Trojaner-Board - Probleme mit SMART HDD

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Probleme mit SMART HDD (https://www.trojaner-board.de/113690-probleme-smart-hdd.html)

Probleme mit SMART HDD

Hallo,
bin neu hier und kenne mich so gut wie gar nicht mit dem Thema aus.
Toll das es so ein Forum gibt!
Brauche bitte eure Hilfe.
Mein Desktop ist komplett schwarz, ich sehe nur meinen Papierkorb, es sind mehrere Sicherheitsfenster offen.
Sorry das anhängen der Dateien hier hat auch nicht geklappt..
Habe bereits OTL runtergeladen, und das sind die Ergebnisse die von OTL rausgekommen sind.
Hoffe ihr könnt mir helfen!
Vielen Dank!

OTL.Txt:

OTL logfile created on: 15.04.2012 19:08:27 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Sweta\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19222)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,55 Gb Available Physical Memory | 51,80% Memory free
6,21 Gb Paging File | 4,58 Gb Available in Paging File | 73,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 583,19 Gb Total Space | 454,95 Gb Free Space | 78,01% Space Free | Partition Type: NTFS
Drive D: | 12,98 Gb Total Space | 1,78 Gb Free Space | 13,69% Space Free | Partition Type: NTFS

Computer Name: SWETA-PC | User Name: Sweta | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.04.15 19:07:56 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Sweta\Downloads\OTL.exe
PRC - [2012.04.15 17:51:32 | 000,221,696 | -H-- | M] () -- C:\ProgramData\VOcdQnqbv4L708.exe
PRC - [2012.04.15 17:43:10 | 000,301,568 | -H-- | M] () -- C:\ProgramData\AlSnqDidGxPete.exe
PRC - [2012.03.13 11:26:29 | 000,250,528 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11g_ActiveX.exe
PRC - [2012.02.28 13:33:51 | 000,638,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2011.10.11 15:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.08.23 21:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2009.10.14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Programme\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009.10.14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Programme\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2009.10.07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.10.17 17:57:18 | 000,189,736 | ---- | M] (CyberLink) -- C:\Programme\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008.10.17 17:56:54 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Programme\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008.10.03 16:41:20 | 000,203,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvraidservice.exe
PRC - [2008.09.26 03:36:40 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Programme\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008.09.23 12:03:38 | 000,912,688 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.04.18 17:01:34 | 000,065,536 | -H-- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe

========== Modules (No Company Name) ==========

MOD - [2012.04.15 17:51:32 | 000,221,696 | -H-- | M] () -- C:\ProgramData\VOcdQnqbv4L708.exe
MOD - [2012.04.15 17:43:10 | 000,301,568 | -H-- | M] () -- C:\ProgramData\AlSnqDidGxPete.exe
MOD - [2012.04.13 00:58:31 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\09b9cd1c630210237b5b46d9943e1946\System.Windows.Forms.ni.dll
MOD - [2012.04.13 00:58:21 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\61759b9905aed9a87347d04b5fad046b\System.Drawing.ni.dll
MOD - [2012.04.13 00:58:06 | 014,328,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a8100864c7dd9ecf5d9f07fdaf5ba246\PresentationFramework.ni.dll
MOD - [2012.04.13 00:57:24 | 012,216,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\89b3b18de5d2cc945c24c0333d78f665\PresentationCore.ni.dll
MOD - [2012.02.16 17:10:16 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\8b5f54e3b382fc1720c76557ef8c8bc3\System.Management.ni.dll
MOD - [2012.02.16 17:07:37 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll
MOD - [2012.02.16 17:07:34 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\a333ad288c1a4bbbba8f61249202bc1a\System.EnterpriseServices.ni.dll
MOD - [2012.02.16 17:07:34 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\0ef893bbf33d38a1f7a63b9cee2dabfe\System.Transactions.ni.dll
MOD - [2012.02.16 17:07:34 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\a333ad288c1a4bbbba8f61249202bc1a\System.EnterpriseServices.Wrapper.dll
MOD - [2012.02.16 17:07:24 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll
MOD - [2012.02.16 16:57:05 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll
MOD - [2012.02.16 16:56:21 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\029217106fa24787ff7a61b754f8ebf7\System.Data.ni.dll
MOD - [2012.02.16 16:56:05 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d48e106e015d0f8cb2d5295015cee508\PresentationFramework.Aero.ni.dll
MOD - [2012.02.16 16:55:31 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1e258a951222c818540b33880ca45f2e\WindowsBase.ni.dll
MOD - [2012.02.16 16:55:26 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll
MOD - [2011.10.14 10:32:08 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009.10.14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Programme\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009.10.14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Programme\Common Files\logishrd\LQCVFX\COCIManager.exe
MOD - [2009.04.11 08:28:21 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2009.04.11 04:04:15 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2009.03.30 06:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009.03.30 06:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009.03.30 06:42:13 | 000,659,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
MOD - [2009.03.30 06:42:12 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.03.30 06:42:11 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_de_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
MOD - [2009.02.25 03:16:56 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2009.02.25 03:16:56 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll
MOD - [2008.11.10 00:33:28 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2008.10.17 17:57:20 | 000,881,960 | ---- | M] () -- C:\Programme\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2008.10.17 10:39:18 | 000,032,768 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
MOD - [2008.10.17 10:32:58 | 000,007,168 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2008.10.17 10:32:54 | 000,057,344 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2008.10.17 10:32:48 | 000,118,784 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\ECLibrary.dll
MOD - [2008.10.17 10:32:46 | 000,010,240 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2008.10.17 10:32:26 | 000,040,960 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2008.10.17 10:32:26 | 000,028,672 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2008.10.17 10:32:26 | 000,005,632 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2006.12.10 21:51:08 | 000,077,824 | R--- | M] () -- C:\Programme\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2006.12.10 21:51:08 | 000,065,536 | R--- | M] () -- C:\Programme\HP\Digital Imaging\bin\crm\xmlparse.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe /s Norton Internet Security /m C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll /prefetch:1 -- (Norton Internet Security)
SRV - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.10.07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008.02.03 13:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS -- (SRTSPX)
DRV - File not found [File_System | System | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS -- (SRTSP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081022.006\NAVEX15.SYS -- (NAVEX15)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081022.006\NAVENG.SYS -- (NAVENG)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.02.15 20:06:45 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.11 15:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.10.07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009.04.30 22:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008.11.10 04:08:24 | 004,017,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.09.26 03:36:34 | 000,059,376 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- c:\Programme\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2008.09.10 02:58:08 | 000,020,640 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Programme\PC-Doctor for Windows\pcd5srvc.pkms -- (PCD5SRVC{BD6912E3-AC9D80E8-05040000})
DRV - [2008.08.01 14:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008.07.21 18:12:50 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2008.07.21 18:12:50 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008.05.22 11:39:34 | 000,015,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007.07.19 02:44:00 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007.07.19 02:39:15 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2005.12.12 19:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{4D14827A-DABF-4680-AE44-F46DDFE0E614}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{99D31906-4B07-4CA5-9B7E-2032E112F800}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE - HKLM\..\SearchScopes\{AAF799E4-D65C-49E1-838D-12A435C677FF}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mail.ru/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {99D31906-4B07-4CA5-9B7E-2032E112F800}
IE - HKCU\..\SearchScopes\{128D3E0A-3F1A-48D1-ADFD-59991F7A7CDF}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{4D14827A-DABF-4680-AE44-F46DDFE0E614}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPB_de
IE - HKCU\..\SearchScopes\{83A34CBC-E79C-41B7-A0F1-C22B7046A60D}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=B5BC9946-237B-4616-95B3-78C82F760E26&apn_sauid=9333CBDF-4E3E-464E-8637-A207B1EAB65D&
IE - HKCU\..\SearchScopes\{99D31906-4B07-4CA5-9B7E-2032E112F800}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE - HKCU\..\SearchScopes\{9D04F553-D9B9-42D0-B204-A6492677F5FC}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{AAF799E4-D65C-49E1-838D-12A435C677FF}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKCU\..\SearchScopes\{AC28C4EA-82C3-4BB2-857D-37856D737068}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
IE - HKCU\..\SearchScopes\{EB19C0FF-7226-4154-8E32-42BEE64A61F1}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

========== Chrome ==========

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Sweta\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Sweta\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [SmartMenu] C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TSMAgent] c:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AlSnqDidGxPete.exe] C:\ProgramData\AlSnqDidGxPete.exe ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED515004-0C4A-4397-857C-CCB44C77AC01}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Sweta\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Sweta\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012.04.15 17:51:45 | 000,000,000 | -H-D | C] -- C:\Users\Sweta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD
[2012.04.12 17:31:35 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.04.12 17:31:34 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.04.12 17:31:33 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.04.12 17:31:33 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2012.04.12 17:31:33 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.04.12 17:31:33 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012.04.12 17:31:33 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012.04.12 17:31:33 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012.04.12 17:31:33 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.04.12 17:31:33 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.04.12 17:31:33 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012.04.12 17:31:33 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012.04.12 17:31:32 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.04.12 17:31:32 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012.04.12 17:31:32 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012.04.12 17:31:32 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012.04.12 17:31:32 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012.04.12 17:31:32 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

========== Files - Modified Within 30 Days ==========

[2012.04.15 18:27:16 | 011,400,724 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.04.15 18:27:16 | 003,856,622 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.04.15 18:27:16 | 003,595,128 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.04.15 18:27:16 | 003,236,102 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.04.15 18:20:31 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.15 18:20:29 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.15 18:20:28 | 000,000,680 | -H-- | M] () -- C:\Users\Sweta\AppData\Local\d3d9caps.dat
[2012.04.15 18:20:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.15 18:20:19 | 3220,332,544 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.15 17:51:45 | 000,000,601 | -H-- | M] () -- C:\Users\Sweta\Desktop\SMART_HDD.lnk
[2012.04.15 17:51:45 | 000,000,168 | -H-- | M] () -- C:\ProgramData\-VOcdQnqbv4L708r
[2012.04.15 17:51:45 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-VOcdQnqbv4L708
[2012.04.15 17:51:32 | 000,221,696 | -H-- | M] () -- C:\ProgramData\VOcdQnqbv4L708.exe
[2012.04.15 17:51:32 | 000,000,256 | -H-- | M] () -- C:\ProgramData\VOcdQnqbv4L708
[2012.04.15 17:43:10 | 000,301,568 | -H-- | M] () -- C:\ProgramData\AlSnqDidGxPete.exe
[2012.04.10 12:06:30 | 000,026,538 | -H-- | M] () -- C:\Users\Sweta\AppData\Roaming\wklnhst.dat

========== Files Created - No Company Name ==========

[2012.04.15 17:51:45 | 000,000,601 | -H-- | C] () -- C:\Users\Sweta\Desktop\SMART_HDD.lnk
[2012.04.15 17:51:45 | 000,000,168 | -H-- | C] () -- C:\ProgramData\-VOcdQnqbv4L708r
[2012.04.15 17:51:45 | 000,000,000 | -H-- | C] () -- C:\ProgramData\-VOcdQnqbv4L708
[2012.04.15 17:51:32 | 000,221,696 | -H-- | C] () -- C:\ProgramData\VOcdQnqbv4L708.exe
[2012.04.15 17:51:32 | 000,000,256 | -H-- | C] () -- C:\ProgramData\VOcdQnqbv4L708
[2012.04.15 17:45:17 | 000,301,568 | -H-- | C] () -- C:\ProgramData\AlSnqDidGxPete.exe
[2012.03.03 00:22:56 | 000,000,680 | -H-- | C] () -- C:\Users\Sweta\AppData\Local\d3d9caps.dat
[2010.11.29 12:48:02 | 000,000,462 | ---- | C] () -- C:\Windows\{A67C4EF9-725D-4C83-A67A-BB7B7DE96CF4}_WiseFW.ini
[2010.07.02 07:49:11 | 000,009,728 | -H-- | C] () -- C:\Users\Sweta\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.19 21:33:13 | 000,000,760 | -H-- | C] () -- C:\Users\Sweta\AppData\Roaming\setup_ldm.iss
[2010.05.11 16:55:00 | 000,058,163 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini

========== Files - Unicode (All) ==========
[2010.03.25 16:19:53 | 000,016,384 | -H-- | M] ()(C:\Users\Sweta\Documents\?? ???????, ????? ???.wps) -- C:\Users\Sweta\Documents\Об отпуске, часть два.wps
[2010.03.25 16:19:53 | 000,016,384 | -H-- | C] ()(C:\Users\Sweta\Documents\?? ???????, ????? ???.wps) -- C:\Users\Sweta\Documents\Об отпуске, часть два.wps
[2010.03.25 16:19:21 | 000,017,408 | -H-- | M] ()(C:\Users\Sweta\Documents\????.wps) -- C:\Users\Sweta\Documents\Сука.wps
[2010.03.25 16:19:21 | 000,017,408 | -H-- | C] ()(C:\Users\Sweta\Documents\????.wps) -- C:\Users\Sweta\Documents\Сука.wps
[2009.12.13 19:51:26 | 000,080,896 | -H-- | M] ()(C:\Users\Sweta\Documents\???????????.wps) -- C:\Users\Sweta\Documents\Афродизиаки.wps
[2009.12.13 19:51:26 | 000,080,896 | -H-- | C] ()(C:\Users\Sweta\Documents\???????????.wps) -- C:\Users\Sweta\Documents\Афродизиаки.wps
[2009.11.17 23:26:42 | 000,027,136 | -H-- | M] ()(C:\Users\Sweta\Documents\????????? ? ???????.wps) -- C:\Users\Sweta\Documents\Подрулила к бордюру.wps
[2009.11.17 23:26:42 | 000,027,136 | -H-- | C] ()(C:\Users\Sweta\Documents\????????? ? ???????.wps) -- C:\Users\Sweta\Documents\Подрулила к бордюру.wps
[2009.11.05 19:36:51 | 000,019,968 | -H-- | M] ()(C:\Users\Sweta\Documents\??? ???????? ??? ????.wps) -- C:\Users\Sweta\Documents\Мне остаться или уйти.wps
[2009.11.05 19:36:51 | 000,019,968 | -H-- | C] ()(C:\Users\Sweta\Documents\??? ???????? ??? ????.wps) -- C:\Users\Sweta\Documents\Мне остаться или уйти.wps
[2009.11.05 19:34:16 | 000,016,384 | -H-- | M] ()(C:\Users\Sweta\Documents\? ??? ?????..wps) -- C:\Users\Sweta\Documents\А что стихи..wps
[2009.11.05 19:34:16 | 000,016,384 | -H-- | C] ()(C:\Users\Sweta\Documents\? ??? ?????..wps) -- C:\Users\Sweta\Documents\А что стихи..wps
[2009.11.05 19:33:06 | 000,017,920 | -H-- | M] ()(C:\Users\Sweta\Documents\????????? ???????? ???.wps) -- C:\Users\Sweta\Documents\Ароматами терпкого коф.wps
[2009.11.05 19:33:06 | 000,017,920 | -H-- | C] ()(C:\Users\Sweta\Documents\????????? ???????? ???.wps) -- C:\Users\Sweta\Documents\Ароматами терпкого коф.wps
[2009.11.05 19:28:54 | 000,016,896 | -H-- | M] ()(C:\Users\Sweta\Documents\?? ??????????.wps) -- C:\Users\Sweta\Documents\не Аэрофлотом.wps
[2009.11.05 19:28:54 | 000,016,896 | -H-- | C] ()(C:\Users\Sweta\Documents\?? ??????????.wps) -- C:\Users\Sweta\Documents\не Аэрофлотом.wps
[2009.11.05 19:25:07 | 000,017,408 | -H-- | M] ()(C:\Users\Sweta\Documents\? ???????? ? ?????.wps) -- C:\Users\Sweta\Documents\И коленкой в живот.wps
[2009.11.05 19:25:07 | 000,017,408 | -H-- | C] ()(C:\Users\Sweta\Documents\? ???????? ? ?????.wps) -- C:\Users\Sweta\Documents\И коленкой в живот.wps
[2009.11.05 19:18:20 | 000,016,384 | -H-- | M] ()(C:\Users\Sweta\Documents\??? ????? ??? ???????.wps) -- C:\Users\Sweta\Documents\Вот такая вот суббота.wps
[2009.11.05 19:18:20 | 000,016,384 | -H-- | C] ()(C:\Users\Sweta\Documents\??? ????? ??? ???????.wps) -- C:\Users\Sweta\Documents\Вот такая вот суббота.wps
[2009.11.05 01:10:33 | 000,017,408 | -H-- | M] ()(C:\Users\Sweta\Documents\? ???? ?????.wps) -- C:\Users\Sweta\Documents\Я тебя очень.wps
[2009.11.01 15:02:19 | 000,017,408 | -H-- | C] ()(C:\Users\Sweta\Documents\? ???? ?????.wps) -- C:\Users\Sweta\Documents\Я тебя очень.wps
[2009.10.26 15:55:38 | 000,025,600 | -H-- | M] ()(C:\Users\Sweta\Documents\? ??????? ??? ????.wps) -- C:\Users\Sweta\Documents\я сегодня всю ночь.wps
[2009.10.13 10:06:44 | 000,025,600 | -H-- | C] ()(C:\Users\Sweta\Documents\? ??????? ??? ????.wps) -- C:\Users\Sweta\Documents\я сегодня всю ночь.wps
[2009.10.12 22:06:39 | 000,015,872 | -H-- | M] ()(C:\Users\Sweta\Documents\????.wps) -- C:\Users\Sweta\Documents\Стеб.wps
[2009.10.12 22:06:39 | 000,015,872 | -H-- | C] ()(C:\Users\Sweta\Documents\????.wps) -- C:\Users\Sweta\Documents\Стеб.wps
[2009.10.10 21:24:37 | 000,015,872 | -H-- | M] ()(C:\Users\Sweta\Documents\? ????? ????.wps) -- C:\Users\Sweta\Documents\В нутри моей.wps
[2009.10.10 21:24:37 | 000,015,872 | -H-- | C] ()(C:\Users\Sweta\Documents\? ????? ????.wps) -- C:\Users\Sweta\Documents\В нутри моей.wps
[2009.10.10 19:18:29 | 000,017,920 | -H-- | M] ()(C:\Users\Sweta\Documents\?????-?????? ?? ????????? ??? ???,.wps) -- C:\Users\Sweta\Documents\Когда-нибудь ты вспомнишь обо мне,.wps
[2009.10.10 19:18:28 | 000,017,920 | -H-- | C] ()(C:\Users\Sweta\Documents\?????-?????? ?? ????????? ??? ???,.wps) -- C:\Users\Sweta\Documents\Когда-нибудь ты вспомнишь обо мне,.wps
[2009.10.04 13:00:20 | 000,017,408 | -H-- | M] ()(C:\Users\Sweta\Documents\??????? ??????.wps) -- C:\Users\Sweta\Documents\Немного интима.wps
[2009.10.04 13:00:20 | 000,017,408 | -H-- | C] ()(C:\Users\Sweta\Documents\??????? ??????.wps) -- C:\Users\Sweta\Documents\Немного интима.wps
[2009.09.17 23:08:26 | 000,017,920 | -H-- | M] ()(C:\Users\Sweta\Documents\?????- ??????????? ????????.wps) -- C:\Users\Sweta\Documents\Осень- потихонечку холодает.wps
[2009.09.17 23:08:26 | 000,017,920 | -H-- | C] ()(C:\Users\Sweta\Documents\?????- ??????????? ????????.wps) -- C:\Users\Sweta\Documents\Осень- потихонечку холодает.wps
[2009.09.15 23:21:27 | 000,016,896 | -H-- | M] ()(C:\Users\Sweta\Documents\??????????? ?????.wps) -- C:\Users\Sweta\Documents\Вялотекущая осень.wps
[2009.09.15 23:21:27 | 000,016,896 | -H-- | C] ()(C:\Users\Sweta\Documents\??????????? ?????.wps) -- C:\Users\Sweta\Documents\Вялотекущая осень.wps
[2009.09.15 22:34:29 | 000,021,504 | -H-- | M] ()(C:\Users\Sweta\Documents\?? ?? ????. ?? ?? ???.wps) -- C:\Users\Sweta\Documents\то ли дыбр. то ли хбз.wps
[2009.09.15 22:34:29 | 000,021,504 | -H-- | C] ()(C:\Users\Sweta\Documents\?? ?? ????. ?? ?? ???.wps) -- C:\Users\Sweta\Documents\то ли дыбр. то ли хбз.wps

< End of report >

Und hier Extras.Txt:

OTL logfile created on: 15.04.2012 19:08:27 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Sweta\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19222)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,55 Gb Available Physical Memory | 51,80% Memory free
6,21 Gb Paging File | 4,58 Gb Available in Paging File | 73,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 583,19 Gb Total Space | 454,95 Gb Free Space | 78,01% Space Free | Partition Type: NTFS
Drive D: | 12,98 Gb Total Space | 1,78 Gb Free Space | 13,69% Space Free | Partition Type: NTFS

Computer Name: SWETA-PC | User Name: Sweta | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.04.15 19:07:56 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Sweta\Downloads\OTL.exe
PRC - [2012.04.15 17:51:32 | 000,221,696 | -H-- | M] () -- C:\ProgramData\VOcdQnqbv4L708.exe
PRC - [2012.04.15 17:43:10 | 000,301,568 | -H-- | M] () -- C:\ProgramData\AlSnqDidGxPete.exe
PRC - [2012.03.13 11:26:29 | 000,250,528 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil11g_ActiveX.exe
PRC - [2012.02.28 13:33:51 | 000,638,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2011.10.11 15:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.08.23 21:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2009.10.14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Programme\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009.10.14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Programme\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2009.10.07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.10.17 17:57:18 | 000,189,736 | ---- | M] (CyberLink) -- C:\Programme\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2008.10.17 17:56:54 | 001,152,296 | ---- | M] (CyberLink Corp.) -- C:\Programme\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
PRC - [2008.10.03 16:41:20 | 000,203,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvraidservice.exe
PRC - [2008.09.26 03:36:40 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Programme\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2008.09.23 12:03:38 | 000,912,688 | ---- | M] (Hewlett-Packard) -- C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.04.18 17:01:34 | 000,065,536 | -H-- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe

========== Modules (No Company Name) ==========

MOD - [2012.04.15 17:51:32 | 000,221,696 | -H-- | M] () -- C:\ProgramData\VOcdQnqbv4L708.exe
MOD - [2012.04.15 17:43:10 | 000,301,568 | -H-- | M] () -- C:\ProgramData\AlSnqDidGxPete.exe
MOD - [2012.04.13 00:58:31 | 012,430,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\09b9cd1c630210237b5b46d9943e1946\System.Windows.Forms.ni.dll
MOD - [2012.04.13 00:58:21 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\61759b9905aed9a87347d04b5fad046b\System.Drawing.ni.dll
MOD - [2012.04.13 00:58:06 | 014,328,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a8100864c7dd9ecf5d9f07fdaf5ba246\PresentationFramework.ni.dll
MOD - [2012.04.13 00:57:24 | 012,216,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\89b3b18de5d2cc945c24c0333d78f665\PresentationCore.ni.dll
MOD - [2012.02.16 17:10:16 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\8b5f54e3b382fc1720c76557ef8c8bc3\System.Management.ni.dll
MOD - [2012.02.16 17:07:37 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll
MOD - [2012.02.16 17:07:34 | 000,627,712 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\a333ad288c1a4bbbba8f61249202bc1a\System.EnterpriseServices.ni.dll
MOD - [2012.02.16 17:07:34 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\0ef893bbf33d38a1f7a63b9cee2dabfe\System.Transactions.ni.dll
MOD - [2012.02.16 17:07:34 | 000,280,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\a333ad288c1a4bbbba8f61249202bc1a\System.EnterpriseServices.Wrapper.dll
MOD - [2012.02.16 17:07:24 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll
MOD - [2012.02.16 16:57:05 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll
MOD - [2012.02.16 16:56:21 | 006,621,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\029217106fa24787ff7a61b754f8ebf7\System.Data.ni.dll
MOD - [2012.02.16 16:56:05 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d48e106e015d0f8cb2d5295015cee508\PresentationFramework.Aero.ni.dll
MOD - [2012.02.16 16:55:31 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1e258a951222c818540b33880ca45f2e\WindowsBase.ni.dll
MOD - [2012.02.16 16:55:26 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll
MOD - [2011.10.14 10:32:08 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2009.10.14 13:36:56 | 002,793,304 | ---- | M] () -- C:\Programme\Logitech\Logitech WebCam Software\LWS.exe
MOD - [2009.10.14 13:34:18 | 000,560,472 | ---- | M] () -- C:\Programme\Common Files\logishrd\LQCVFX\COCIManager.exe
MOD - [2009.04.11 08:28:21 | 000,368,640 | ---- | M] () -- C:\Windows\System32\msjetoledb40.dll
MOD - [2009.04.11 04:04:15 | 000,113,664 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
MOD - [2009.03.30 06:42:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009.03.30 06:42:17 | 002,933,760 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009.03.30 06:42:13 | 000,659,456 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
MOD - [2009.03.30 06:42:12 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.03.30 06:42:11 | 000,061,440 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_de_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll
MOD - [2009.02.25 03:16:56 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2009.02.25 03:16:56 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll
MOD - [2008.11.10 00:33:28 | 000,159,744 | ---- | M] () -- C:\Windows\System32\atitmmxx.dll
MOD - [2008.10.17 17:57:20 | 000,881,960 | ---- | M] () -- C:\Programme\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2008.10.17 10:39:18 | 000,032,768 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll
MOD - [2008.10.17 10:32:58 | 000,007,168 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2008.10.17 10:32:54 | 000,057,344 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2008.10.17 10:32:48 | 000,118,784 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\ECLibrary.dll
MOD - [2008.10.17 10:32:46 | 000,010,240 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2008.10.17 10:32:26 | 000,040,960 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2008.10.17 10:32:26 | 000,028,672 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2008.10.17 10:32:26 | 000,005,632 | ---- | M] () -- C:\Programme\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2006.12.10 21:51:08 | 000,077,824 | R--- | M] () -- C:\Programme\HP\Digital Imaging\bin\crm\xmltok.dll
MOD - [2006.12.10 21:51:08 | 000,065,536 | R--- | M] () -- C:\Programme\HP\Digital Imaging\bin\crm\xmlparse.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe /s Norton Internet Security /m C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll /prefetch:1 -- (Norton Internet Security)
SRV - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.10.07 01:47:34 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008.02.03 13:00:00 | 000,129,992 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\System32\ezsvc7.dll -- (ezSharedSvc)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS -- (SRTSPX)
DRV - File not found [File_System | System | Stopped] -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS -- (SRTSP)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081022.006\NAVEX15.SYS -- (NAVEX15)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081022.006\NAVENG.SYS -- (NAVENG)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.02.15 20:06:45 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.11 15:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.10.07 01:46:36 | 000,025,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009.04.30 22:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2008.11.10 04:08:24 | 004,017,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008.09.26 03:36:34 | 000,059,376 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- c:\Programme\Hewlett-Packard\Media\DVD\000.fcl -- ({55662437-DA8C-40c0-AADA-2C816A897A49})
DRV - [2008.09.10 02:58:08 | 000,020,640 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Programme\PC-Doctor for Windows\pcd5srvc.pkms -- (PCD5SRVC{BD6912E3-AC9D80E8-05040000})
DRV - [2008.08.01 14:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008.07.21 18:12:50 | 000,145,952 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2008.07.21 18:12:50 | 000,133,152 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2008.05.22 11:39:34 | 000,015,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007.07.19 02:44:00 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007.07.19 02:39:15 | 000,013,848 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lv302af.sys -- (pepifilter)
DRV - [2005.12.12 19:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{4D14827A-DABF-4680-AE44-F46DDFE0E614}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{99D31906-4B07-4CA5-9B7E-2032E112F800}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE - HKLM\..\SearchScopes\{AAF799E4-D65C-49E1-838D-12A435C677FF}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mail.ru/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {99D31906-4B07-4CA5-9B7E-2032E112F800}
IE - HKCU\..\SearchScopes\{128D3E0A-3F1A-48D1-ADFD-59991F7A7CDF}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{4D14827A-DABF-4680-AE44-F46DDFE0E614}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7SKPB_de
IE - HKCU\..\SearchScopes\{83A34CBC-E79C-41B7-A0F1-C22B7046A60D}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=B5BC9946-237B-4616-95B3-78C82F760E26&apn_sauid=9333CBDF-4E3E-464E-8637-A207B1EAB65D&
IE - HKCU\..\SearchScopes\{99D31906-4B07-4CA5-9B7E-2032E112F800}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de
IE - HKCU\..\SearchScopes\{9D04F553-D9B9-42D0-B204-A6492677F5FC}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{AAF799E4-D65C-49E1-838D-12A435C677FF}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
IE - HKCU\..\SearchScopes\{AC28C4EA-82C3-4BB2-857D-37856D737068}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
IE - HKCU\..\SearchScopes\{EB19C0FF-7226-4154-8E32-42BEE64A61F1}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

========== Chrome ==========

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Sweta\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Sweta\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DVDAgent] c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [SmartMenu] C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)
O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TSMAgent] c:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AlSnqDidGxPete.exe] C:\ProgramData\AlSnqDidGxPete.exe ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED515004-0C4A-4397-857C-CCB44C77AC01}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Sweta\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Sweta\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012.04.15 17:51:45 | 000,000,000 | -H-D | C] -- C:\Users\Sweta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD
[2012.04.12 17:31:35 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.04.12 17:31:34 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.04.12 17:31:33 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.04.12 17:31:33 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2012.04.12 17:31:33 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.04.12 17:31:33 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012.04.12 17:31:33 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012.04.12 17:31:33 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012.04.12 17:31:33 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.04.12 17:31:33 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.04.12 17:31:33 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012.04.12 17:31:33 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012.04.12 17:31:32 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.04.12 17:31:32 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012.04.12 17:31:32 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012.04.12 17:31:32 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012.04.12 17:31:32 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012.04.12 17:31:32 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

========== Files - Modified Within 30 Days ==========

[2012.04.15 18:27:16 | 011,400,724 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.04.15 18:27:16 | 003,856,622 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.04.15 18:27:16 | 003,595,128 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.04.15 18:27:16 | 003,236,102 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.04.15 18:20:31 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.15 18:20:29 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.15 18:20:28 | 000,000,680 | -H-- | M] () -- C:\Users\Sweta\AppData\Local\d3d9caps.dat
[2012.04.15 18:20:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.15 18:20:19 | 3220,332,544 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.15 17:51:45 | 000,000,601 | -H-- | M] () -- C:\Users\Sweta\Desktop\SMART_HDD.lnk
[2012.04.15 17:51:45 | 000,000,168 | -H-- | M] () -- C:\ProgramData\-VOcdQnqbv4L708r
[2012.04.15 17:51:45 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-VOcdQnqbv4L708
[2012.04.15 17:51:32 | 000,221,696 | -H-- | M] () -- C:\ProgramData\VOcdQnqbv4L708.exe
[2012.04.15 17:51:32 | 000,000,256 | -H-- | M] () -- C:\ProgramData\VOcdQnqbv4L708
[2012.04.15 17:43:10 | 000,301,568 | -H-- | M] () -- C:\ProgramData\AlSnqDidGxPete.exe
[2012.04.10 12:06:30 | 000,026,538 | -H-- | M] () -- C:\Users\Sweta\AppData\Roaming\wklnhst.dat

========== Files Created - No Company Name ==========

[2012.04.15 17:51:45 | 000,000,601 | -H-- | C] () -- C:\Users\Sweta\Desktop\SMART_HDD.lnk
[2012.04.15 17:51:45 | 000,000,168 | -H-- | C] () -- C:\ProgramData\-VOcdQnqbv4L708r
[2012.04.15 17:51:45 | 000,000,000 | -H-- | C] () -- C:\ProgramData\-VOcdQnqbv4L708
[2012.04.15 17:51:32 | 000,221,696 | -H-- | C] () -- C:\ProgramData\VOcdQnqbv4L708.exe
[2012.04.15 17:51:32 | 000,000,256 | -H-- | C] () -- C:\ProgramData\VOcdQnqbv4L708
[2012.04.15 17:45:17 | 000,301,568 | -H-- | C] () -- C:\ProgramData\AlSnqDidGxPete.exe
[2012.03.03 00:22:56 | 000,000,680 | -H-- | C] () -- C:\Users\Sweta\AppData\Local\d3d9caps.dat
[2010.11.29 12:48:02 | 000,000,462 | ---- | C] () -- C:\Windows\{A67C4EF9-725D-4C83-A67A-BB7B7DE96CF4}_WiseFW.ini
[2010.07.02 07:49:11 | 000,009,728 | -H-- | C] () -- C:\Users\Sweta\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.19 21:33:13 | 000,000,760 | -H-- | C] () -- C:\Users\Sweta\AppData\Roaming\setup_ldm.iss
[2010.05.11 16:55:00 | 000,058,163 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini

========== Files - Unicode (All) ==========
[2010.03.25 16:19:53 | 000,016,384 | -H-- | M] ()(C:\Users\Sweta\Documents\?? ???????, ????? ???.wps) -- C:\Users\Sweta\Documents\Об отпуске, часть два.wps
[2010.03.25 16:19:53 | 000,016,384 | -H-- | C] ()(C:\Users\Sweta\Documents\?? ???????, ????? ???.wps) -- C:\Users\Sweta\Documents\Об отпуске, часть два.wps
[2010.03.25 16:19:21 | 000,017,408 | -H-- | M] ()(C:\Users\Sweta\Documents\????.wps) -- C:\Users\Sweta\Documents\Сука.wps
[2010.03.25 16:19:21 | 000,017,408 | -H-- | C] ()(C:\Users\Sweta\Documents\????.wps) -- C:\Users\Sweta\Documents\Сука.wps
[2009.12.13 19:51:26 | 000,080,896 | -H-- | M] ()(C:\Users\Sweta\Documents\???????????.wps) -- C:\Users\Sweta\Documents\Афродизиаки.wps
[2009.12.13 19:51:26 | 000,080,896 | -H-- | C] ()(C:\Users\Sweta\Documents\???????????.wps) -- C:\Users\Sweta\Documents\Афродизиаки.wps
[2009.11.17 23:26:42 | 000,027,136 | -H-- | M] ()(C:\Users\Sweta\Documents\????????? ? ???????.wps) -- C:\Users\Sweta\Documents\Подрулила к бордюру.wps
[2009.11.17 23:26:42 | 000,027,136 | -H-- | C] ()(C:\Users\Sweta\Documents\????????? ? ???????.wps) -- C:\Users\Sweta\Documents\Подрулила к бордюру.wps
[2009.11.05 19:36:51 | 000,019,968 | -H-- | M] ()(C:\Users\Sweta\Documents\??? ???????? ??? ????.wps) -- C:\Users\Sweta\Documents\Мне остаться или уйти.wps
[2009.11.05 19:36:51 | 000,019,968 | -H-- | C] ()(C:\Users\Sweta\Documents\??? ???????? ??? ????.wps) -- C:\Users\Sweta\Documents\Мне остаться или уйти.wps
[2009.11.05 19:34:16 | 000,016,384 | -H-- | M] ()(C:\Users\Sweta\Documents\? ??? ?????..wps) -- C:\Users\Sweta\Documents\А что стихи..wps
[2009.11.05 19:34:16 | 000,016,384 | -H-- | C] ()(C:\Users\Sweta\Documents\? ??? ?????..wps) -- C:\Users\Sweta\Documents\А что стихи..wps
[2009.11.05 19:33:06 | 000,017,920 | -H-- | M] ()(C:\Users\Sweta\Documents\????????? ???????? ???.wps) -- C:\Users\Sweta\Documents\Ароматами терпкого коф.wps
[2009.11.05 19:33:06 | 000,017,920 | -H-- | C] ()(C:\Users\Sweta\Documents\????????? ???????? ???.wps) -- C:\Users\Sweta\Documents\Ароматами терпкого коф.wps
[2009.11.05 19:28:54 | 000,016,896 | -H-- | M] ()(C:\Users\Sweta\Documents\?? ??????????.wps) -- C:\Users\Sweta\Documents\не Аэрофлотом.wps
[2009.11.05 19:28:54 | 000,016,896 | -H-- | C] ()(C:\Users\Sweta\Documents\?? ??????????.wps) -- C:\Users\Sweta\Documents\не Аэрофлотом.wps
[2009.11.05 19:25:07 | 000,017,408 | -H-- | M] ()(C:\Users\Sweta\Documents\? ???????? ? ?????.wps) -- C:\Users\Sweta\Documents\И коленкой в живот.wps
[2009.11.05 19:25:07 | 000,017,408 | -H-- | C] ()(C:\Users\Sweta\Documents\? ???????? ? ?????.wps) -- C:\Users\Sweta\Documents\И коленкой в живот.wps
[2009.11.05 19:18:20 | 000,016,384 | -H-- | M] ()(C:\Users\Sweta\Documents\??? ????? ??? ???????.wps) -- C:\Users\Sweta\Documents\Вот такая вот суббота.wps
[2009.11.05 19:18:20 | 000,016,384 | -H-- | C] ()(C:\Users\Sweta\Documents\??? ????? ??? ???????.wps) -- C:\Users\Sweta\Documents\Вот такая вот суббота.wps
[2009.11.05 01:10:33 | 000,017,408 | -H-- | M] ()(C:\Users\Sweta\Documents\? ???? ?????.wps) -- C:\Users\Sweta\Documents\Я тебя очень.wps
[2009.11.01 15:02:19 | 000,017,408 | -H-- | C] ()(C:\Users\Sweta\Documents\? ???? ?????.wps) -- C:\Users\Sweta\Documents\Я тебя очень.wps
[2009.10.26 15:55:38 | 000,025,600 | -H-- | M] ()(C:\Users\Sweta\Documents\? ??????? ??? ????.wps) -- C:\Users\Sweta\Documents\я сегодня всю ночь.wps
[2009.10.13 10:06:44 | 000,025,600 | -H-- | C] ()(C:\Users\Sweta\Documents\? ??????? ??? ????.wps) -- C:\Users\Sweta\Documents\я сегодня всю ночь.wps
[2009.10.12 22:06:39 | 000,015,872 | -H-- | M] ()(C:\Users\Sweta\Documents\????.wps) -- C:\Users\Sweta\Documents\Стеб.wps
[2009.10.12 22:06:39 | 000,015,872 | -H-- | C] ()(C:\Users\Sweta\Documents\????.wps) -- C:\Users\Sweta\Documents\Стеб.wps
[2009.10.10 21:24:37 | 000,015,872 | -H-- | M] ()(C:\Users\Sweta\Documents\? ????? ????.wps) -- C:\Users\Sweta\Documents\В нутри моей.wps
[2009.10.10 21:24:37 | 000,015,872 | -H-- | C] ()(C:\Users\Sweta\Documents\? ????? ????.wps) -- C:\Users\Sweta\Documents\В нутри моей.wps
[2009.10.10 19:18:29 | 000,017,920 | -H-- | M] ()(C:\Users\Sweta\Documents\?????-?????? ?? ????????? ??? ???,.wps) -- C:\Users\Sweta\Documents\Когда-нибудь ты вспомнишь обо мне,.wps
[2009.10.10 19:18:28 | 000,017,920 | -H-- | C] ()(C:\Users\Sweta\Documents\?????-?????? ?? ????????? ??? ???,.wps) -- C:\Users\Sweta\Documents\Когда-нибудь ты вспомнишь обо мне,.wps
[2009.10.04 13:00:20 | 000,017,408 | -H-- | M] ()(C:\Users\Sweta\Documents\??????? ??????.wps) -- C:\Users\Sweta\Documents\Немного интима.wps
[2009.10.04 13:00:20 | 000,017,408 | -H-- | C] ()(C:\Users\Sweta\Documents\??????? ??????.wps) -- C:\Users\Sweta\Documents\Немного интима.wps
[2009.09.17 23:08:26 | 000,017,920 | -H-- | M] ()(C:\Users\Sweta\Documents\?????- ??????????? ????????.wps) -- C:\Users\Sweta\Documents\Осень- потихонечку холодает.wps
[2009.09.17 23:08:26 | 000,017,920 | -H-- | C] ()(C:\Users\Sweta\Documents\?????- ??????????? ????????.wps) -- C:\Users\Sweta\Documents\Осень- потихонечку холодает.wps
[2009.09.15 23:21:27 | 000,016,896 | -H-- | M] ()(C:\Users\Sweta\Documents\??????????? ?????.wps) -- C:\Users\Sweta\Documents\Вялотекущая осень.wps
[2009.09.15 23:21:27 | 000,016,896 | -H-- | C] ()(C:\Users\Sweta\Documents\??????????? ?????.wps) -- C:\Users\Sweta\Documents\Вялотекущая осень.wps
[2009.09.15 22:34:29 | 000,021,504 | -H-- | M] ()(C:\Users\Sweta\Documents\?? ?? ????. ?? ?? ???.wps) -- C:\Users\Sweta\Documents\то ли дыбр. то ли хбз.wps
[2009.09.15 22:34:29 | 000,021,504 | -H-- | C] ()(C:\Users\Sweta\Documents\?? ?? ????. ?? ?? ???.wps) -- C:\Users\Sweta\Documents\то ли дыбр. то ли хбз.wps

< End of report >

:hallo:

Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass du clean bist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig. Solltest du irgendwo nicht weiterkommen, stoppe an diesem Punkt und beschreibe dein Problem hier!
Nur Scans durchführen, zu denen du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren) - wenn du die anweisungen mehrere Helfer ausführst, kann das schwere Probleme nach sich ziehen!.
Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
Wenn etwas unklar ist: Frage, bevor du etwas "blind" machst!
Poste die Logfiles direkt in deinen Thread. Nicht anhängen, außer, ich fordere dich dazu auf. Erschwert mir nämlich das Auswerten.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1: defogger

Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.

Starte das Tool mit Doppelklick.
Vista und Win7 User mit Rechtsklick "als Administrator starten".
Klicke nun auf den Disable Button um die Treiber gewisser Emulatoren zu deaktivieren.
Wenn der Scan beendet wurde ( Finished ), klicke auf OK.
Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.

Sollte Defogger eine Fehlermeldung ausgeben, poste bitte die defogger_disable Log von deinem Desktop.
Klicke den Re-enable Button nicht ohne Anweisung.

Schritt 2: Gmer

Bitte

alle anderen Scanner gegen Viren, Spyware, usw. deaktivieren,
keine bestehende Verbindung zu einem Netzwerk/Internet (WLAN nicht vergessen),
nichts am Rechner arbeiten,
nach jedem Scan der Rechner neu gestarten.

Gmer scannen lassen

Lade Dir Gmer von dieser Seite herunter (auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
Alle anderen Programme sollen geschlossen sein.
Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen). Vista und Win7 User mit Rechtsklick und als Administrator starten.
Sollte sich ein Fenster mit folgender Warnung öffnen:
WARNING !!! GMER has found system modification, which might have been caused by ROOTKIT activity. Do you want to fully scan your system ?
Unbedingt auf "No" klicken.
Entferne rechts den Haken bei:
- IAT/EAT
- Alle Festplatten ausser die Systemplatte (normalerweise ist nur C:\ angehackt)
- Show all (sollte abgehackt sein)
Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Hallo Marius,
vielen Dank für deine Hilfe.
Habe alles gemacht, wie du beschrieben hast.
Allerdings ist mein Desktop nach dem Neustart wieder schwarz und die ganzen Dateien nicht mehr sichtbar. Ist das normal?
Ok, was nun?

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die http://larusso.trojaner-board.de/Images/otlfix.jpg Textbox.

Code:

:OTL

MOD - [2012.04.15 17:51:32 | 000,221,696 | -H-- | M] () -- C:\ProgramData\VOcdQnqbv4L708.exe

MOD - [2012.04.15 17:43:10 | 000,301,568 | -H-- | M] () -- C:\ProgramData\AlSnqDidGxPete.exe

IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)

IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}

IE - HKLM\..\SearchScopes\{4D14827A-DABF-4680-AE44-F46DDFE0E614}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7

IE - HKLM\..\SearchScopes\{99D31906-4B07-4CA5-9B7E-2032E112F800}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de

IE - HKLM\..\SearchScopes\{AAF799E4-D65C-49E1-838D-12A435C677FF}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mail.ru/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Programme\softonic-de3\tbsoft.dll (Conduit Ltd.)

IE - HKCU\..\SearchScopes,DefaultScope = {99D31906-4B07-4CA5-9B7E-2032E112F800}

IE - HKCU\..\SearchScopes\{128D3E0A-3F1A-48D1-ADFD-59991F7A7CDF}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}

IE - HKCU\..\SearchScopes\{4D14827A-DABF-4680-AE44-F46DDFE0E614}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008

IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={output Encoding}&sourceid=ie7&rlz=1I7SKPB_de

IE - HKCU\..\SearchScopes\{83A34CBC-E79C-41B7-A0F1-C22B7046A60D}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ 000YYDE&apn_uid=B5BC9946-237B-4616-95B3-78C82F760E26&apn_sauid=9333CBDF-4E3E-464E-8637-A207B1EAB65D&

IE - HKCU\..\SearchScopes\{99D31906-4B07-4CA5-9B7E-2032E112F800}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcndtie7-de-de

IE - HKCU\..\SearchScopes\{AAF799E4-D65C-49E1-838D-12A435C677FF}: "URL" = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933

IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245

O4 - HKCU..\Run: [AlSnqDidGxPete.exe] C:\ProgramData\AlSnqDidGxPete.exe ()

[2012.04.15 17:51:45 | 000,000,601 | -H-- | M] () -- C:\Users\Sweta\Desktop\SMART_HDD.lnk

[2012.04.15 17:51:45 | 000,000,168 | -H-- | M] () -- C:\ProgramData\-VOcdQnqbv4L708r

[2012.04.15 17:51:45 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-VOcdQnqbv4L708

[2012.04.15 17:51:32 | 000,221,696 | -H-- | M] () -- C:\ProgramData\VOcdQnqbv4L708.exe

[2012.04.15 17:51:32 | 000,000,256 | -H-- | M] () -- C:\ProgramData\VOcdQnqbv4L708

[2012.04.15 17:43:10 | 000,301,568 | -H-- | M] () -- C:\ProgramData\AlSnqDidGxPete.exe

[2012.04.10 12:06:30 | 000,026,538 | -H-- | M] () -- C:\Users\Sweta\AppData\Roaming\wklnhst.dat

:COMMANDS

[EMPTYTEMP]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2: defogger

Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.

Starte das Tool mit Doppelklick.
Vista und Win7 User mit Rechtsklick "als Administrator starten".
Klicke nun auf den Disable Button um die Treiber gewisser Emulatoren zu deaktivieren.
Wenn der Scan beendet wurde ( Finished ), klicke auf OK.
Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.

Sollte Defogger eine Fehlermeldung ausgeben, poste bitte die defogger_disable Log von deinem Desktop.
Klicke den Re-enable Button nicht ohne Anweisung.

Schritt 3: GMER

Bitte

alle anderen Scanner gegen Viren, Spyware, usw. deaktivieren,
keine bestehende Verbindung zu einem Netzwerk/Internet (WLAN nicht vergessen),
nichts am Rechner arbeiten,
nach jedem Scan der Rechner neu gestarten.

Gmer scannen lassen

Lade Dir Gmer von dieser Seite herunter (auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
Alle anderen Programme sollen geschlossen sein.
Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen). Vista und Win7 User mit Rechtsklick und als Administrator starten.
Sollte sich ein Fenster mit folgender Warnung öffnen:
WARNING !!! GMER has found system modification, which might have been caused by ROOTKIT activity. Do you want to fully scan your system ?
Unbedingt auf "No" klicken.
Entferne rechts den Haken bei:
- IAT/EAT
- Alle Festplatten ausser die Systemplatte (normalerweise ist nur C:\ angehackt)
- Show all (sollte abgehackt sein)
Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully.
C:\Programme\softonic-de3\tbsoft.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4D14827A-DABF-4680-AE44-F46DDFE0E614}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D14827A-DABF-4680-AE44-F46DDFE0E614}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{99D31906-4B07-4CA5-9B7E-2032E112F800}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99D31906-4B07-4CA5-9B7E-2032E112F800}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AAF799E4-D65C-49E1-838D-12A435C677FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AAF799E4-D65C-49E1-838D-12A435C677FF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Programme\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File C:\Programme\softonic-de3\tbsoft.dll not found.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{128D3E0A-3F1A-48D1-ADFD-59991F7A7CDF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{128D3E0A-3F1A-48D1-ADFD-59991F7A7CDF}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4D14827A-DABF-4680-AE44-F46DDFE0E614}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D14827A-DABF-4680-AE44-F46DDFE0E614}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{83A34CBC-E79C-41B7-A0F1-C22B7046A60D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{83A34CBC-E79C-41B7-A0F1-C22B7046A60D}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{99D31906-4B07-4CA5-9B7E-2032E112F800}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99D31906-4B07-4CA5-9B7E-2032E112F800}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AAF799E4-D65C-49E1-838D-12A435C677FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AAF799E4-D65C-49E1-838D-12A435C677FF}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AlSnqDidGxPete.exe deleted successfully.
C:\ProgramData\AlSnqDidGxPete.exe moved successfully.
C:\Users\Sweta\Desktop\SMART_HDD.lnk moved successfully.
C:\ProgramData\-VOcdQnqbv4L708r moved successfully.
C:\ProgramData\-VOcdQnqbv4L708 moved successfully.
C:\ProgramData\VOcdQnqbv4L708.exe moved successfully.
C:\ProgramData\VOcdQnqbv4L708 moved successfully.
File C:\ProgramData\AlSnqDidGxPete.exe not found.
C:\Users\Sweta\AppData\Roaming\wklnhst.dat moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Sweta
->Temp folder emptied: 1811027 bytes
->Temporary Internet Files folder emptied: 197746555 bytes
->Java cache emptied: 21381196 bytes
->Google Chrome cache emptied: 6202823 bytes
->Apple Safari cache emptied: 915456 bytes
->Flash cache emptied: 470 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2366988 bytes
RecycleBin emptied: 257 bytes

Total Files Cleaned = 220,00 mb

OTL by OldTimer - Version 3.2.39.2 log created on 04162012_225528

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...

OK, Windows sollte wieder normal starten.
Poste noch das Gmer-Log

Ja, die Sicherheitsfenster sind weg. Desktop ist immer noch schwarz.

Hier ist die Gmer.Log
Danke!

GMER Logfile:

Code:

GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover

Rootkit scan 2012-04-16 23:39:10

Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000057 WDC_WD64 rev.01.0

Running: 6o40ng5l.exe; Driver: C:\Users\Sweta\AppData\Local\Temp\uwloypow.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT   8B27D8A6                                                                                     ZwCreateSection

SSDT   8B27D8B0                                                                                     ZwRequestWaitReplyPort

SSDT   8B27D8AB                                                                                     ZwSetContextThread

SSDT   8B27D8B5                                                                                     ZwSetSecurityObject

SSDT   8B27D8BA                                                                                     ZwSystemDebugControl

SSDT   8B27D847                                                                                     ZwTerminateProcess
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text  ntkrnlpa.exe!KeSetEvent + 215                                                                81EEA998 4 Bytes  [A6, D8, 27, 8B]

.text  ntkrnlpa.exe!KeSetEvent + 539                                                                81EEACBC 4 Bytes  [B0, D8, 27, 8B]

.text  ntkrnlpa.exe!KeSetEvent + 56D                                                                81EEACF0 4 Bytes  [AB, D8, 27, 8B]

.text  ntkrnlpa.exe!KeSetEvent + 5D1                                                                81EEAD54 4 Bytes  [B5, D8, 27, 8B]

.text  ntkrnlpa.exe!KeSetEvent + 619                                                                81EEAD9C 4 Bytes  [BA, D8, 27, 8B]

.text  ...                                                                                          

.text  C:\Windows\system32\DRIVERS\atikmdag.sys                                                     section is writeable [0x8E40E000, 0x21FB8F, 0xE8000020]

       c:\Program Files\Hewlett-Packard\Media\DVD\000.fcl                                           entry point in "" section [0x9D51D41C]

.clc   c:\Program Files\Hewlett-Packard\Media\DVD\000.fcl                                           unknown last code section [0x9D51E000, 0x1000, 0xE0000020]
 

---- User code sections - GMER 1.0.15 ----
 

.text  C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!CreateDialogParamW          771472A2 5 Bytes  JMP 10134BA0 C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)

.text  C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!GetAsyncKeyState            7714863C 5 Bytes  JMP 6D188F27 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!SetWindowsHookExW           771487AD 5 Bytes  JMP 6D269AA5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!CallNextHookEx              77148E3B 5 Bytes  JMP 6D25D119 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!UnhookWindowsHookEx         771498DB 5 Bytes  JMP 6D1D4686 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!EnableWindow                7714CD8B 5 Bytes  JMP 6D26DD2D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!CreateWindowExW             77151305 5 Bytes  JMP 6D26DB14 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!GetKeyState                 77158CB1 5 Bytes  JMP 6D26D2DB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!IsDialogMessageW            77160745 5 Bytes  JMP 6D195A17 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!TrackPopupMenu              771614F3 5 Bytes  JMP 10134320 C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)

.text  C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!CreateDialogParamA          771617AA 5 Bytes  JMP 6D36601B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!IsDialogMessage             77161847 5 Bytes  JMP 6D3658B7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!CreateDialogIndirectParamA  771626F1 5 Bytes  JMP 6D366052 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!CreateDialogIndirectParamW  77169A62 5 Bytes  JMP 6D366089 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!SetKeyboardState            77170987 5 Bytes  JMP 6D365C26 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!TrackPopupMenuEx            77170CE7 5 Bytes  JMP 10134480 C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)

.text  C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!DialogBoxParamW             771710B0 5 Bytes  JMP 10134D20 C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)

.text  C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!DialogBoxIndirectParamW     77172EF5 5 Bytes  JMP 6D3653AF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!SendInput                   77172F75 5 Bytes  JMP 6D3667E3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!EndDialog                   7717326E 5 Bytes  JMP 6D197EC2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!SetCursorPos                77186FB2 5 Bytes  JMP 6D366837 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!DialogBoxParamA             77188152 5 Bytes  JMP 6D36534C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!DialogBoxIndirectParamA     7718847D 5 Bytes  JMP 6D365412 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!MessageBoxIndirectA         7719D4D9 5 Bytes  JMP 6D3652E1 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!MessageBoxIndirectW         7719D5D3 5 Bytes  JMP 6D365276 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!MessageBoxExA               7719D639 5 Bytes  JMP 6D365214 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!MessageBoxExW               7719D65D 5 Bytes  JMP 6D3651B2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[3088] USER32.dll!keybd_event                 7719D972 5 Bytes  JMP 6D366B67 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[3088] SHELL32.dll!SHRestricted + D95         763F89A8 4 Bytes  [4D, 30, E7, 61] {DEC EBP; XOR BH, AH; POPA }

.text  C:\Program Files\Internet Explorer\iexplore.exe[3088] SHELL32.dll!SHRestricted + D9D         763F89B0 8 Bytes  [57, 2F, E7, 61, 9C, 5B, E6, ...] {PUSH EDI; DAS ; OUT 0x61, EAX; PUSHF ; POP EBX; OUT 0x61, AL}

.text  C:\Program Files\Internet Explorer\iexplore.exe[3088] ole32.dll!OleLoadFromStream            75771E80 5 Bytes  JMP 6D365717 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[3088] ole32.dll!CoCreateInstance             757A9F3E 5 Bytes  JMP 6D26DB70 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[3540] USER32.dll!CreateWindowExW             77151305 5 Bytes  JMP 6D26DB14 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[3540] USER32.dll!DialogBoxParamW             771710B0 5 Bytes  JMP 6D195505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[3540] USER32.dll!DialogBoxIndirectParamW     77172EF5 5 Bytes  JMP 6D3653AF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[3540] USER32.dll!DialogBoxParamA             77188152 5 Bytes  JMP 6D36534C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[3540] USER32.dll!DialogBoxIndirectParamA     7718847D 5 Bytes  JMP 6D365412 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[3540] USER32.dll!MessageBoxIndirectA         7719D4D9 5 Bytes  JMP 6D3652E1 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[3540] USER32.dll!MessageBoxIndirectW         7719D5D3 5 Bytes  JMP 6D365276 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[3540] USER32.dll!MessageBoxExA               7719D639 5 Bytes  JMP 6D365214 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[3540] USER32.dll!MessageBoxExW               7719D65D 5 Bytes  JMP 6D3651B2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[5888] USER32.dll!CreateDialogParamW          771472A2 5 Bytes  JMP 10134BA0 C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)

.text  C:\Program Files\Internet Explorer\iexplore.exe[5888] USER32.dll!GetAsyncKeyState            7714863C 5 Bytes  JMP 6D188F27 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[5888] USER32.dll!SetWindowsHookExW           771487AD 5 Bytes  JMP 6D269AA5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[5888] USER32.dll!CallNextHookEx              77148E3B 5 Bytes  JMP 6D25D119 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[5888] USER32.dll!UnhookWindowsHookEx         771498DB 5 Bytes  JMP 6D1D4686 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[5888] USER32.dll!EnableWindow                7714CD8B 5 Bytes  JMP 6D26DD2D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[5888] USER32.dll!CreateWindowExW             77151305 5 Bytes  JMP 6D26DB14 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[5888] USER32.dll!GetKeyState                 77158CB1 5 Bytes  JMP 6D26D2DB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[5888] USER32.dll!IsDialogMessageW            77160745 5 Bytes  JMP 6D195A17 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[5888] USER32.dll!TrackPopupMenu              771614F3 5 Bytes  JMP 10134320 C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)

.text  C:\Program Files\Internet Explorer\iexplore.exe[5888] USER32.dll!CreateDialogParamA          771617AA 5 Bytes  JMP 6D36601B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[5888] USER32.dll!IsDialogMessage             77161847 5 Bytes  JMP 6D3658B7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[5888] USER32.dll!CreateDialogIndirectParamA  771626F1 5 Bytes  JMP 6D366052 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[5888] USER32.dll!CreateDialogIndirectParamW  77169A62 5 Bytes  JMP 6D366089 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[5888] USER32.dll!SetKeyboardState            77170987 5 Bytes  JMP 6D365C26 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[5888] USER32.dll!TrackPopupMenuEx            77170CE7 5 Bytes  JMP 10134480 C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)

.text  C:\Program Files\Internet Explorer\iexplore.exe[5888] USER32.dll!DialogBoxParamW             771710B0 5 Bytes  JMP 10134D20 C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)

.text  C:\Program Files\Internet Explorer\iexplore.exe[5888] USER32.dll!DialogBoxIndirectParamW     77172EF5 5 Bytes  JMP 6D3653AF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[5888] USER32.dll!SendInput                   77172F75 5 Bytes  JMP 6D3667E3 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[5888] USER32.dll!EndDialog                   7717326E 5 Bytes  JMP 6D197EC2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[5888] USER32.dll!SetCursorPos                77186FB2 5 Bytes  JMP 6D366837 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[5888] USER32.dll!DialogBoxParamA             77188152 5 Bytes  JMP 6D36534C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[5888] USER32.dll!DialogBoxIndirectParamA     7718847D 5 Bytes  JMP 6D365412 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[5888] USER32.dll!MessageBoxIndirectA         7719D4D9 5 Bytes  JMP 6D3652E1 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[5888] USER32.dll!MessageBoxIndirectW         7719D5D3 5 Bytes  JMP 6D365276 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[5888] USER32.dll!MessageBoxExA               7719D639 5 Bytes  JMP 6D365214 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[5888] USER32.dll!MessageBoxExW               7719D65D 5 Bytes  JMP 6D3651B2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[5888] USER32.dll!keybd_event                 7719D972 5 Bytes  JMP 6D366B67 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[5888] SHELL32.dll!SHRestricted + D95         763F89A8 4 Bytes  [4D, 30, E7, 61] {DEC EBP; XOR BH, AH; POPA }

.text  C:\Program Files\Internet Explorer\iexplore.exe[5888] SHELL32.dll!SHRestricted + D9D         763F89B0 8 Bytes  [57, 2F, E7, 61, 9C, 5B, E6, ...] {PUSH EDI; DAS ; OUT 0x61, EAX; PUSHF ; POP EBX; OUT 0x61, AL}

.text  C:\Program Files\Internet Explorer\iexplore.exe[5888] ole32.dll!OleLoadFromStream            75771E80 5 Bytes  JMP 6D365717 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

.text  C:\Program Files\Internet Explorer\iexplore.exe[5888] ole32.dll!CoCreateInstance             757A9F3E 5 Bytes  JMP 6D26DB70 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
 

---- EOF - GMER 1.0.15 ----

--- --- ---

unhide

Downloade bitte Grinler's unhide.exe auf deinen Desktop
Starte das Tool mit Doppelklick.

Wenn es seine Arbeit getan hat, wird eine Nachricht mit Done aufpoppen.
Es wird auch eine Logfile, Unhide.txt erstellen. Poste diese bitte hier.

Guten Morgen Marius,
es sind ein Paar Files jetzt auf dem Desktop sichtbar, die neuen Dateien und ein mein altes. Es stand in einem kleinem "Finished" Fenster etwas mit Avira runterfahren, dann werden die anderen auch sichtbar sein..

Hier ist Unhide Log:

Unhide by Lawrence Abrams (Grinler)
Bleeping Computer - Computer Help and Discussion
Copyright 2008-2012 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
Unhide.exe - A introduction as to what this program does

Program started at: 04/17/2012 06:56:24 AM
Windows Version: Windows Vista

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 170767 files processed.

Processing the D:\ drive
Finished processing the D:\ drive. 16836 files processed.

Processing the F:\ drive
Finished processing the F:\ drive. 0 files processed.

Processing the G:\ drive
Finished processing the G:\ drive. 0 files processed.

Processing the H:\ drive
Finished processing the H:\ drive. 0 files processed.

Processing the I:\ drive
Finished processing the I:\ drive. 0 files processed.

The C:\Users\Sweta\AppData\Local\Temp\smtmp\ folder does not exist!!
Unhide cannot restore your missing shortcuts!!
Please see this topic in order to learn how to restore default
Start Menu shortcuts: Unhide.exe - A introduction as to what this program does

Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
* Start_ShowControlPanel was set to 0! It was set back to 1!
* Start_ShowHelp was set to 0! It was set back to 1!
* Start_ShowMyComputer was set to 0! It was set back to 1!
* Start_ShowMyDocs was set to 0! It was set back to 1!
* Start_ShowMyMusic was set to 0! It was set back to 1!
* Start_ShowMyPics was set to 0! It was set back to 1!
* Start_ShowPrinters was set to 0! It was set back to 1!
* Start_ShowRun was set to 0! It was set back to 1!
* Start_ShowSearch was set to 0! It was set back to 1!
* Start_ShowSetProgramAccessAndDefaults was set to 0! It was set back to 1!
* Start_ShowRecentDocs was set to 0! It was set back to 2!
* Start_ShowNetConn was set to 0! It was set back to 1!
* Start_ShowNetPlaces was set to 0! It was set back to 1!
* Start_TrackDocs was set to 0! It was set back to 1!
* Start_TrackProgs was set to 0! It was set back to 1!
* Start_ShowUser was set to 0! It was set back to 1!
* Start_ShowMyGames was set to 0! It was set back to 1!

Restarting Explorer.exe in order to apply changes.

Program finished at: 04/17/2012 07:00:36 AM
Execution time: 0 hours(s), 4 minute(s), and 11 seconds(s)

combofix

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2

WICHTIG - Speichere Combofix auf deinem Desktop

Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Das ist die Combofix Log

Combofix Logfile:

Code:

ComboFix 12-04-16.03 - Sweta 17.04.2012  20:14:28.1.4 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3070.1856 [GMT 2:00]

ausgeführt von:: c:\users\Sweta\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Sweta\4.0

c:\users\Sweta\Defogger.exe

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-03-17 bis 2012-04-17  ))))))))))))))))))))))))))))))

.

.

2012-04-17 18:22 . 2012-04-17 18:22        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-04-16 20:55 . 2012-04-16 20:55        --------        d-----w-        C:\_OTL

2012-04-13 09:39 . 2012-03-14 02:15        6582328        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{61518BE9-AE47-4522-B9B6-396B79869569}\mpengine.dll

2012-04-12 22:59 . 2012-02-29 15:11        5120        ----a-w-        c:\windows\system32\wmi.dll

2012-04-12 22:59 . 2012-02-29 15:11        172032        ----a-w-        c:\windows\system32\wintrust.dll

2012-04-12 22:59 . 2012-02-29 15:09        157696        ----a-w-        c:\windows\system32\imagehlp.dll

2012-04-12 22:59 . 2012-02-29 13:32        12800        ----a-w-        c:\windows\system32\drivers\fs_rec.sys

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-03-13 09:26 . 2011-05-13 14:52        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2012-02-23 08:18 . 2009-10-03 09:47        237072        ------w-        c:\windows\system32\MpSigStub.exe

2012-02-15 18:06 . 2011-10-15 05:34        137416        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2012-02-02 15:16 . 2012-03-14 08:45        2044416        ----a-w-        c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2010-10-18 11:26        3908192        ----a-w-        c:\program files\ConduitEngine\ConduitEngine.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BF42D4A8-016E-4fcd-B1EB-837659FD77C6}]

2011-12-12 16:12        1600616        ----a-w-        c:\program files\WEB.DE Toolbar\IE\uitb.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]

"{C424171E-592A-415a-9EB1-DFD6D95D3530}"= "c:\program files\WEB.DE Toolbar\IE\uitb.dll" [2011-12-12 1600616]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_CLASSES_ROOT\clsid\{c424171e-592a-415a-9eb1-dfd6d95d3530}]

[HKEY_CLASSES_ROOT\uitb.Toolbar.1]

[HKEY_CLASSES_ROOT\TypeLib\{99F77431-0658-476F-99CE-A05F35CDC7BA}]

[HKEY_CLASSES_ROOT\uitb.Toolbar]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]

"{C424171E-592A-415A-9EB1-DFD6D95D3530}"= "c:\program files\WEB.DE Toolbar\IE\uitb.dll" [2011-12-12 1600616]

.

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

.

[HKEY_CLASSES_ROOT\clsid\{c424171e-592a-415a-9eb1-dfd6d95d3530}]

[HKEY_CLASSES_ROOT\uitb.Toolbar.1]

[HKEY_CLASSES_ROOT\TypeLib\{99F77431-0658-476F-99CE-A05F35CDC7BA}]

[HKEY_CLASSES_ROOT\uitb.Toolbar]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-10-17 972080]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]

"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2008-10-03 203296]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]

"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]

"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]

"UpdatePSTShortCut"="c:\program files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2008-09-11 210216]

"TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-10-17 1152296]

"CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-10-17 189736]

"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-09-26 1148200]

"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2008-09-23 912688]

"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]

"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-08-23 887976]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"HP Health Check Scheduler"=c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe

"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12        REG_MULTI_SZ           Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt        REG_MULTI_SZ           hpqcxs08 hpqddsvc

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs

ezSharedSvc

.

Inhalt des "geplante Tasks" Ordners

.

2010-07-26 c:\windows\Tasks\PCDRScheduledMaintenance.job

- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-09-10 14:43]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://mail.ru/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 192.168.178.1

Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - c:\program files\WEB.DE Toolbar\IE\uitb.dll

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

BHO-{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - (no file)

BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll

Toolbar-{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - (no file)

Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll

WebBrowser-{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover

Rootkit scan 2012-04-17 20:22

Windows 6.0.6002 Service Pack 2 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]

"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{BD6912E3-AC9D80E8-05040000}]

"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]

"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"

.

Zeit der Fertigstellung: 2012-04-17  20:30:00

ComboFix-quarantined-files.txt  2012-04-17 18:29

.

Vor Suchlauf: 9 Verzeichnis(se), 490.321.997.824 Bytes frei

Nach Suchlauf: 11 Verzeichnis(se), 490.251.493.376 Bytes frei

.

- - End Of File - - AEEE3ECB09BFDDF9C70B6F90292B815B

--- --- ---

Schritt 1: Programme deinstallieren

Klicke Start-->Systemsteuerung.
Öffne Programme und Funktionen.
Suche und deinstalliere folgende Einträge:

Zitat:

conduit engine
softonic-de3 toolbar
ask toolbar
Schließe das Fenster.

Schritt 2: MBAM

Downloade Dir bitte Malwarebytes

Installiere das Programm in den vorgegebenen Pfad.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
Wenn das Update beendet wurde, aktiviere Vollständigen Scan durchführen und drücke auf Scannen.(Hinweis: Alle Festplatten anhaken!
Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Schritt 3: Neues OTL-Log

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)

Doppelklick auf die OTL.exe
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles hier in den Thread.

Hi Marius,
habe conduit engine und ask toolbar deinstalliert.
Softonic- de3 toolbar lässt sich nicht deinstallieren, es kommt ein Fenster mit:
- Datei Install.log konnte nicht geöffnet werden.-

Soll ich mit weiteren Schritten fortfahren?

Ja, fahre bitte fort!

Malwarebytes Anti-Malware 1.61.0.1400
Malwarebytes : Free anti-malware, anti-virus and spyware removal download

Datenbank Version: v2012.04.18.05

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19222
Sweta :: SWETA-PC [Administrator]

18.04.2012 15:31:44
mbam-log-2012-04-18 (15-31-44).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 339802
Laufzeit: 1 Stunde(n), 30 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\_OTL\MovedFiles\04162012_225528\C_ProgramData\AlSnqDidGxPete.exe (Backdoor.Agent.RCGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\_OTL\MovedFiles\04162012_225528\C_ProgramData\VOcdQnqbv4L708.exe (Backdoor.Agent.RCGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

OTL Logfile:

Code:

OTL logfile created on: 18.04.2012 17:12:00 - Run 2

OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\Sweta\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.19222)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 61,74% Memory free

6,19 Gb Paging File | 4,84 Gb Available in Paging File | 78,10% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 583,19 Gb Total Space | 455,03 Gb Free Space | 78,02% Space Free | Partition Type: NTFS

Drive D: | 12,98 Gb Total Space | 1,78 Gb Free Space | 13,69% Space Free | Partition Type: NTFS

 

Computer Name: SWETA-PC | User Name: Sweta | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Sweta\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Windows\System32\Macromed\Flash\FlashUtil11g_ActiveX.exe (Adobe Systems, Inc.)

PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)

PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

PRC - C:\Programme\Logitech\Logitech WebCam Software\LWS.exe ()

PRC - C:\Programme\Common Files\logishrd\LQCVFX\COCIManager.exe ()

PRC - C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()

PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)

PRC - C:\Programme\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)

PRC - C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)

PRC - C:\Programme\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)

PRC - C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)

PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\09b9cd1c630210237b5b46d9943e1946\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\61759b9905aed9a87347d04b5fad046b\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\a8100864c7dd9ecf5d9f07fdaf5ba246\PresentationFramework.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\89b3b18de5d2cc945c24c0333d78f665\PresentationCore.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\8b5f54e3b382fc1720c76557ef8c8bc3\System.Management.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5c3bfd69e0c268baff0d169e11a6a784\System.Runtime.Remoting.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\a333ad288c1a4bbbba8f61249202bc1a\System.EnterpriseServices.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\0ef893bbf33d38a1f7a63b9cee2dabfe\System.Transactions.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\a333ad288c1a4bbbba8f61249202bc1a\System.EnterpriseServices.Wrapper.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\7fd6c62196829d1e2dce5a253145d51a\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d9f0f1dc8cbdb81f1ba122d77a6ab710\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\029217106fa24787ff7a61b754f8ebf7\System.Data.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d48e106e015d0f8cb2d5295015cee508\PresentationFramework.Aero.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\1e258a951222c818540b33880ca45f2e\WindowsBase.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c50133cb67d7c013fa31e1ffb942060b\System.ni.dll ()

MOD - C:\Windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\bcb66dbad2b45d05235b37a02f737eb5\Accessibility.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()

MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()

MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()

MOD - C:\Programme\Logitech\Logitech WebCam Software\LWS.exe ()

MOD - C:\Programme\Common Files\logishrd\LQCVFX\COCIManager.exe ()

MOD - C:\Windows\System32\msjetoledb40.dll ()

MOD - C:\Windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll ()

MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()

MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic.resources\8.0.0.0_de_b03f5f7f11d50a3a\Microsoft.VisualBasic.resources.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3235.39253__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3235.39378__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3235.39232__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3235.39256__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3235.39350__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3235.39324__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3235.39248__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3235.39301__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3235.39241__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3235.39331__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3235.39380__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3235.39333__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3235.39241__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3235.39305__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Dashboard\2.0.3235.39243__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3235.39258__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Dashboard\2.0.3235.39297__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3235.39303__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3235.39342__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3235.39257__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3235.39319__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3235.39304__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3235.39400__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3235.39330__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3235.39302__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime\2.0.3235.39376__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3235.39261__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3235.39303__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3235.39318__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3235.39321__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3184.27501__90ba9c70f846762e\CLI.Caste.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3184.27534__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3184.27485__90ba9c70f846762e\CLI.Foundation.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3184.27520__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3184.27518__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0601\2.0.2573.17685__90ba9c70f846762e\DEM.Graphics.I0601.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3184.27528__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3184.27483__90ba9c70f846762e\LOG.Foundation.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3184.27484__90ba9c70f846762e\NEWAEM.Foundation.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3184.27567__90ba9c70f846762e\CLI.Foundation.XManifest.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.PowerPlayDPPE.Graphics.Shared\2.0.3184.27527__90ba9c70f846762e\CLI.Aspect.PowerPlayDPPE.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS.I0602\2.0.3184.27511__90ba9c70f846762e\DEM.OS.I0602.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0703\2.0.2651.18802__90ba9c70f846762e\DEM.Graphics.I0703.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3184.27503__90ba9c70f846762e\CLI.Component.Wizard.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3184.27499__90ba9c70f846762e\CLI.Component.Dashboard.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3184.27492__90ba9c70f846762e\CLI.Component.Client.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3184.27499__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3184.27491__90ba9c70f846762e\AEM.Actions.CCAA.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3184.27510__90ba9c70f846762e\MOM.Foundation.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\DEM.OS\2.0.3184.27511__90ba9c70f846762e\DEM.OS.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics.I0706\2.0.2743.23304__90ba9c70f846762e\DEM.Graphics.I0706.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3184.27512__90ba9c70f846762e\DEM.Graphics.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\DEM.Foundation\2.0.2573.17684__90ba9c70f846762e\DEM.Foundation.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3184.27498__90ba9c70f846762e\CLI.Component.Runtime.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3184.27515__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3184.27513__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3184.27506__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3184.27533__90ba9c70f846762e\AEM.Plugin.GD.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3184.27509__90ba9c70f846762e\AEM.Plugin.EEU.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3184.27533__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\atixclib\1.0.0.0__90ba9c70f846762e\atixclib.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3184.27520__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3184.27518__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3184.27517__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3184.27520__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3184.27509__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3184.27516__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3184.27513__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3184.27510__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3184.27519__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\ACE.Graphics.DisplaysManager.Shared\2.0.2573.17685__90ba9c70f846762e\ACE.Graphics.DisplaysManager.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3184.27514__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3184.27508__90ba9c70f846762e\APM.Foundation.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3184.27499__90ba9c70f846762e\AEM.Server.Shared.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3235.39369__90ba9c70f846762e\MOM.Implementation.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3235.39366__90ba9c70f846762e\LOG.Foundation.Implementation.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3235.39393__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3184.27488__90ba9c70f846762e\CLI.Foundation.Private.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3184.27493__90ba9c70f846762e\LOG.Foundation.Private.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3184.27504__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3184.27510__90ba9c70f846762e\LOG.Foundation.Implementation.Private.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Private\2.0.3184.27488__90ba9c70f846762e\LOCALIZATION.Foundation.Private.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll ()

MOD - C:\Windows\assembly\GAC\Interop.WBOCXLib\1.0.0.0__90ba9c70f846762e\Interop.WBOCXLib.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\LOCALIZATION.Foundation.Implementation\2.0.3235.39406__90ba9c70f846762e\LOCALIZATION.Foundation.Implementation.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3235.39228__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.resources\2.0.3235.39237_de_90ba9c70f846762e\CLI.Component.Dashboard.resources.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3235.39237__90ba9c70f846762e\CLI.Component.Dashboard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3235.39248__90ba9c70f846762e\CLI.Component.Wizard.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\ATIDEMOS\2.0.3235.39230__90ba9c70f846762e\ATIDEMOS.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3235.39229__90ba9c70f846762e\CLI.Component.Runtime.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3235.39226__90ba9c70f846762e\APM.Server.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3235.39231__90ba9c70f846762e\CLI.Component.SkinFactory.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3184.27505__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3235.39227__90ba9c70f846762e\AEM.Server.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3184.27496__90ba9c70f846762e\CLI.Component.Client.Shared.Private.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3235.39368__90ba9c70f846762e\CCC.Implementation.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3184.27504__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3184.27521__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.dll ()

MOD - C:\Windows\System32\atitmmxx.dll ()

MOD - C:\Programme\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ()

MOD - C:\Programme\Hewlett-Packard\HP Advisor\Content.XmlSerializers.dll ()

MOD - C:\Programme\Hewlett-Packard\HP Advisor\RemotingClient.dll ()

MOD - C:\Programme\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll ()

MOD - C:\Programme\Hewlett-Packard\HP Advisor\ECLibrary.dll ()

MOD - C:\Programme\Hewlett-Packard\HP Advisor\MessagingClients.dll ()

MOD - C:\Programme\Hewlett-Packard\HP Advisor\MessagingServer.dll ()

MOD - C:\Programme\Hewlett-Packard\HP Advisor\MessagingMessages.dll ()

MOD - C:\Programme\Hewlett-Packard\HP Advisor\MessagingInterface.dll ()

MOD - c:\Programme\ATI Technologies\ATI.ACE\Branding\Branding.dll ()

MOD - C:\Programme\HP\Digital Imaging\bin\crm\xmltok.dll ()

MOD - C:\Programme\HP\Digital Imaging\bin\crm\xmlparse.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (Norton Internet Security) -- C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe /s Norton Internet Security /m C:\Program Files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll /prefetch:1 File not found

SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)

SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)

SRV - (LVPrcSrv) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)

SRV - (ezSharedSvc) -- C:\Windows\System32\ezsvc7.dll (EasyBits Sofware AS)

SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (SRTSPX) -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSPX.SYS File not found

DRV - (SRTSP) -- C:\Windows\system32\drivers\NIS\1000000.07D\SRTSP.SYS File not found

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found

DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081022.006\NAVEX15.SYS File not found

DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20081022.006\NAVENG.SYS File not found

DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found

DRV - (catchme) -- C:\Users\Sweta\AppData\Local\Temp\catchme.sys File not found

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()

DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.)

DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - ({55662437-DA8C-40c0-AADA-2C816A897A49}) -- c:\Programme\Hewlett-Packard\Media\DVD\000.fcl (Cyberlink Corp.)

DRV - (PCD5SRVC{BD6912E3-AC9D80E8-05040000}) -- C:\Programme\PC-Doctor for Windows\pcd5srvc.pkms (PC-Doctor, Inc.)

DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation)

DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation)

DRV - (nvrd32) -- C:\Windows\System32\drivers\nvrd32.sys (NVIDIA Corporation)

DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation)

DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)

DRV - (pepifilter) -- C:\Windows\System32\drivers\lv302af.sys (Logitech Inc.)

DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=91&bd=Pavilion&pf=cndt

IE - HKLM\..\SearchScopes,DefaultScope = 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = @MAIL.RU:

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 

IE - HKCU\..\SearchScopes,DefaultScope = {9D04F553-D9B9-42D0-B204-A6492677F5FC}

IE - HKCU\..\SearchScopes\{9D04F553-D9B9-42D0-B204-A6492677F5FC}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}

IE - HKCU\..\SearchScopes\{AC28C4EA-82C3-4BB2-857D-37856D737068}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie

IE - HKCU\..\SearchScopes\{EB19C0FF-7226-4154-8E32-42BEE64A61F1}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

 
 ========== FireFox ==========

 

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

 

 
 ========== Chrome  ==========

 

 

O1 HOSTS File: ([2012.04.17 20:22:36 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (WEB.DE Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)

O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)

O3 - HKLM\..\Toolbar: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Sweta\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)

O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.

O3 - HKCU\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)

O3 - HKCU\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Sweta\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)

O4 - HKLM..\Run: [DVDAgent] c:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)

O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()

O4 - HKLM..\Run: [NVRaidService] C:\Windows\System32\nvraidservice.exe (NVIDIA Corporation)

O4 - HKLM..\Run: [SmartMenu] C:\Programme\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard)

O4 - HKLM..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)

O4 - HKLM..\Run: [TSMAgent] c:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)

O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED515004-0C4A-4397-857C-CCB44C77AC01}: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\WEB.DE Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Sweta\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\Sweta\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.04.18 15:30:05 | 000,000,000 | ---D | C] -- C:\Users\Sweta\AppData\Roaming\Malwarebytes

[2012.04.18 15:29:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.04.18 15:29:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.04.18 15:29:57 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2012.04.18 15:29:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2012.04.18 15:27:48 | 010,063,000 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Sweta\Desktop\mbam-setup-1.61.0.1400.exe

[2012.04.17 20:28:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012.04.17 20:10:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2012.04.17 20:10:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2012.04.17 20:10:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2012.04.17 20:10:35 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2012.04.17 20:10:32 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012.04.17 20:08:19 | 004,465,211 | R--- | C] (Swearware) -- C:\Users\Sweta\Desktop\ComboFix.exe

[2012.04.17 06:55:51 | 000,399,264 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\Sweta\Desktop\unhide.exe

[2012.04.16 22:55:28 | 000,000,000 | ---D | C] -- C:\_OTL

[2012.04.16 22:51:57 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Sweta\Desktop\OTL.exe

[2012.04.15 17:51:45 | 000,000,000 | ---D | C] -- C:\Users\Sweta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD

[2012.04.12 17:31:35 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2012.04.12 17:31:34 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2012.04.12 17:31:33 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2012.04.12 17:31:33 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll

[2012.04.12 17:31:33 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2012.04.12 17:31:33 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2012.04.12 17:31:33 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2012.04.12 17:31:33 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2012.04.12 17:31:33 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2012.04.12 17:31:33 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2012.04.12 17:31:33 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2012.04.12 17:31:33 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2012.04.12 17:31:32 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2012.04.12 17:31:32 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2012.04.12 17:31:32 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2012.04.12 17:31:32 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2012.04.12 17:31:32 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll

[2012.04.12 17:31:32 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.04.18 17:12:44 | 003,924,718 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2012.04.18 17:12:44 | 003,301,510 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2012.04.18 17:12:43 | 011,618,060 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2012.04.18 17:12:43 | 003,666,472 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2012.04.18 17:09:23 | 000,000,276 | ---- | M] () -- C:\Users\Sweta\AppData\Roaming\wklnhst.dat

[2012.04.18 17:06:42 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2012.04.18 17:06:42 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2012.04.18 17:06:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012.04.18 17:06:33 | 3220,324,352 | -HS- | M] () -- C:\hiberfil.sys

[2012.04.18 17:05:13 | 000,016,384 | ---- | M] () -- C:\Users\Sweta\Documents\malware.wps

[2012.04.18 15:30:00 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.04.18 15:27:49 | 010,063,000 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Sweta\Desktop\mbam-setup-1.61.0.1400.exe

[2012.04.18 15:09:43 | 000,000,680 | ---- | M] () -- C:\Users\Sweta\AppData\Local\d3d9caps.dat

[2012.04.17 20:22:36 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2012.04.17 20:08:40 | 004,465,211 | R--- | M] (Swearware) -- C:\Users\Sweta\Desktop\ComboFix.exe

[2012.04.17 06:55:53 | 000,399,264 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\Sweta\Desktop\unhide.exe

[2012.04.16 23:09:54 | 000,302,592 | ---- | M] () -- C:\Users\Sweta\Desktop\6o40ng5l.exe

[2012.04.16 23:06:21 | 000,000,000 | ---- | M] () -- C:\Users\Sweta\defogger_reenable

[2012.04.16 22:52:01 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Sweta\Desktop\OTL.exe

[2012.04.16 21:55:17 | 000,302,592 | ---- | M] () -- C:\Users\Sweta\Desktop\d61bggbw.exe

[2012.04.16 21:50:09 | 000,000,000 | ---- | M] () -- C:\Users\Sweta\Desktop\defogger_reenable

[2012.04.16 21:47:18 | 000,050,477 | ---- | M] () -- C:\Users\Sweta\Desktop\Defogger.exe

[2012.04.15 20:50:10 | 000,042,840 | ---- | M] () -- C:\Users\Sweta\Extras.Text

[2012.04.15 20:49:51 | 000,171,398 | ---- | M] () -- C:\Users\Sweta\OTL.Text

[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

 
 ========== Files Created - No Company Name ==========

 

[2012.04.18 17:05:13 | 000,016,384 | ---- | C] () -- C:\Users\Sweta\Documents\malware.wps

[2012.04.18 15:30:00 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.04.18 10:48:10 | 000,000,276 | ---- | C] () -- C:\Users\Sweta\AppData\Roaming\wklnhst.dat

[2012.04.17 20:10:41 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2012.04.17 20:10:41 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2012.04.17 20:10:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2012.04.17 20:10:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2012.04.17 20:10:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2012.04.16 23:09:50 | 000,302,592 | ---- | C] () -- C:\Users\Sweta\Desktop\6o40ng5l.exe

[2012.04.16 23:06:21 | 000,000,000 | ---- | C] () -- C:\Users\Sweta\defogger_reenable

[2012.04.16 21:55:15 | 000,302,592 | ---- | C] () -- C:\Users\Sweta\Desktop\d61bggbw.exe

[2012.04.16 21:50:09 | 000,000,000 | ---- | C] () -- C:\Users\Sweta\Desktop\defogger_reenable

[2012.04.16 21:47:18 | 000,050,477 | ---- | C] () -- C:\Users\Sweta\Desktop\Defogger.exe

[2012.04.15 20:50:10 | 000,042,840 | ---- | C] () -- C:\Users\Sweta\Extras.Text

[2012.04.15 20:49:51 | 000,171,398 | ---- | C] () -- C:\Users\Sweta\OTL.Text

[2012.03.03 00:22:56 | 000,000,680 | ---- | C] () -- C:\Users\Sweta\AppData\Local\d3d9caps.dat

[2010.11.29 12:48:02 | 000,000,462 | ---- | C] () -- C:\Windows\{A67C4EF9-725D-4C83-A67A-BB7B7DE96CF4}_WiseFW.ini

[2010.07.02 07:49:11 | 000,009,728 | ---- | C] () -- C:\Users\Sweta\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.06.19 21:33:13 | 000,000,760 | ---- | C] () -- C:\Users\Sweta\AppData\Roaming\setup_ldm.iss

[2010.05.11 16:55:00 | 000,058,163 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini

 
 ========== Files - Unicode (All) ==========

[2010.03.25 16:19:53 | 000,016,384 | ---- | M] ()(C:\Users\Sweta\Documents\?? ???????, ????? ???.wps) -- C:\Users\Sweta\Documents\Об отпуске, часть два.wps

[2010.03.25 16:19:53 | 000,016,384 | ---- | C] ()(C:\Users\Sweta\Documents\?? ???????, ????? ???.wps) -- C:\Users\Sweta\Documents\Об отпуске, часть два.wps

[2010.03.25 16:19:21 | 000,017,408 | ---- | M] ()(C:\Users\Sweta\Documents\????.wps) -- C:\Users\Sweta\Documents\Сука.wps

[2010.03.25 16:19:21 | 000,017,408 | ---- | C] ()(C:\Users\Sweta\Documents\????.wps) -- C:\Users\Sweta\Documents\Сука.wps

[2009.12.13 19:51:26 | 000,080,896 | ---- | M] ()(C:\Users\Sweta\Documents\???????????.wps) -- C:\Users\Sweta\Documents\Афродизиаки.wps

[2009.12.13 19:51:26 | 000,080,896 | ---- | C] ()(C:\Users\Sweta\Documents\???????????.wps) -- C:\Users\Sweta\Documents\Афродизиаки.wps

[2009.11.17 23:26:42 | 000,027,136 | ---- | M] ()(C:\Users\Sweta\Documents\????????? ? ???????.wps) -- C:\Users\Sweta\Documents\Подрулила к бордюру.wps

[2009.11.17 23:26:42 | 000,027,136 | ---- | C] ()(C:\Users\Sweta\Documents\????????? ? ???????.wps) -- C:\Users\Sweta\Documents\Подрулила к бордюру.wps

[2009.11.05 19:36:51 | 000,019,968 | ---- | M] ()(C:\Users\Sweta\Documents\??? ???????? ??? ????.wps) -- C:\Users\Sweta\Documents\Мне остаться или уйти.wps

[2009.11.05 19:36:51 | 000,019,968 | ---- | C] ()(C:\Users\Sweta\Documents\??? ???????? ??? ????.wps) -- C:\Users\Sweta\Documents\Мне остаться или уйти.wps

[2009.11.05 19:34:16 | 000,016,384 | ---- | M] ()(C:\Users\Sweta\Documents\? ??? ?????..wps) -- C:\Users\Sweta\Documents\А что стихи..wps

[2009.11.05 19:34:16 | 000,016,384 | ---- | C] ()(C:\Users\Sweta\Documents\? ??? ?????..wps) -- C:\Users\Sweta\Documents\А что стихи..wps

[2009.11.05 19:33:06 | 000,017,920 | ---- | M] ()(C:\Users\Sweta\Documents\????????? ???????? ???.wps) -- C:\Users\Sweta\Documents\Ароматами терпкого коф.wps

[2009.11.05 19:33:06 | 000,017,920 | ---- | C] ()(C:\Users\Sweta\Documents\????????? ???????? ???.wps) -- C:\Users\Sweta\Documents\Ароматами терпкого коф.wps

[2009.11.05 19:28:54 | 000,016,896 | ---- | M] ()(C:\Users\Sweta\Documents\?? ??????????.wps) -- C:\Users\Sweta\Documents\не Аэрофлотом.wps

[2009.11.05 19:28:54 | 000,016,896 | ---- | C] ()(C:\Users\Sweta\Documents\?? ??????????.wps) -- C:\Users\Sweta\Documents\не Аэрофлотом.wps

[2009.11.05 19:25:07 | 000,017,408 | ---- | M] ()(C:\Users\Sweta\Documents\? ???????? ? ?????.wps) -- C:\Users\Sweta\Documents\И коленкой в живот.wps

[2009.11.05 19:25:07 | 000,017,408 | ---- | C] ()(C:\Users\Sweta\Documents\? ???????? ? ?????.wps) -- C:\Users\Sweta\Documents\И коленкой в живот.wps

[2009.11.05 19:18:20 | 000,016,384 | ---- | M] ()(C:\Users\Sweta\Documents\??? ????? ??? ???????.wps) -- C:\Users\Sweta\Documents\Вот такая вот суббота.wps

[2009.11.05 19:18:20 | 000,016,384 | ---- | C] ()(C:\Users\Sweta\Documents\??? ????? ??? ???????.wps) -- C:\Users\Sweta\Documents\Вот такая вот суббота.wps

[2009.11.05 01:10:33 | 000,017,408 | ---- | M] ()(C:\Users\Sweta\Documents\? ???? ?????.wps) -- C:\Users\Sweta\Documents\Я тебя очень.wps

[2009.11.01 15:02:19 | 000,017,408 | ---- | C] ()(C:\Users\Sweta\Documents\? ???? ?????.wps) -- C:\Users\Sweta\Documents\Я тебя очень.wps

[2009.10.26 15:55:38 | 000,025,600 | ---- | M] ()(C:\Users\Sweta\Documents\? ??????? ??? ????.wps) -- C:\Users\Sweta\Documents\я сегодня всю ночь.wps

[2009.10.13 10:06:44 | 000,025,600 | ---- | C] ()(C:\Users\Sweta\Documents\? ??????? ??? ????.wps) -- C:\Users\Sweta\Documents\я сегодня всю ночь.wps

[2009.10.12 22:06:39 | 000,015,872 | ---- | M] ()(C:\Users\Sweta\Documents\????.wps) -- C:\Users\Sweta\Documents\Стеб.wps

[2009.10.12 22:06:39 | 000,015,872 | ---- | C] ()(C:\Users\Sweta\Documents\????.wps) -- C:\Users\Sweta\Documents\Стеб.wps

[2009.10.10 21:24:37 | 000,015,872 | ---- | M] ()(C:\Users\Sweta\Documents\? ????? ????.wps) -- C:\Users\Sweta\Documents\В нутри моей.wps

[2009.10.10 21:24:37 | 000,015,872 | ---- | C] ()(C:\Users\Sweta\Documents\? ????? ????.wps) -- C:\Users\Sweta\Documents\В нутри моей.wps

[2009.10.10 19:18:29 | 000,017,920 | ---- | M] ()(C:\Users\Sweta\Documents\?????-?????? ?? ????????? ??? ???,.wps) -- C:\Users\Sweta\Documents\Когда-нибудь ты вспомнишь обо мне,.wps

[2009.10.10 19:18:28 | 000,017,920 | ---- | C] ()(C:\Users\Sweta\Documents\?????-?????? ?? ????????? ??? ???,.wps) -- C:\Users\Sweta\Documents\Когда-нибудь ты вспомнишь обо мне,.wps

[2009.10.04 13:00:20 | 000,017,408 | ---- | M] ()(C:\Users\Sweta\Documents\??????? ??????.wps) -- C:\Users\Sweta\Documents\Немного интима.wps

[2009.10.04 13:00:20 | 000,017,408 | ---- | C] ()(C:\Users\Sweta\Documents\??????? ??????.wps) -- C:\Users\Sweta\Documents\Немного интима.wps

[2009.09.17 23:08:26 | 000,017,920 | ---- | M] ()(C:\Users\Sweta\Documents\?????- ??????????? ????????.wps) -- C:\Users\Sweta\Documents\Осень- потихонечку холодает.wps

[2009.09.17 23:08:26 | 000,017,920 | ---- | C] ()(C:\Users\Sweta\Documents\?????- ??????????? ????????.wps) -- C:\Users\Sweta\Documents\Осень- потихонечку холодает.wps

[2009.09.15 23:21:27 | 000,016,896 | ---- | M] ()(C:\Users\Sweta\Documents\??????????? ?????.wps) -- C:\Users\Sweta\Documents\Вялотекущая осень.wps

[2009.09.15 23:21:27 | 000,016,896 | ---- | C] ()(C:\Users\Sweta\Documents\??????????? ?????.wps) -- C:\Users\Sweta\Documents\Вялотекущая осень.wps

[2009.09.15 22:34:29 | 000,021,504 | ---- | M] ()(C:\Users\Sweta\Documents\?? ?? ????. ?? ?? ???.wps) -- C:\Users\Sweta\Documents\то ли дыбр. то ли хбз.wps

[2009.09.15 22:34:29 | 000,021,504 | ---- | C] ()(C:\Users\Sweta\Documents\?? ?? ????. ?? ?? ???.wps) -- C:\Users\Sweta\Documents\то ли дыбр. то ли хбз.wps
 

< End of report >

--- --- ---