:17.0539 2552        IPMIDRV        (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
19:13:17.0648 2552        IPMIDRV - ok
19:13:17.0757 2552        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
19:13:17.0820 2552        IPNAT - ok
19:13:17.0851 2552        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
19:13:17.0929 2552        IRENUM - ok
19:13:18.0023 2552        isapnp          (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
19:13:18.0069 2552        isapnp - ok
19:13:18.0101 2552        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
19:13:18.0132 2552        iScsiPrt - ok
19:13:18.0225 2552        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
19:13:18.0272 2552        iteatapi - ok
19:13:18.0303 2552        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
19:13:18.0319 2552        iteraid - ok
19:13:18.0413 2552        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:13:18.0459 2552        kbdclass - ok
19:13:18.0506 2552        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
19:13:18.0569 2552        kbdhid - ok
19:13:18.0678 2552        KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
19:13:18.0740 2552        KSecDD - ok
19:13:18.0803 2552        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
19:13:18.0881 2552        lltdio - ok
19:13:18.0990 2552        LSI_FC          (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
19:13:19.0037 2552        LSI_FC - ok
19:13:19.0052 2552        LSI_SAS        (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
19:13:19.0099 2552        LSI_SAS - ok
19:13:19.0193 2552        LSI_SCSI        (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
19:13:19.0239 2552        LSI_SCSI - ok
19:13:19.0286 2552        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
19:13:19.0333 2552        luafv - ok
19:13:19.0427 2552        MBAMProtector  (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
19:13:19.0458 2552        MBAMProtector - ok
19:13:19.0520 2552        megasas        (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
19:13:19.0551 2552        megasas - ok
19:13:19.0661 2552        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
19:13:19.0754 2552        Modem - ok
19:13:19.0863 2552        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
19:13:19.0910 2552        monitor - ok
19:13:19.0941 2552        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
19:13:19.0973 2552        mouclass - ok
19:13:20.0066 2552        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
19:13:20.0144 2552        mouhid - ok
19:13:20.0175 2552        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
19:13:20.0222 2552        MountMgr - ok
19:13:20.0331 2552        mpio            (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
19:13:20.0378 2552        mpio - ok
19:13:20.0409 2552        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
19:13:20.0472 2552        mpsdrv - ok
19:13:20.0581 2552        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
19:13:20.0628 2552        Mraid35x - ok
19:13:20.0643 2552        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
19:13:20.0753 2552        MRxDAV - ok
19:13:20.0862 2552        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:13:20.0924 2552        mrxsmb - ok
19:13:21.0033 2552        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:13:21.0096 2552        mrxsmb10 - ok
19:13:21.0205 2552        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:13:21.0267 2552        mrxsmb20 - ok
19:13:21.0361 2552        msahci          (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
19:13:21.0408 2552        msahci - ok
19:13:21.0439 2552        msdsm          (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
19:13:21.0486 2552        msdsm - ok
19:13:21.0611 2552        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
19:13:21.0673 2552        Msfs - ok
19:13:21.0782 2552        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
19:13:21.0829 2552        msisadrv - ok
19:13:21.0860 2552        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
19:13:21.0938 2552        MSKSSRV - ok
19:13:22.0047 2552        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
19:13:22.0094 2552        MSPCLOCK - ok
19:13:22.0110 2552        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
19:13:22.0157 2552        MSPQM - ok
19:13:22.0188 2552        MsRPC          (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
19:13:22.0235 2552        MsRPC - ok
19:13:22.0328 2552        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
19:13:22.0344 2552        mssmbios - ok
19:13:22.0375 2552        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
19:13:22.0422 2552        MSTEE - ok
19:13:22.0469 2552        Mup            (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
19:13:22.0515 2552        Mup - ok
19:13:22.0625 2552        NativeWifiP    (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
19:13:22.0703 2552        NativeWifiP - ok
19:13:22.0827 2552        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
19:13:22.0874 2552        NDIS - ok
19:13:22.0921 2552        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
19:13:22.0999 2552        NdisTapi - ok
19:13:23.0093 2552        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
19:13:23.0171 2552        Ndisuio - ok
19:13:23.0217 2552        NdisWan        (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
19:13:23.0264 2552        NdisWan - ok
19:13:23.0373 2552        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
19:13:23.0451 2552        NDProxy - ok
19:13:23.0545 2552        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
19:13:23.0623 2552        NetBIOS - ok
19:13:23.0670 2552        netbt          (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
19:13:23.0748 2552        netbt - ok
19:13:23.0857 2552        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
19:13:23.0904 2552        nfrd960 - ok
19:13:23.0951 2552        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
19:13:24.0029 2552        Npfs - ok
19:13:24.0122 2552        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
19:13:24.0200 2552        nsiproxy - ok
19:13:24.0263 2552        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
19:13:24.0356 2552        Ntfs - ok
19:13:24.0465 2552        NTIDrvr        (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys
19:13:24.0512 2552        NTIDrvr ( UnsignedFile.Multi.Generic ) - warning
19:13:24.0512 2552        NTIDrvr - detected UnsignedFile.Multi.Generic (1)
19:13:24.0590 2552        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
19:13:24.0699 2552        ntrigdigi - ok
19:13:24.0746 2552        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
19:13:24.0824 2552        Null - ok
19:13:24.0918 2552        nvraid          (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
19:13:24.0949 2552        nvraid - ok
19:13:24.0965 2552        nvstor          (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
19:13:24.0980 2552        nvstor - ok
19:13:25.0011 2552        nv_agp          (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
19:13:25.0027 2552        nv_agp - ok
19:13:25.0043 2552        NwlnkFlt - ok
19:13:25.0058 2552        NwlnkFwd - ok
19:13:25.0167 2552        ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
19:13:25.0199 2552        ohci1394 - ok
19:13:25.0323 2552        Parport        (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
19:13:25.0401 2552        Parport - ok
19:13:25.0433 2552        partmgr        (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
19:13:25.0479 2552        partmgr - ok
19:13:25.0573 2552        Parvdm          (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
19:13:25.0635 2552        Parvdm - ok
19:13:25.0682 2552        pci            (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
19:13:25.0729 2552        pci - ok
19:13:25.0807 2552        pciide          (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
19:13:25.0869 2552        pciide - ok
19:13:25.0901 2552        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
19:13:25.0947 2552        pcmcia - ok
19:13:26.0088 2552        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
19:13:26.0244 2552        PEAUTH - ok
19:13:26.0415 2552        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
19:13:26.0478 2552        PptpMiniport - ok
19:13:26.0509 2552        Processor      (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
19:13:26.0603 2552        Processor - ok
19:13:26.0712 2552        PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
19:13:26.0774 2552        PSched - ok
19:13:26.0790 2552        PSDFilter      (88b72d2a800300eb05c69f3c6c3180f2) C:\Windows\system32\DRIVERS\psdfilter.sys
19:13:26.0837 2552        PSDFilter ( UnsignedFile.Multi.Generic ) - warning
19:13:26.0837 2552        PSDFilter - detected UnsignedFile.Multi.Generic (1)
19:13:26.0915 2552        PSDNServ        (9649e11fc5459bf6b2c9e8e327e45c3a) C:\Windows\system32\drivers\PSDNServ.sys
19:13:26.0930 2552        PSDNServ ( UnsignedFile.Multi.Generic ) - warning
19:13:26.0930 2552        PSDNServ - detected UnsignedFile.Multi.Generic (1)
19:13:26.0961 2552        psdvdisk        (3d0be1373b9dfe9fc7b64f090e4d59e3) C:\Windows\system32\drivers\psdvdisk.sys
19:13:27.0008 2552        psdvdisk ( UnsignedFile.Multi.Generic ) - warning
19:13:27.0008 2552        psdvdisk - detected UnsignedFile.Multi.Generic (1)
19:13:27.0133 2552        ql2300          (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
19:13:27.0227 2552        ql2300 - ok
19:13:27.0320 2552        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
19:13:27.0351 2552        ql40xx - ok
19:13:27.0398 2552        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
19:13:27.0476 2552        QWAVEdrv - ok
19:13:27.0632 2552        R300            (554685122b4f973e21d66c2baaf29543) C:\Windows\system32\DRIVERS\atikmdag.sys
19:13:27.0819 2552        R300 - ok
19:13:27.0913 2552        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
19:13:27.0960 2552        RasAcd - ok
19:13:28.0053 2552        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:13:28.0131 2552        Rasl2tp - ok
19:13:28.0178 2552        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
19:13:28.0241 2552        RasPppoe - ok
19:13:28.0303 2552        RasSstp        (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
19:13:28.0350 2552        RasSstp - ok
19:13:28.0412 2552        rdbss          (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
19:13:28.0459 2552        rdbss - ok
19:13:28.0521 2552        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:13:28.0584 2552        RDPCDD - ok
19:13:28.0646 2552        rdpdr          (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
19:13:28.0755 2552        rdpdr - ok
19:13:28.0833 2552        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
19:13:28.0911 2552        RDPENCDD - ok
19:13:28.0974 2552        RDPWD          (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
19:13:29.0036 2552        RDPWD - ok
19:13:29.0192 2552        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
19:13:29.0239 2552        rspndr - ok
19:13:29.0317 2552        RT73            (0ab8d9d7c5ac81fc736d7c208f737570) C:\Windows\system32\DRIVERS\Dr71WU.sys
19:13:29.0411 2552        RT73 - ok
19:13:29.0489 2552        s1018bus        (1c5c2cb892553d2cf3f45a4bb323fcd6) C:\Windows\system32\DRIVERS\s1018bus.sys
19:13:29.0535 2552        s1018bus - ok
19:13:29.0613 2552        s1018mdfl      (38f5ea219593f19b6b3a1b9c169e3b61) C:\Windows\system32\DRIVERS\s1018mdfl.sys
19:13:29.0645 2552        s1018mdfl - ok
19:13:29.0691 2552        s1018mdm        (666af6b64fc7df92d3ca4819ea91631d) C:\Windows\system32\DRIVERS\s1018mdm.sys
19:13:29.0738 2552        s1018mdm - ok
19:13:29.0801 2552        s1018mgmt      (f4ceda6e2ddff2af8bd745615a7ca9c0) C:\Windows\system32\DRIVERS\s1018mgmt.sys
19:13:29.0879 2552        s1018mgmt - ok
19:13:29.0972 2552        s1018nd5        (3622d9ff2253dcbe885b10736609a4ca) C:\Windows\system32\DRIVERS\s1018nd5.sys
19:13:30.0003 2552        s1018nd5 - ok
19:13:30.0050 2552        s1018obex      (49431efda842b474531c29ffae9f5d09) C:\Windows\system32\DRIVERS\s1018obex.sys
19:13:30.0097 2552        s1018obex - ok
19:13:30.0191 2552        s1018unic      (ac6b514cb4474f4c867d7cdc9cd54f05) C:\Windows\system32\DRIVERS\s1018unic.sys
19:13:30.0237 2552        s1018unic - ok
19:13:30.0284 2552        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
19:13:30.0315 2552        sbp2port - ok
19:13:30.0425 2552        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:13:30.0549 2552        secdrv - ok
19:13:30.0627 2552        Serenum        (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
19:13:30.0705 2552        Serenum - ok
19:13:30.0768 2552        Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
19:13:30.0846 2552        Serial - ok
19:13:30.0955 2552        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
19:13:31.0017 2552        sermouse - ok
19:13:31.0064 2552        sffdisk        (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
19:13:31.0173 2552        sffdisk - ok
19:13:31.0283 2552        sffp_mmc        (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
19:13:31.0376 2552        sffp_mmc - ok
19:13:31.0392 2552        sffp_sd        (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
19:13:31.0501 2552        sffp_sd - ok
19:13:31.0595 2552        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
19:13:31.0704 2552        sfloppy - ok
19:13:31.0813 2552        sisagp          (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
19:13:31.0844 2552        sisagp - ok
19:13:31.0875 2552        SiSRaid2        (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
19:13:31.0907 2552        SiSRaid2 - ok
19:13:32.0016 2552        SiSRaid4        (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
19:13:32.0047 2552        SiSRaid4 - ok
19:13:32.0109 2552        Smb            (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
19:13:32.0187 2552        Smb - ok
19:13:32.0281 2552        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
19:13:32.0312 2552        spldr - ok
19:13:32.0359 2552        srv            (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
19:13:32.0468 2552        srv - ok
19:13:32.0562 2552        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
19:13:32.0655 2552        srv2 - ok
19:13:32.0765 2552        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
19:13:32.0827 2552        srvnet - ok
19:13:32.0889 2552        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
19:13:32.0921 2552        ssmdrv - ok
19:13:32.0999 2552        StkAMini        (69a926dbca12046633e3d6e6d46e7087) C:\Windows\system32\Drivers\StkAMini.sys
19:13:33.0061 2552        StkAMini ( UnsignedFile.Multi.Generic ) - warning
19:13:33.0061 2552        StkAMini - detected UnsignedFile.Multi.Generic (1)
19:13:33.0155 2552        StkScan        (83406fb18cb0abfec501add986d63572) C:\Windows\system32\Drivers\StkScan.sys
19:13:33.0201 2552        StkScan ( UnsignedFile.Multi.Generic ) - warning
19:13:33.0201 2552        StkScan - detected UnsignedFile.Multi.Generic (1)
19:13:33.0311 2552        StkTMini        (0933717146e8054f133b5bdb874ef9fa) C:\Windows\system32\Drivers\StkTMini.sys
19:13:33.0404 2552        StkTMini ( UnsignedFile.Multi.Generic ) - warning
19:13:33.0404 2552        StkTMini - detected UnsignedFile.Multi.Generic (1)
19:13:33.0513 2552        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
19:13:33.0545 2552        swenum - ok
19:13:33.0576 2552        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
19:13:33.0607 2552        Symc8xx - ok
19:13:33.0623 2552        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
19:13:33.0669 2552        Sym_hi - ok
19:13:33.0747 2552        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
19:13:33.0779 2552        Sym_u3 - ok
19:13:33.0841 2552        taphss          (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\Windows\system32\DRIVERS\taphss.sys
19:13:33.0888 2552        taphss - ok
19:13:34.0013 2552        Tcpip          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
19:13:34.0075 2552        Tcpip - ok
19:13:34.0231 2552        Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
19:13:34.0309 2552        Tcpip6 - ok
19:13:34.0387 2552        tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
19:13:34.0527 2552        tcpipreg - ok
19:13:34.0637 2552        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
19:13:34.0683 2552        TDPIPE - ok
19:13:34.0715 2552        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
19:13:34.0793 2552        TDTCP - ok
19:13:34.0886 2552        tdx            (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
19:13:34.0933 2552        tdx - ok
19:13:34.0980 2552        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
19:13:35.0011 2552        TermDD - ok
19:13:35.0151 2552        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:13:35.0229 2552        tssecsrv - ok
19:13:35.0354 2552        tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
19:13:35.0432 2552        tunmp - ok
19:13:35.0541 2552        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
19:13:35.0557 2552        tunnel - ok
19:13:35.0588 2552        uagp35          (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
19:13:35.0635 2552        uagp35 - ok
19:13:35.0713 2552        UBHelper        (e0c67be430c6de490d6ccaecfa071f9e) C:\Windows\system32\drivers\UBHelper.sys
19:13:35.0744 2552        UBHelper ( UnsignedFile.Multi.Generic ) - warning
19:13:35.0744 2552        UBHelper - detected UnsignedFile.Multi.Generic (1)
19:13:35.0791 2552        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
19:13:35.0853 2552        udfs - ok
19:13:35.0963 2552        uliagpkx        (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
19:13:35.0994 2552        uliagpkx - ok
19:13:36.0025 2552        uliahci        (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
19:13:36.0072 2552        uliahci - ok
19:13:36.0165 2552        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
19:13:36.0197 2552        UlSata - ok
19:13:36.0212 2552        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
19:13:36.0259 2552        ulsata2 - ok
19:13:36.0306 2552        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
19:13:36.0384 2552        umbus - ok
19:13:36.0477 2552        usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
19:13:36.0555 2552        usbaudio - ok
19:13:36.0665 2552        usbccgp        (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
19:13:36.0743 2552        usbccgp - ok
19:13:36.0836 2552        usbcir          (47b9770ea21436de4ad5aea7926e0900) C:\Windows\system32\DRIVERS\usbcir.sys
19:13:36.0914 2552        usbcir - ok
19:13:37.0023 2552        usbehci        (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
19:13:37.0101 2552        usbehci - ok
19:13:37.0195 2552        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
19:13:37.0273 2552        usbhub - ok
19:13:37.0382 2552        usbohci        (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
19:13:37.0445 2552        usbohci - ok
19:13:37.0476 2552        usbprint        (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
19:13:37.0554 2552        usbprint - ok
19:13:37.0647 2552        USBSTOR        (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:13:37.0710 2552        USBSTOR - ok
19:13:37.0741 2552        usbuhci        (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
19:13:37.0819 2552        usbuhci - ok
19:13:37.0944 2552        vga            (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
19:13:38.0053 2552        vga - ok
19:13:38.0162 2552        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
19:13:38.0225 2552        VgaSave - ok
19:13:38.0256 2552        viaagp          (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
19:13:38.0287 2552        viaagp - ok
19:13:38.0381 2552        ViaC7          (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
19:13:38.0459 2552        ViaC7 - ok
19:13:38.0537 2552        viaide          (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
19:13:38.0568 2552        viaide - ok
19:13:38.0615 2552        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
19:13:38.0646 2552        volmgr - ok
19:13:38.0693 2552        volmgrx        (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
19:13:38.0739 2552        volmgrx - ok
19:13:38.0849 2552        volsnap        (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
19:13:38.0864 2552        volsnap - ok
19:13:38.0895 2552        vsmraid        (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
19:13:38.0927 2552        vsmraid - ok
19:13:39.0036 2552        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
19:13:39.0129 2552        WacomPen - ok
19:13:39.0161 2552        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:13:39.0223 2552        Wanarp - ok
19:13:39.0223 2552        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
19:13:39.0254 2552        Wanarpv6 - ok
19:13:39.0348 2552        wanatw          (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys
19:13:39.0410 2552        wanatw - ok
19:13:39.0519 2552        Wd              (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
19:13:39.0551 2552        Wd - ok
19:13:39.0597 2552        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
19:13:39.0675 2552        Wdf01000 - ok
19:13:39.0847 2552        WmiAcpi        (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
19:13:39.0941 2552        WmiAcpi - ok
19:13:40.0050 2552        WpdUsb          (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
19:13:40.0112 2552        WpdUsb - ok
19:13:40.0159 2552        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
19:13:40.0206 2552        ws2ifsl - ok
19:13:40.0315 2552        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:13:40.0393 2552        WUDFRd - ok
19:13:40.0518 2552        yukonwlh        (bfab14d10543963dbda7128adabfa51d) C:\Windows\system32\DRIVERS\yk60x86.sys
19:13:40.0580 2552        yukonwlh - ok
19:13:40.0705 2552        ZD1211U(WLAN)  (36eb7336d06acfc684ca7e148f802412) C:\Windows\system32\DRIVERS\zd1211u.sys
19:13:40.0736 2552        ZD1211U(WLAN) ( UnsignedFile.Multi.Generic ) - warning
19:13:40.0736 2552        ZD1211U(WLAN) - detected UnsignedFile.Multi.Generic (1)
19:13:40.0814 2552        MBR (0x1B8)    (a863475757cc50891aa8458c415e4b25) \Device\Harddisk0\DR0
19:13:44.0137 2552        \Device\Harddisk0\DR0 - ok
19:13:44.0137 2552        MBR (0x1B8)    (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
19:13:47.0756 2552        \Device\Harddisk1\DR1 - ok
19:13:47.0772 2552        Boot (0x1200)  (b75d6da48db55056aadd5f911bd22ceb) \Device\Harddisk0\DR0\Partition0
19:13:47.0772 2552        \Device\Harddisk0\DR0\Partition0 - ok
19:13:47.0787 2552        Boot (0x1200)  (8a8c3ac651297fa93013038e302101c0) \Device\Harddisk0\DR0\Partition1
19:13:47.0787 2552        \Device\Harddisk0\DR0\Partition1 - ok
19:13:47.0787 2552        Boot (0x1200)  (94a31c74a3ad021e0a156985fb3109de) \Device\Harddisk1\DR1\Partition0
19:13:47.0787 2552        \Device\Harddisk1\DR1\Partition0 - ok
19:13:47.0803 2552        ============================================================
19:13:47.0803 2552        Scan finished
19:13:47.0803 2552        ============================================================
19:13:47.0819 4848        Detected object count: 10
19:13:47.0819 4848        Actual detected object count: 10
19:14:11.0983 4848        AVMUNET ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:11.0983 4848        AVMUNET ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:11.0983 4848        NTIDrvr ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:11.0983 4848        NTIDrvr ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:11.0983 4848        PSDFilter ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:11.0983 4848        PSDFilter ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:11.0983 4848        PSDNServ ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:11.0983 4848        PSDNServ ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:11.0999 4848        psdvdisk ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:11.0999 4848        psdvdisk ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:11.0999 4848        StkAMini ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:11.0999 4848        StkAMini ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:11.0999 4848        StkScan ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:11.0999 4848        StkScan ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:11.0999 4848        StkTMini ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:11.0999 4848        StkTMini ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:12.0014 4848        UBHelper ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:12.0014 4848        UBHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:12.0014 4848        ZD1211U(WLAN) ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:12.0014 4848        ZD1211U(WLAN) ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 13.03.2012 19:17
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:52 Uhr.
Seite 1 von 4 1 23 Letzte »
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131