Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Trojaner_Clicker in sims 2 die Haustiere (https://www.trojaner-board.de/90378-trojaner_clicker-sims-2-haustiere.html)

LadyFreaky 04.09.2010 11:08
Trojaner_Clicker in sims 2 die Haustiere
 
Hallöchen!

Ich habe seit vorgestern ein Problem und weiß nicht so recht was ich nun davon halten soll.

Zu aller erst ich habe
Vista Home
Kaspersky Security 2010

Vorgestern um 18:34 meldet mein Kaspersky plötzlich einen Trojaner mit dem vorschlag diesen zu neutralisieren, löschen usw hab ich ihm auch tun lassen. Kam die meldung er hätte nichts gefunden. nach dem Wegklicken des Fenster wurde der PC neugestartet (war so in Kasp eingestellt) nach dem hochfahren kam wieder eine Meldung von Kaspersky mit "maleware" und darunter alles neutralisieren habe ich angegklickt. Kaspersky ging wieder normal auf grün für alles sicher.

Im Bericht von Kaspersky steht dass folgender Trojaner nicht gefunden wurde:
Trojaner_Clicker.Win32.Agent.odw
gefunden wurde dieser in der Datei
Die Sims2 Haustiere/eauinstall.exe

Habe darauf einen 4 stündigen komplett chef von Kaspersky durchführen lassen mit dem Ergebniss das nichts gefunden wurde.

Eine Freundin hat mir dann den Typ mit dem Online-Scanner von Norton gegeben, auch der hat nichts gefunden und gemeldet ich sei Trojaner frei.

Daraufhin habe ich mir TrojanHunder die 30-Tage kostenlose version heruntergeladen. Weil es schon spät am abend war hab ich nur die Schnelldurchsuchung gemacht - nichts gefunden.

Gestern hab ich dann angefangen mit der vollständigen durchsuchung durch TrojaHunter als er die ganzen Datein von Sims durchsucht hatte hat er aber nichts von einen Trojaner gemeldet.

TrojanHunter war noch im scannen als um 18:34 wieder Kaspersky schrie Trojaner - genau das gleiche spiel wie gestern .... wieder dieser trojanclicker und wieder in sims

hab dann wieder trojanhunter drüber laufen lassen aber nichts ..

habe dann gewagt direkt in sims reinzugehen und hab sowohl mit kasp als auch mit trojanhunter die besagte datei durchsucht aber beide meldeten keinen trojaner .....

Ist das jetzt nur ein dummer scherz von Kaspersky, weil wie gesagt 2x um die selbe Zeit ... oder is der trojaner tatsächlich da aber so fies dass 3 Programme diesen nicht finden?!

Bin heute ungefär seit halb 11 Vormittag online am pc aber es kam keine Fehlermeldung ... heißt das nun dass wirklich nur ein fehler ist der korregiert wurde oder kommts erst wieder um 18:34

Ich hoffe ihr könnt mir weiterhelfen!!

cosinus 04.09.2010 16:20
Zitat:
Ist das jetzt nur ein dummer scherz von Kaspersky, weil wie gesagt 2x um die selbe Zeit ..
Hast Du noch nie was von Fehlalarmen gehört? Ein Virenscanner ist nicht unfehlbar und die Ergebnisse sind immer mit Vorsicht zu genießen.


Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

LadyFreaky 04.09.2010 18:12
Habe jetzt erstmal Malware drüber laufen lassen und hier das Ergebnis

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 4544

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18943

04.09.2010 19:10:49
mbam-log-2010-09-04 (19-10-49).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 141809
Laufzeit: 15 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 14
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 5
Infizierte Dateien: 8

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\mysearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\mysearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{014da6ca-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{014da6cc-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{014da6cb-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{014da6c0-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{014da6c1-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{014da6c1-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{014da6c1-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{014da6cb-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Search Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Program Files\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Program Files\MySearch\bar\1.bin\S4FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\1.bin\S4FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\1.bin\S4NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\1.bin\S4NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\Program Files\MySearch\bar\History\search2 (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\ProgramData\Firefox Setup 3.5.2.exe (Trojan.Swizzor) -> Quarantined and deleted successfully.
C:\ProgramData\Thunderbird Setup 2.0.0.23.exe (Trojan.Swizzor) -> Quarantined and deleted successfully.

LadyFreaky 04.09.2010 18:34
So hier von OTLOTL Logfile:
OTL EXTRAS Logfile:
Code:
OTL logfile created on: 04.09.2010 19:26:06 - Run 1
OTL by OldTimer - Version 3.2.11.0    Folder = C:\Users\birgit\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 34,00% Memory free
3,00 Gb Paging File | 1,00 Gb Available in Paging File | 24,00% Paging File free
Paging file location(s):  [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 229,13 Gb Total Space | 122,23 Gb Free Space | 53,34% Space Free | Partition Type: NTFS
Drive D: | 228,82 Gb Total Space | 151,62 Gb Free Space | 66,26% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: BIRGIT-PC
Current User Name: birgit
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\birgit\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
PRC - C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
PRC - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\birgit\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe (Nokia)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe ()
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Program Files\Avanquest\Print Artist Platinum\ReminderApp.exe ()
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe (Kaspersky Lab)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\ehome\mcupdate.exe (Microsoft Corporation)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe (CyberLink Corp.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
PRC - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\SysMonitor.exe ()
PRC - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\birgit\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (CLTNetCnService) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found
SRV - (sp_rssrv) -- C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (Boonty Games) -- C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe (BOONTY)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Acer HomeMedia Connect Service) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (USBModem) -- C:\Windows\System32\DRIVERS\lgusbmodem.sys File not found
DRV - (UsbDiag) -- C:\Windows\System32\DRIVERS\lgusbdiag.sys File not found
DRV - (usbbus) -- C:\Windows\System32\DRIVERS\lgusbbus.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (sp_rsdrv2) -- C:\Windows\System32\drivers\sp_rsdrv2.sys ()
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab)
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab)
DRV - (klbg) -- C:\Windows\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files\Acer Arcade Live\Acer PlayMovie\000.fcl (Cyberlink Corp.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (PSDNServ) -- C:\Windows\system32\drivers\PSDNServ.sys (HiTRUST)
DRV - (psdvdisk) -- C:\Windows\system32\drivers\psdvdisk.sys (HiTRUST)
DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (HiTRUST)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (PID_0928) Labtec WebCam(PID_0928) -- C:\Windows\System32\drivers\LV561AV.SYS (Labtec Inc.)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Labtec Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\tbMess.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\tbMess.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Winamp Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "chello.at"
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.2
FF - prefs.js..extensions.enabledItems: dvscontextmenuy@dvdvideosoft.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.11.2
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.459
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {9b339f6e-ddcd-401b-8764-230adbd01761}:2.6.0.15
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..keyword.URL: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.03.08 18:29:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.07.24 11:03:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.15 18:48:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.15 18:48:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010.05.05 17:47:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.07.24 11:03:40 | 000,000,000 | ---D | M]
 
[2009.11.28 12:33:47 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\mozilla\Extensions
[2009.11.28 12:33:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\birgit\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.08.16 17:22:59 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\mozilla\Firefox\Profiles\wuaw9i8h.default\extensions
[2009.12.24 11:05:17 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\birgit\AppData\Roaming\mozilla\Firefox\Profiles\wuaw9i8h.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2009.09.03 17:16:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\birgit\AppData\Roaming\mozilla\Firefox\Profiles\wuaw9i8h.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.15 19:24:34 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\birgit\AppData\Roaming\mozilla\Firefox\Profiles\wuaw9i8h.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.06.16 19:49:39 | 000,000,000 | ---D | M] (Messenger Plus Live Toolbar) -- C:\Users\birgit\AppData\Roaming\mozilla\Firefox\Profiles\wuaw9i8h.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}
[2010.07.25 13:08:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\birgit\AppData\Roaming\mozilla\Firefox\Profiles\wuaw9i8h.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2009.04.09 19:09:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\birgit\AppData\Roaming\mozilla\Firefox\Profiles\wuaw9i8h.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010.05.17 17:14:38 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\birgit\AppData\Roaming\mozilla\Firefox\Profiles\wuaw9i8h.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2010.08.29 10:21:01 | 000,000,950 | ---- | M] () -- C:\Users\birgit\AppData\Roaming\Mozilla\FireFox\Profiles\wuaw9i8h.default\searchplugins\icqplugin-1.xml
[2009.06.01 03:30:52 | 000,000,950 | ---- | M] () -- C:\Users\birgit\AppData\Roaming\Mozilla\FireFox\Profiles\wuaw9i8h.default\searchplugins\icqplugin-2.xml
[2008.07.10 14:07:28 | 000,000,944 | ---- | M] () -- C:\Users\birgit\AppData\Roaming\Mozilla\FireFox\Profiles\wuaw9i8h.default\searchplugins\icqplugin.xml
[2010.05.17 17:14:19 | 000,003,915 | ---- | M] () -- C:\Users\birgit\AppData\Roaming\Mozilla\FireFox\Profiles\wuaw9i8h.default\searchplugins\sweetim.xml
[2009.12.24 11:05:24 | 000,001,201 | ---- | M] () -- C:\Users\birgit\AppData\Roaming\Mozilla\FireFox\Profiles\wuaw9i8h.default\searchplugins\winamp-search.xml
[2010.05.16 09:48:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.05.16 09:48:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.05.05 17:49:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.08.15 18:48:41 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.08.15 18:48:41 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.08.15 18:48:41 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.08.15 18:48:41 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.08.15 18:48:41 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
[2009.04.07 15:59:38 | 000,000,872 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Yahooober31161496.gif
[2009.11.03 19:25:12 | 000,000,205 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Yahooober31161496.src
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1            localhost
O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (Messenger Plus Live Toolbar) - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\tbMess.dll (Conduit Ltd.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}  - No CLSID value found.
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Messenger Plus Live Toolbar) - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\tbMess.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Messenger Plus Live Toolbar) - {9B339F6E-DDCD-401B-8764-230ADBD01761} - C:\Program Files\Messenger_Plus_Live\tbMess.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Acer Tour]  File not found
O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [PicPick Start] C:\Screenshoots\Picpick\picpick.exe ()
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PrintArtist] C:\Program Files\Avanquest\Print Artist Platinum\ReminderApp.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [EPSON Stylus DX6000 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe File not found
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe File not found
O4 - HKCU..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
O4 - HKCU..\Run: [SpywareTerminatorUpdate] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - Startup: C:\Users\birgit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O8 - Extra context menu item: Free YouTube Download - C:\Users\birgit\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\birgit\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Save YouTube Video - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} hxxp://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Users\birgit\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\birgit\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.04 19:25:01 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\birgit\Desktop\OTL.exe
[2010.09.04 18:54:06 | 000,000,000 | ---D | C] -- C:\Users\birgit\AppData\Roaming\Malwarebytes
[2010.09.04 18:53:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.09.04 18:53:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.09.04 18:53:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.09.04 18:53:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.09.04 18:52:49 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\ProgramData\mbam-setup.exe
[2010.09.04 16:50:21 | 000,000,000 | ---D | C] -- C:\Users\birgit\AppData\Roaming\Spyware Terminator
[2010.09.04 16:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2010.09.04 16:50:07 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator
[2010.09.02 22:49:31 | 000,000,000 | ---D | C] -- C:\Users\birgit\AppData\Roaming\TrojanHunter
[2010.09.02 22:45:41 | 000,000,000 | ---D | C] -- C:\Program Files\TrojanHunter 5.3
[2010.09.02 22:44:19 | 022,489,640 | ---- | C] (Mischel Internet Security                                  ) -- C:\ProgramData\TrojanHunter53Setup.exe
[2010.08.22 13:37:51 | 018,088,968 | ---- | C] (DVDVideoSoft Limited.                                      ) -- C:\ProgramData\FreeYouTubeToMp3Converter.exe
[2010.08.13 16:38:31 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.08.13 16:38:29 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.08.13 16:38:29 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.08.13 16:38:29 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.08.13 16:38:28 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.08.13 16:38:28 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.08.13 16:38:28 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.08.13 16:38:27 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.08.13 16:38:26 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.08.13 16:38:24 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.08.13 16:38:23 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.08.13 16:38:23 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.08.13 16:38:23 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.08.13 16:38:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.08.13 16:38:22 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.08.13 16:37:50 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.08.13 16:37:30 | 002,036,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.08.13 16:37:27 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.08.13 16:37:23 | 003,598,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.13 16:37:23 | 003,545,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.08.10 18:30:21 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualFarm
[2010.08.06 20:37:11 | 011,971,973 | ---- | C] (DVDVideoSoft Limited.                                      ) -- C:\ProgramData\FreeVideoToMp3Converter40.exe
[2010.08.06 20:03:09 | 000,000,000 | ---D | C] -- C:\Users\birgit\AppData\Local\Deployment
[2010.08.06 19:50:03 | 000,000,000 | ---D | C] -- C:\Users\birgit\AppData\Local\Google
[2010.05.23 12:57:52 | 007,213,444 | ---- | C] (www.minidvdsoft.com                                        ) -- C:\ProgramData\freedvdcreator.exe
[2010.05.22 13:54:22 | 008,062,504 | ---- | C] (                                                            ) -- C:\ProgramData\DVDStyler-1.8.0.3-win32.exe
[2010.05.16 13:58:54 | 306,699,456 | ---- | C] (Nero AG) -- C:\ProgramData\multimediasuite-ESD_small-20100412164653105-10.0.13200.nsx.exe
[2010.04.17 15:46:40 | 017,776,464 | ---- | C] (pdfforge GbR) -- C:\ProgramData\PDFCreator-0_9_9_setup.exe
[2010.03.20 15:58:49 | 003,378,431 | ---- | C] (CoreDownload Free Wallpaper Changer                        ) -- C:\ProgramData\CoreDownloadFreeWallpaperChangerSetup.exe
[2010.02.15 17:29:15 | 003,917,578 | ---- | C] (SCWA-Software                                              ) -- C:\ProgramData\VideoSS.exe
[2010.02.06 14:15:26 | 012,109,496 | ---- | C] (ICQ) -- C:\ProgramData\install_icq7.exe
[2010.01.24 13:48:19 | 032,047,558 | ---- | C] (Macrovision Corporation) -- C:\ProgramData\JAD8002_BASIC.exe
[2010.01.16 14:00:08 | 000,535,576 | ---- | C] (RealNetworks, Inc.) -- C:\ProgramData\RealPlayerSPGold_de.exe
[2010.01.01 12:52:26 | 005,176,728 | ---- | C] (Yuna Software) -- C:\ProgramData\MsgPlusLive-483.exe
[2009.12.24 10:57:09 | 011,334,424 | ---- | C] (Nullsoft, Inc.) -- C:\ProgramData\winamp5571_full_emusic-7plus_de-de.exe
[2009.12.16 21:02:44 | 001,167,688 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\wlsetup-custom.exe
[2009.12.06 11:40:58 | 003,184,296 | ---- | C] (Piriform Ltd) -- C:\ProgramData\dfsetup115.exe
[2009.12.04 19:08:29 | 002,573,488 | ---- | C] (Karlis Blumentals                                          ) -- C:\ProgramData\scrwon4.exe
[2009.11.29 18:22:52 | 007,472,320 | ---- | C] (DVDVideoSoft Limited.                                      ) -- C:\ProgramData\FreeVideoToJPGConverter1.5.1.54.exe
[2009.11.19 18:22:56 | 001,067,856 | ---- | C] (Piriform Ltd) -- C:\ProgramData\ccsetup225_slim.exe
[2009.11.14 15:39:21 | 001,128,916 | ---- | C] (www.hellopdf.com                                            ) -- C:\ProgramData\pdf2wordsetup.exe
[2009.10.26 20:10:17 | 006,113,130 | ---- | C] (InstallShield Software Corporation) -- C:\ProgramData\pci_filerecovery4.exe
[2009.10.26 14:21:02 | 015,375,944 | ---- | C] (Any-Video-Converter.com                                    ) -- C:\ProgramData\avc-free.exe
[2009.10.03 17:17:53 | 115,904,256 | ---- | C] (Corel Corporation                                          ) -- C:\ProgramData\WinDVDPro2010-TBYB.exe
[2009.09.23 17:36:07 | 021,952,661 | ---- | C] (VMesquita                                                  ) -- C:\ProgramData\DIKOSetup245.exe
[2009.09.21 19:01:09 | 000,073,728 | ---- | C] ( ) -- C:\ProgramData\vdremote.dll
[2009.09.21 19:01:09 | 000,069,632 | ---- | C] ( ) -- C:\ProgramData\vdicmdrv.dll
[2009.09.21 19:01:09 | 000,069,632 | ---- | C] ( ) -- C:\ProgramData\auxsetup.exe
[2009.09.21 19:01:09 | 000,065,536 | ---- | C] ( ) -- C:\ProgramData\vdsvrlnk.dll
[2009.09.21 19:01:09 | 000,008,704 | ---- | C] ( ) -- C:\ProgramData\vdub.exe
[2009.08.22 14:40:32 | 001,228,240 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\ADBEPHSPCS4_LS4.exe
[2009.08.08 19:30:18 | 000,946,119 | ---- | C] (Jodix Technologies Ltd.                                    ) -- C:\ProgramData\free-wma-mp3-converter.exe
[2009.07.14 20:20:46 | 000,347,432 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WINWORD.EXE
[2009.07.01 18:51:47 | 020,631,848 | ---- | C] (Skype Technologies S.A.) -- C:\ProgramData\SkypeSetupFull.exe
[2009.06.16 14:03:56 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\Interop.SHDocVw.dll
[2009.01.10 17:36:22 | 016,126,456 | ---- | C] (Macrovision Corporation) -- C:\ProgramData\install_puls4_icq65.exe
[2007.05.07 01:07:10 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.04 19:31:38 | 005,242,880 | -HS- | M] () -- C:\Users\birgit\ntuser.dat
[2010.09.04 19:25:05 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\birgit\Desktop\OTL.exe
[2010.09.04 19:15:44 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.04 19:15:44 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.04 19:15:43 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.04 19:15:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.04 19:15:35 | 3220,692,992 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.04 19:14:18 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.09.04 19:14:13 | 000,524,288 | -HS- | M] () -- C:\Users\birgit\ntuser.dat{c2075e3f-3c6f-11de-8987-001c25881f46}.TMContainer00000000000000000001.regtrans-ms
[2010.09.04 19:14:13 | 000,065,536 | -HS- | M] () -- C:\Users\birgit\ntuser.dat{c2075e3f-3c6f-11de-8987-001c25881f46}.TM.blf
[2010.09.04 19:14:11 | 003,815,936 | -H-- | M] () -- C:\Users\birgit\AppData\Local\IconCache.db
[2010.09.04 19:08:05 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-99989120-414168423-3571821316-1000UA.job
[2010.09.04 18:53:55 | 000,000,782 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.04 18:52:59 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\ProgramData\mbam-setup.exe
[2010.09.04 16:50:39 | 000,000,883 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator.lnk
[2010.09.04 16:50:22 | 000,142,592 | ---- | M] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2010.09.03 20:08:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-99989120-414168423-3571821316-1000Core.job
[2010.09.02 22:45:48 | 000,059,392 | R--- | M] () -- C:\Windows\System32\streamhlp.dll
[2010.09.02 22:44:23 | 022,489,640 | ---- | M] (Mischel Internet Security                                  ) -- C:\ProgramData\TrojanHunter53Setup.exe
[2010.09.01 18:08:35 | 001,445,116 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.09.01 18:08:35 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.09.01 18:08:35 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.09.01 18:08:35 | 000,126,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.09.01 18:08:35 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.28 11:36:37 | 000,001,179 | ---- | M] () -- C:\Users\birgit\Desktop\Free YouTube to MP3 Converter.lnk
[2010.08.28 09:53:57 | 000,001,399 | ---- | M] () -- C:\Users\birgit\Desktop\DivX Movies.lnk
[2010.08.28 09:53:38 | 000,000,881 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010.08.25 18:43:50 | 000,159,744 | ---- | M] () -- C:\Users\birgit\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.22 13:39:11 | 000,000,996 | ---- | M] () -- C:\Users\birgit\Desktop\DVDVideoSoft Free Studio.lnk
[2010.08.22 13:37:55 | 018,088,968 | ---- | M] (DVDVideoSoft Limited.                                      ) -- C:\ProgramData\FreeYouTubeToMp3Converter.exe
[2010.08.21 10:08:28 | 000,002,051 | ---- | M] () -- C:\Users\birgit\Desktop\Google Chrome.lnk
[2010.08.14 10:50:53 | 002,333,320 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.07 09:41:18 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.08.06 20:37:43 | 011,971,973 | ---- | M] (DVDVideoSoft Limited.                                      ) -- C:\ProgramData\FreeVideoToMp3Converter40.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.09.04 18:53:55 | 000,000,782 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.04 16:50:39 | 000,000,883 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator.lnk
[2010.09.04 16:50:22 | 000,142,592 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys
[2010.09.02 22:45:41 | 000,059,392 | R--- | C] () -- C:\Windows\System32\streamhlp.dll
[2010.08.28 11:36:37 | 000,001,179 | ---- | C] () -- C:\Users\birgit\Desktop\Free YouTube to MP3 Converter.lnk
[2010.08.09 18:55:24 | 000,000,011 | ---- | C] () -- C:\Users\birgit\AppData\Roaming\NevoSoft Gameslog.txt
[2010.08.06 20:04:21 | 000,002,051 | ---- | C] () -- C:\Users\birgit\Desktop\Google Chrome.lnk
[2010.08.06 20:03:32 | 000,001,122 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-99989120-414168423-3571821316-1000UA.job
[2010.08.06 20:03:31 | 000,001,070 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-99989120-414168423-3571821316-1000Core.job
[2010.05.23 11:12:30 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.05.23 11:08:08 | 008,667,467 | ---- | C] () -- C:\ProgramData\vdm328_free.exe
[2010.05.22 11:42:01 | 038,649,247 | ---- | C] () -- C:\ProgramData\FFSetup230.exe
[2010.05.16 13:29:29 | 000,256,832 | ---- | C] () -- C:\ProgramData\SoftonicDownloader50481.exe
[2010.04.17 15:52:53 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.03.20 15:40:48 | 003,932,214 | ---- | C] () -- C:\ProgramData\Wallpaper.bmp
[2010.03.20 15:40:39 | 000,000,211 | ---- | C] () -- C:\ProgramData\untitled.wpl
[2010.03.20 15:34:19 | 000,034,998 | ---- | C] () -- C:\ProgramData\WPCLogo.bmp
[2010.03.20 15:34:19 | 000,015,446 | ---- | C] () -- C:\ProgramData\History.txt
[2010.03.20 15:34:19 | 000,010,672 | ---- | C] () -- C:\ProgramData\Readme.txt
[2010.03.20 15:34:19 | 000,001,402 | ---- | C] () -- C:\ProgramData\File_id.diz
[2010.01.31 12:09:29 | 000,000,156 | ---- | C] () -- C:\Users\birgit\AppData\Roaming\default.rss
[2010.01.29 21:00:08 | 034,503,088 | ---- | C] () -- C:\ProgramData\Nokia_PC_Suite_ger_web.exe
[2010.01.02 11:34:48 | 000,001,497 | ---- | C] () -- C:\ProgramData\JkDefragGUI.ini
[2010.01.02 11:34:07 | 002,575,069 | ---- | C] () -- C:\ProgramData\JkDefragGUI.exe
[2010.01.02 11:34:07 | 000,037,170 | ---- | C] () -- C:\ProgramData\ChangeLog.txt
[2010.01.02 11:34:07 | 000,001,472 | ---- | C] () -- C:\ProgramData\ReadMeFirst.txt
[2009.12.24 11:06:41 | 000,263,115 | ---- | C] () -- C:\ProgramData\Alex7b.wsz
[2009.12.04 18:32:52 | 017,363,313 | ---- | C] () -- C:\ProgramData\aol.exe
[2009.11.23 19:21:55 | 000,477,527 | ---- | C] () -- C:\ProgramData\DivXInstaller.exe
[2009.11.14 15:48:44 | 023,207,088 | ---- | C] () -- C:\ProgramData\PdfGrabber_Setup.exe
[2009.11.14 15:27:23 | 000,754,344 | ---- | C] () -- C:\ProgramData\advancedpdf2word_trial.exe
[2009.10.26 22:23:45 | 003,267,488 | ---- | C] () -- C:\ProgramData\Pandora211Recovery.exe
[2009.10.26 22:17:55 | 000,056,832 | ---- | C] () -- C:\ProgramData\file-recovery-pro-DEMO.exe
[2009.10.26 22:17:55 | 000,000,875 | ---- | C] () -- C:\ProgramData\file-recovery-pro-DEMO.ini
[2009.10.26 22:17:54 | 011,109,376 | ---- | C] () -- C:\ProgramData\file-recovery-pro-DEMO_German.msi
[2009.10.26 22:17:54 | 011,102,720 | ---- | C] () -- C:\ProgramData\file-recovery-pro-DEMO.msi
[2009.10.26 22:13:44 | 021,047,280 | ---- | C] () -- C:\ProgramData\file-recovery-pro36-demo.zip
[2009.10.10 14:12:51 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2009.10.10 14:09:23 | 012,621,312 | ---- | C] () -- C:\ProgramData\gs870w32.exe
[2009.10.10 14:05:10 | 001,720,832 | ---- | C] () -- C:\ProgramData\FreePDF4.02.EXE
[2009.10.10 11:49:52 | 000,599,173 | ---- | C] () -- C:\ProgramData\PDFBlenderSetup1.1.2.exe
[2009.10.03 17:58:13 | 001,275,896 | ---- | C] () -- C:\ProgramData\setup.exe
[2009.10.03 17:30:51 | 000,000,088 | RHS- | C] () -- C:\ProgramData\AD7517B469.sys
[2009.10.03 17:30:50 | 000,002,516 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009.09.29 18:18:31 | 000,000,402 | ---- | C] () -- C:\Users\birgit\AppData\Roaming\wklnhst.dat
[2009.09.21 19:01:09 | 000,246,767 | ---- | C] () -- C:\ProgramData\VirtualDub.chm
[2009.09.21 19:01:09 | 000,219,510 | ---- | C] () -- C:\ProgramData\VirtualDub.vdi
[2009.09.21 19:01:09 | 000,018,321 | ---- | C] () -- C:\ProgramData\copying
[2009.09.21 19:01:08 | 002,658,816 | ---- | C] () -- C:\ProgramData\VirtualDub.exe
[2009.07.01 18:57:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.06.27 14:58:17 | 076,559,360 | ---- | C] () -- C:\ProgramData\WolfQuest_Win20090606.msi
[2009.06.20 15:54:00 | 076,342,784 | ---- | C] () -- C:\ProgramData\WolfQuest_Win20080717.msi
[2009.06.16 14:03:58 | 000,053,248 | ---- | C] () -- C:\Windows\System32\dossec.dll
[2009.05.21 20:07:42 | 001,048,200 | ---- | C] () -- C:\ProgramData\MoveMediaPlayer_071303000004.exe
[2009.04.18 19:32:26 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.01.06 15:04:44 | 000,507,904 | ---- | C] () -- C:\ProgramData\pro.exe
[2008.12.28 19:19:34 | 004,998,707 | ---- | C] () -- C:\ProgramData\flvplayer_setup.exe
[2008.12.25 19:43:22 | 003,659,444 | ---- | C] () -- C:\ProgramData\FileZilla_3.1.3.1_win32-setup.exe
[2008.11.22 10:42:54 | 001,471,839 | ---- | C] () -- C:\ProgramData\wrar380d.exe
[2008.09.28 15:43:24 | 000,003,688 | ---- | C] () -- C:\Windows\ULEAD32.INI
[2008.08.26 19:24:32 | 000,159,744 | ---- | C] () -- C:\Users\birgit\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.06.16 17:35:04 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008.06.16 17:30:38 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX6000EFDG.ini
[2008.05.14 18:12:18 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.05.14 09:59:10 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2008.05.14 09:59:10 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2008.05.14 09:30:43 | 000,007,484 | ---- | C] () -- C:\Users\birgit\AppData\Local\d3d9caps.dat
[2008.02.04 19:23:10 | 000,693,792 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL
[2007.05.07 10:41:16 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007.05.07 09:22:38 | 000,000,834 | ---- | C] () -- C:\Windows\generic.ini
[2007.05.07 09:22:38 | 000,000,132 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007.05.07 01:07:10 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007.02.06 23:58:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007.02.06 23:57:58 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007.02.06 23:57:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007.02.06 23:56:30 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007.02.06 23:56:28 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007.02.06 23:52:08 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006.12.25 15:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.01.19 10:30:54 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_SVXWV4PVSVVVV8N4TFBRVDNPCLPTJBX9Y6LV9TXVVJVFJF5VVJV0
@Alternate Data Stream - 24 bytes -> C:\Windows:28623108D70BB416
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:1941675B
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:FD444D31
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:700CD00E
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:3A925163
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:997E6AF4
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:79F970BE
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:A94968B5
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:9CB2B6C5
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:51A22C60
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:CBEB737E
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:B83BF1A6
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:6A16A184
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:8EEE3BBB
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:25005EFA
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D2A5A561
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A42A9F39
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:3AE22B1A
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:273A8657
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:128A6DC9
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:E0AE69BE
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:6677D85A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:3447AB86
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:6A97C459
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:69FD6BF0
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:E1D818F7
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:CB0FEE2B
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:22313216
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A561576B
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:0CC7E693
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:6BD1DCDD
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:E1F04E8D
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:BE6DC701
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:77846FFE
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:5216CD26
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:BAC03849
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:9446E8B9
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D88D995C
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:98AE08EA
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:BDF08FAF
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:B14B4A95
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:87FA5E8A
< End of report >
--- --- ---

--- --- ---

OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 04.09.2010 19:26:06 - Run 1
OTL by OldTimer - Version 3.2.11.0    Folder = C:\Users\birgit\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 34,00% Memory free
3,00 Gb Paging File | 1,00 Gb Available in Paging File | 24,00% Paging File free
Paging file location(s):  [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 229,13 Gb Total Space | 122,23 Gb Free Space | 53,34% Space Free | Partition Type: NTFS
Drive D: | 228,82 Gb Total Space | 151,62 Gb Free Space | 66,26% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: BIRGIT-PC
Current User Name: birgit
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{58195146-7937-4E5B-B631-53D1EA7DC5A7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5C829283-EC78-4964-AFCD-0CC74D50B85C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14474163-F976-4417-A929-6ED79991A1AF}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe |
"{23537FF4-6379-42A4-AD64-8D6D98B61099}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{245EFA32-2FB3-45B4-BBA6-22977DA6B9D7}" = dir=in | app=c:\program files\acer arcade live\slideshow dvd\component\clsldvd.exe |
"{368C9C21-E9BE-475D-AF45-27B410C77590}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3C6E7478-9E43-4471-A35E-561D7468D531}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{401DCC44-0472-4D02-AC29-0D37AD80CF29}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\homemedia connect.exe |
"{40EDBCB3-C9FD-4F1C-B64B-CE1E8C7649A7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4500854C-F9A1-4621-AD42-E7DB18D73E1F}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{4817A58A-55D9-411C-8FA3-CB21DA3FD7A7}" = dir=in | app=c:\program files\acer arcade live\acer playmovie\playmovie.exe |
"{4D96A9C2-4809-44D0-A952-67B1A1C62538}" = protocol=6 | dir=in | app=c:\program files\microsoft games\zoo tycoon 2\zt.exe |
"{610D4256-FBF6-4239-BD64-20FDFE1F9691}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{6307F449-05C4-4738-BF6B-FD7B228A1DEE}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\dvdivine.exe |
"{646C2F31-F20B-4983-A342-A6C614A9D7CC}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{6D5501BB-FAC2-4083-B55E-96CCB34F9133}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7B72838B-FCE2-433B-80BE-8BBBEE1F8B56}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{7DC102C7-F547-435A-BCBF-93C5ED6112F0}" = protocol=17 | dir=in | app=c:\program files\microsoft games\zoo tycoon 2\zt.exe |
"{84B89AB2-E7EC-4386-8D64-4E457C99D760}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{8654BA5F-18F7-4D5B-98F0-4B280AEAA52F}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{8A8B73E1-FC09-4031-856E-B75B0FD791CB}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{8DC50D88-BE68-40DC-8025-619166776E73}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{8EFF5ABC-53D2-4063-B4C8-E4FFE1B28D95}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{9126E073-9C9C-4DEE-9274-DD572F147819}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\component\arawp.exe |
"{93AC632B-CD9A-4ACB-AB45-DEC85484F771}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{9539E16F-DD81-4AFA-8F81-DEA72B224B49}" = dir=in | app=c:\program files\acer arcade live\acer playmovie\pmvservice.exe |
"{964E3E73-5BF5-4C36-8C24-32C59E7584D1}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\homemedia.exe |
"{9B2DE5D0-0D7C-45A5-9E49-A18141B64587}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\videomagician.exe |
"{A3676A4C-47A3-4FE1-9E37-8AC53C964C24}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{BBC7285B-A895-48A6-9875-133E7A04E177}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C836A33E-ADFA-4C4A-9B24-6E902A4DFBE3}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{E89C62B9-2C50-4ED4-982A-023CAE229228}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{EDD331CE-D48E-4AD9-817C-60F7D4B935E6}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{F0429F00-CC5D-4CB5-A7E2-D7C6DD72D2F0}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\component\dvax2process.exe |
"{FEE88076-AC62-4C9B-BD70-53F607AE290D}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{FFECEEBF-54AC-4F7F-ACD1-8A037BC21508}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"TCP Query User{3CD26A1B-EE98-443A-9D18-9FFDD80265EB}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe |
"UDP Query User{9E5C92E5-C1FB-4F39-AB21-8D3A2F16A2D5}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01934700-6281-1A4B-8EA8-30C35A261636}" = CCC Help French
"{026C3D27-9BE1-46BE-BEAE-6DE38A0F4FBE}" = RealNetworks - Microsoft Visual C++ 2005 Runtime
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0B04CBF8-F165-CE14-8104-E4897445CBC2}" = CCC Help Dutch
"{0B45E11E-F9F2-4CC7-821A-BB1957EE14D4}" = toolstar* file recovery professional DEMO
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{1355EDEA-47AF-C760-F679-EF573C74746A}" = Catalyst Control Center Core Implementation
"{1373559F-6DC6-44EA-9079-6ABDCCE8CDAD}" = OviMPlatform
"{13B8311B-4B73-E6D2-EEC2-2AC52EEF1CDD}" = Catalyst Control Center Graphics Previews Vista
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15292416-A464-4FBA-BB96-7298EAACFC07}" = Zoo Tycoon 2 - Ausgestorbene Tierarten
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{197A0218-F4A7-59A5-1BEE-F4D681DDD1E7}" = Catalyst Control Center Graphics Full New
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22FA3E58-DB68-A4D1-2DEE-07E876C64D53}" = Skins
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 20
"{29F563F4-8807-4496-8463-441EAA0E96AB}" = PC Connectivity Solution
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2D10FC46-1D96-44C4-8855-85F21B9B011E}" = Ovi Desktop Sync Engine
"{2D269FD4-2164-EA98-771D-EE14F8D46013}" = CCC Help Danish
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BC2BE31-3DCF-4CF5-AD52-66DB68638EC0}" = Print Artist Platinum
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4CDDFF57-4026-96AB-CED3-CC5A08A405E8}" = Catalyst Control Center Localization Japanese
"{4DD0182F-1F08-C6BE-3C3A-68B4CB455F50}" = Catalyst Control Center Localization Norwegian
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.1
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5C81B189-5456-40C4-9313-7FE6FA6DD64C}" = Office-Bibliothek
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{622D4708-E468-615A-5F54-C2BCDEBC1A23}" = CCC Help Swedish
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AF3D486-C45C-472F-A5C1-99C7A4C18127}" = BROCKHAUS DIE ENZYKLOPÄDIE
"{6BA3A2B0-3E1E-EA79-EC7D-52A61BB51AE1}" = Catalyst Control Center Localization Italian
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75A40056-A32E-1852-4ADC-F795E1446FEF}" = Catalyst Control Center Graphics Light
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{766A7BA9-2A3F-C4D2-CD59-080D8252D700}" = CCC Help Norwegian
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7A27764B-5434-4DAA-BD43-3ACF4FFCD7FE}" = SweetIM Toolbar for Internet Explorer 3.8
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7C32C567-DC0F-4C80-B06C-7873850A2E06}" = Die Sims - Tierisch gut drauf
"{7C8E4518-0FF0-6320-7DF6-A9A590D67D52}" = ccc-core-static
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8070452B-15D6-4169-B9B9-FCC3B54588AD}" = Nokia Ovi Suite
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98076F38-8493-0AF7-41C4-6172F8D1F410}" = ccc-utility
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C244239-ED8E-40f1-937F-51C706CD2160}" = Die Sims™ 2 Deluxe
"{9D85C211-0955-C770-0F73-316D0C5F0B9B}" = CCC Help Italian
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"{A0D65C73-F2C5-432F-8788-90F8A2E99B98}" = Nokia Ovi Suite Software Updater
"{A38496BA-B038-5BCF-04DC-73A88FB10CA0}" = CCC Help Finnish
"{A450831D-25F6-4F42-9662-D000B25E0D82}" = Acer PlayMovie
"{A51E4CE7-395C-DCBE-428E-38D061009C59}" = Catalyst Control Center Localization Spanish
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B22094E7-117B-5D18-3A0A-C811937113AD}" = Catalyst Control Center Localization Danish
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = Die Sims™ 2 Apartment-Leben
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C216A256-CEDD-54F4-C4ED-1F0AA41EE920}" = CCC Help German
"{C2AC4582-FDA5-29A9-1C61-97631871A871}" = Catalyst Control Center Localization Swedish
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C80ABB8D-63D0-6DF1-820A-EF7F2C778EB7}" = CCC Help Spanish
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R)
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D3261A3E-9B08-AE79-A3FB-80179A585A5D}" = Catalyst Control Center Graphics Full Existing
"{D3E8C04E-E5B9-3A71-6A64-E774F90B1895}" = Catalyst Control Center Localization German
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{DD555562-299E-C58A-847B-B6C05957A65E}" = Catalyst Control Center Localization Finnish
"{DF2ECCA9-22C9-640D-0E5E-F5651EB3742C}" = CCC Help English
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = jetAudio Basic VX
"{DF8849AF-F8B8-7466-BA31-7C8F755B0E69}" = Catalyst Control Center Localization Dutch
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E8D4696B-0140-033C-C170-A2FA601DC425}" = Catalyst Control Center Localization French
"{EBA74808-BCCB-C8D5-B119-A96E9C5D45D6}" = CCC Help Japanese
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F101C58C-15CC-42B3-83D1-536CFB960634}" = Ulead PhotoImpact 8 ESD
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F727DCA7-4B7B-4CF5-8348-881BF3B0D046}" = SweetIM for Messenger 3.1
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ask Toolbar_is1" = Ask Toolbar
"Audacity_is1" = Audacity 1.2.6
"AVIConverter" = AVIConverter 2.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CoreDownload Free Wallpaper Changer_is1" = CoreDownload Free Wallpaper Changer 2.1
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"DVDStyler_is1" = DVDStyler v1.8.0.3
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"ESDX6000_CX5900 Benutzerhandb." = ESDX6000_CX5900 Benutzerhandb.
"FLV Player" = FLV Player 2.0 (build 25)
"FormatFactory" = FormatFactory 2.30
"Fraps" = Fraps
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free DVD Creator (by minidvdsoft)_is1" = Free DVD Creator version 2.0
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free Video to JPG Converter_is1" = Free Video to JPG Converter version 1.5
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.0
"Free YouTube Download_is1" = Free YouTube Download 2.8
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"FreePDF_XP" = FreePDF (Remove only)
"GamesBar" = GamesBar 1.1.0.5
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"InstallShield_{15292416-A464-4FBA-BB96-7298EAACFC07}" = Zoo Tycoon 2 - Ausgestorbene Tierarten
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{F101C58C-15CC-42B3-83D1-536CFB960634}" = Ulead PhotoImpact 8 ESD
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"IPIX ActiveX Viewer" = IPIX ActiveX Viewer
"IPIX Netscape Plugin Viewer" = IPIX Netscape Plugin Viewer
"IPIX Viewer" = IPIX Viewer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Messenger_Plus_Live Toolbar" = Messenger_Plus_Live Toolbar
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Nokia Ovi Suite" = Nokia Ovi Suite
"PandoraRecovery" = PandoraRecovery (Remove Only)
"RealPlayer 12.0" = RealPlayer
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Riva FLV Encoder 2.0_is1" = Riva FLV Encoder 2.0
"Spyware Terminator_is1" = Spyware Terminator
"Switch" = Switch Uninstall
"TrueCrypt" = TrueCrypt
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.9
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"XMedia Recode" = XMedia Recode 2.1.2.5
"Yahoo! Companion" = Yahoo! Toolbar mit Pop-Up-Blocker
"Yahoo! Toolbar" = Yahoo! Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 06.03.2010 09:23:58 | Computer Name = birgit-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung psp.exe, Version 7.0.0.0, Zeitstempel 0x39ae9f3e,
 fehlerhaftes Modul Fpxlib.dll, Version 1.1.0.0, Zeitstempel 0x34ecb67e, Ausnahmecode
 0xc0000005, Fehleroffset 0x0004e477,  Prozess-ID 0x1ca0, Anwendungsstartzeit 01cabd2be290af29.
 
Error - 08.03.2010 15:03:27 | Computer Name = birgit-PC | Source = EventSystem | ID = 4621
Description =
 
Error - 09.03.2010 16:02:13 | Computer Name = birgit-PC | Source = EventSystem | ID = 4621
Description =
 
Error - 10.03.2010 14:09:29 | Computer Name = birgit-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18882, Zeitstempel
 0x4b3ed243, fehlerhaftes Modul mghooking.dll_unloaded, Version 0.0.0.0, Zeitstempel
 0x4adc6cf1, Ausnahmecode 0xc0000005, Fehleroffset 0x0388454e,  Prozess-ID 0x17cc,
 Anwendungsstartzeit 01cac07c738d2be1.
 
Error - 13.03.2010 10:10:26 | Computer Name = birgit-PC | Source = EventSystem | ID = 4621
Description =
 
Error - 14.03.2010 14:29:22 | Computer Name = birgit-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung msnmsgr.exe, Version 14.0.8089.726, Zeitstempel
 0x4a6ce533, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
 Ausnahmecode 0xc0000005, Fehleroffset 0x02980de0,  Prozess-ID 0x53c, Anwendungsstartzeit
 01cac3a395e1ae78.
 
Error - 14.03.2010 16:13:05 | Computer Name = birgit-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung firefox.exe, Version 1.9.2.3667, Zeitstempel
 0x4b5102f0, fehlerhaftes Modul rpmainbrowserrecordplugin.dll, Version 1.0.1.525,
 Zeitstempel 0x4af4c262, Ausnahmecode 0xc0000005, Fehleroffset 0x00003b57,  Prozess-ID
 0x157c, Anwendungsstartzeit 01cac36f3301b0e8.
 
Error - 15.03.2010 13:36:15 | Computer Name = birgit-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung avp.exe, Version 8.0.0.521, Zeitstempel 0x4a5e233a,
 fehlerhaftes Modul hips.ppl, Version 8.0.0.506, Zeitstempel 0x4919b9de, Ausnahmecode
 0xc0000005, Fehleroffset 0x00017303,  Prozess-ID 0x664, Anwendungsstartzeit 01cac45b35b7454a.
 
Error - 16.03.2010 15:24:09 | Computer Name = birgit-PC | Source = EventSystem | ID = 4621
Description =
 
Error - 18.03.2010 01:40:46 | Computer Name = birgit-PC | Source = EventSystem | ID = 4621
Description =
 
[ OSession Events ]
Error - 08.05.2010 10:03:30 | Computer Name = birgit-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5316
 seconds with 120 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 03.09.2010 12:37:03 | Computer Name = birgit-PC | Source = HTTP | ID = 15016
Description =
 
Error - 03.09.2010 12:38:33 | Computer Name = birgit-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 03.09.2010 12:39:27 | Computer Name = birgit-PC | Source = DCOM | ID = 10005
Description =
 
Error - 03.09.2010 12:39:27 | Computer Name = birgit-PC | Source = Service Control Manager | ID = 7009
Description =
 
Error - 03.09.2010 12:39:27 | Computer Name = birgit-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 04.09.2010 04:21:55 | Computer Name = birgit-PC | Source = HTTP | ID = 15016
Description =
 
Error - 04.09.2010 04:23:23 | Computer Name = birgit-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 04.09.2010 13:15:42 | Computer Name = birgit-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 80.108.217.177 für die Netzwerkkarte mit der Netzwerkadresse
 001C25881F46 wurde durch den DHCP-Server 195.34.134.211 abgelehnt (der DHCP-Server
 hat eine DHCPNACK-Meldung gesendet).
 
Error - 04.09.2010 13:15:43 | Computer Name = birgit-PC | Source = HTTP | ID = 15016
Description =
 
Error - 04.09.2010 13:16:57 | Computer Name = birgit-PC | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >
--- --- ---

cosinus 05.09.2010 15:46
Zitat:
C:\ProgramData\Firefox Setup 3.5.2.exe (Trojan.Swizzor) -> Quarantined and deleted successfully.
C:\ProgramData\Thunderbird Setup 2.0.0.23.exe (Trojan.Swizzor) -> Quarantined and deleted successfully.
Mal ne Zwischenfrage: Von wo lädst Du Dir die Mozilla-Setups runter?

LadyFreaky 05.09.2010 15:50
hab mir beide Programme von hxxp://www.chip.de/ geholt.

heißt das dort hab ich schon länger nen Trojaner sitzen???

cosinus 05.09.2010 16:21
Eigentlich ist chip.de dafür nicht bekannt. Ich würde mir auch nur in Notfällen davon was runterladen, man sollte generell nur von der Originalseite die Setups herunterladen, gerade von Mozilla => Mozilla | Firefox web browser & Thunderbird email client

Dein Rechner ist zugemüllt mit sinnfreier Software. Deinstallier mal alles, was Toolbar im Namen trägt. Die Dinger sind einfach nur oberdämlich-sinnfrei... :stirn:
Deinstallier auch gleich alle andere Software mit, die Du nicht mehr benötigst. Ein Rechner ist keine Müllhalde ;)

LadyFreaky 05.09.2010 16:57
aber heißt das nun dass ich nen Trojaner am rechner hab oder bin ich noch mal davon gekommen? und soll ich die zwei trojanerswizzar komplett löschen und alles andere was maleware gefunden hat???

Wobei Thunderbird hab ich schon länger nicht mehr am PC

cosinus 05.09.2010 17:41
Das sind Setups von alten Versionen. Die können eh gelöscht werden.
Ich vermute, dass Malwarebytes da eher einen Fehlalarm hatte.

hast Du die ganze Sinnfrei-Software jetzt nun deinstalliert?

LadyFreaky 05.09.2010 17:45
nein muss ich erst
edit: so hab mal alle toolbars gelöscht
bezüglich der Programma muss ich erst mal schauen was ich tatsächlich nicht mehr brauche ....

aber heißt das, dass auch Kaspersky 2x einen Fehlalarm hatte, denn gestern und heute kam nichts mehr!!

cosinus 05.09.2010 18:17
Ja, wahrscheinlich waren es Fehlalarme.

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

LadyFreaky 05.09.2010 18:37
So hab mal alles gelöscht was unnötig war an Programmen

Hier von OTLOTL Logfile:
Code:
OTL logfile created on: 05.09.2010 19:25:50 - Run 2
OTL by OldTimer - Version 3.2.11.0    Folder = C:\Users\birgit\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free
3,00 Gb Paging File | 1,00 Gb Available in Paging File | 37,00% Paging File free
Paging file location(s):  [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 229,13 Gb Total Space | 120,39 Gb Free Space | 52,54% Space Free | Partition Type: NTFS
Drive D: | 228,82 Gb Total Space | 151,62 Gb Free Space | 66,26% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: BIRGIT-PC
Current User Name: birgit
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\birgit\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\birgit\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe (Nokia)
PRC - C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe ()
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Program Files\Avanquest\Print Artist Platinum\ReminderApp.exe ()
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe (Kaspersky Lab)
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\CoreDownload\CoreDownload Free Wallpaper Changer\CDWC.exe ()
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe (CyberLink Corp.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
PRC - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\SysMonitor.exe ()
PRC - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\birgit\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (CLTNetCnService) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (Boonty Games) -- C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe (BOONTY)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Acer HomeMedia Connect Service) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (USBModem) -- C:\Windows\System32\DRIVERS\lgusbmodem.sys File not found
DRV - (UsbDiag) -- C:\Windows\System32\DRIVERS\lgusbdiag.sys File not found
DRV - (usbbus) -- C:\Windows\System32\DRIVERS\lgusbbus.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab)
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab)
DRV - (klbg) -- C:\Windows\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files\Acer Arcade Live\Acer PlayMovie\000.fcl (Cyberlink Corp.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (PSDNServ) -- C:\Windows\system32\drivers\PSDNServ.sys (HiTRUST)
DRV - (psdvdisk) -- C:\Windows\system32\drivers\psdvdisk.sys (HiTRUST)
DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (HiTRUST)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (PID_0928) Labtec WebCam(PID_0928) -- C:\Windows\System32\drivers\LV561AV.SYS (Labtec Inc.)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Labtec Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Winamp Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "chello.at"
FF - prefs.js..extensions.enabledItems: dvscontextmenuy@dvdvideosoft.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.11.2
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.459
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {9b339f6e-ddcd-401b-8764-230adbd01761}:2.6.0.15
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..keyword.URL: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.03.08 18:29:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.07.24 11:03:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.15 18:48:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.15 18:48:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010.05.05 17:47:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.07.24 11:03:40 | 000,000,000 | ---D | M]
 
[2009.11.28 12:33:47 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\mozilla\Extensions
[2009.11.28 12:33:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\birgit\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.09.05 18:57:26 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\mozilla\Firefox\Profiles\wuaw9i8h.default\extensions
[2009.12.24 11:05:17 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\birgit\AppData\Roaming\mozilla\Firefox\Profiles\wuaw9i8h.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2009.09.03 17:16:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\birgit\AppData\Roaming\mozilla\Firefox\Profiles\wuaw9i8h.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.15 19:24:34 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\birgit\AppData\Roaming\mozilla\Firefox\Profiles\wuaw9i8h.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.06.16 19:49:39 | 000,000,000 | ---D | M] (Messenger Plus Live Toolbar) -- C:\Users\birgit\AppData\Roaming\mozilla\Firefox\Profiles\wuaw9i8h.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}
[2010.07.25 13:08:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\birgit\AppData\Roaming\mozilla\Firefox\Profiles\wuaw9i8h.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.05.17 17:14:38 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\birgit\AppData\Roaming\mozilla\Firefox\Profiles\wuaw9i8h.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2010.09.05 16:24:27 | 000,000,950 | ---- | M] () -- C:\Users\birgit\AppData\Roaming\Mozilla\FireFox\Profiles\wuaw9i8h.default\searchplugins\icqplugin-1.xml
[2009.06.01 03:30:52 | 000,000,950 | ---- | M] () -- C:\Users\birgit\AppData\Roaming\Mozilla\FireFox\Profiles\wuaw9i8h.default\searchplugins\icqplugin-2.xml
[2008.07.10 14:07:28 | 000,000,944 | ---- | M] () -- C:\Users\birgit\AppData\Roaming\Mozilla\FireFox\Profiles\wuaw9i8h.default\searchplugins\icqplugin.xml
[2010.05.17 17:14:19 | 000,003,915 | ---- | M] () -- C:\Users\birgit\AppData\Roaming\Mozilla\FireFox\Profiles\wuaw9i8h.default\searchplugins\sweetim.xml
[2009.12.24 11:05:24 | 000,001,201 | ---- | M] () -- C:\Users\birgit\AppData\Roaming\Mozilla\FireFox\Profiles\wuaw9i8h.default\searchplugins\winamp-search.xml
[2010.05.16 09:48:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.05.16 09:48:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.05.05 17:49:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.08.15 18:48:41 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.08.15 18:48:41 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.08.15 18:48:41 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.08.15 18:48:41 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.08.15 18:48:41 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
[2009.04.07 15:59:38 | 000,000,872 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Yahooober31161496.gif
[2009.11.03 19:25:12 | 000,000,205 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Yahooober31161496.src
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1            localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}  - No CLSID value found.
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Acer Tour]  File not found
O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [PicPick Start] C:\Screenshoots\Picpick\picpick.exe ()
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PrintArtist] C:\Program Files\Avanquest\Print Artist Platinum\ReminderApp.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [EPSON Stylus DX6000 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe File not found
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe File not found
O4 - HKCU..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
O4 - Startup: C:\Users\birgit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O8 - Extra context menu item: Free YouTube Download - C:\Users\birgit\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\birgit\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Save YouTube Video - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} hxxp://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Users\birgit\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\birgit\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.09.04 19:25:01 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\birgit\Desktop\OTL.exe
[2010.09.04 18:54:06 | 000,000,000 | ---D | C] -- C:\Users\birgit\AppData\Roaming\Malwarebytes
[2010.09.04 18:53:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.09.04 18:53:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.09.04 18:53:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.09.04 18:53:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.09.04 18:52:49 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\ProgramData\mbam-setup.exe
[2010.09.02 22:49:31 | 000,000,000 | ---D | C] -- C:\Users\birgit\AppData\Roaming\TrojanHunter
[2010.09.02 22:45:41 | 000,000,000 | ---D | C] -- C:\Program Files\TrojanHunter 5.3
[2010.09.02 22:44:19 | 022,489,640 | ---- | C] (Mischel Internet Security                                  ) -- C:\ProgramData\TrojanHunter53Setup.exe
[2010.08.22 13:37:51 | 018,088,968 | ---- | C] (DVDVideoSoft Limited.                                      ) -- C:\ProgramData\FreeYouTubeToMp3Converter.exe
[2010.08.13 16:38:31 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.08.13 16:38:29 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.08.13 16:38:29 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.08.13 16:38:29 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.08.13 16:38:28 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.08.13 16:38:28 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.08.13 16:38:28 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.08.13 16:38:27 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.08.13 16:38:26 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.08.13 16:38:24 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.08.13 16:38:23 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.08.13 16:38:23 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.08.13 16:38:23 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.08.13 16:38:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.08.13 16:38:22 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.08.13 16:37:50 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.08.13 16:37:30 | 002,036,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.08.13 16:37:27 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.08.13 16:37:23 | 003,598,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.13 16:37:23 | 003,545,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.08.10 18:30:21 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualFarm
[2010.08.06 20:37:11 | 011,971,973 | ---- | C] (DVDVideoSoft Limited.                                      ) -- C:\ProgramData\FreeVideoToMp3Converter40.exe
[2010.08.06 20:03:09 | 000,000,000 | ---D | C] -- C:\Users\birgit\AppData\Local\Deployment
[2010.08.06 19:50:03 | 000,000,000 | ---D | C] -- C:\Users\birgit\AppData\Local\Google
[2010.05.23 12:57:52 | 007,213,444 | ---- | C] (www.minidvdsoft.com                                        ) -- C:\ProgramData\freedvdcreator.exe
[2010.05.22 13:54:22 | 008,062,504 | ---- | C] (                                                            ) -- C:\ProgramData\DVDStyler-1.8.0.3-win32.exe
[2010.05.16 13:58:54 | 306,699,456 | ---- | C] (Nero AG) -- C:\ProgramData\multimediasuite-ESD_small-20100412164653105-10.0.13200.nsx.exe
[2010.04.17 15:46:40 | 017,776,464 | ---- | C] (pdfforge GbR) -- C:\ProgramData\PDFCreator-0_9_9_setup.exe
[2010.03.20 15:58:49 | 003,378,431 | ---- | C] (CoreDownload Free Wallpaper Changer                        ) -- C:\ProgramData\CoreDownloadFreeWallpaperChangerSetup.exe
[2010.02.15 17:29:15 | 003,917,578 | ---- | C] (SCWA-Software                                              ) -- C:\ProgramData\VideoSS.exe
[2010.02.06 14:15:26 | 012,109,496 | ---- | C] (ICQ) -- C:\ProgramData\install_icq7.exe
[2010.01.24 13:48:19 | 032,047,558 | ---- | C] (Macrovision Corporation) -- C:\ProgramData\JAD8002_BASIC.exe
[2010.01.16 14:00:08 | 000,535,576 | ---- | C] (RealNetworks, Inc.) -- C:\ProgramData\RealPlayerSPGold_de.exe
[2010.01.01 12:52:26 | 005,176,728 | ---- | C] (Yuna Software) -- C:\ProgramData\MsgPlusLive-483.exe
[2009.12.24 10:57:09 | 011,334,424 | ---- | C] (Nullsoft, Inc.) -- C:\ProgramData\winamp5571_full_emusic-7plus_de-de.exe
[2009.12.16 21:02:44 | 001,167,688 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\wlsetup-custom.exe
[2009.12.06 11:40:58 | 003,184,296 | ---- | C] (Piriform Ltd) -- C:\ProgramData\dfsetup115.exe
[2009.12.04 19:08:29 | 002,573,488 | ---- | C] (Karlis Blumentals                                          ) -- C:\ProgramData\scrwon4.exe
[2009.11.29 18:22:52 | 007,472,320 | ---- | C] (DVDVideoSoft Limited.                                      ) -- C:\ProgramData\FreeVideoToJPGConverter1.5.1.54.exe
[2009.11.19 18:22:56 | 001,067,856 | ---- | C] (Piriform Ltd) -- C:\ProgramData\ccsetup225_slim.exe
[2009.11.14 15:39:21 | 001,128,916 | ---- | C] (www.hellopdf.com                                            ) -- C:\ProgramData\pdf2wordsetup.exe
[2009.10.26 20:10:17 | 006,113,130 | ---- | C] (InstallShield Software Corporation) -- C:\ProgramData\pci_filerecovery4.exe
[2009.10.26 14:21:02 | 015,375,944 | ---- | C] (Any-Video-Converter.com                                    ) -- C:\ProgramData\avc-free.exe
[2009.10.03 17:17:53 | 115,904,256 | ---- | C] (Corel Corporation                                          ) -- C:\ProgramData\WinDVDPro2010-TBYB.exe
[2009.09.23 17:36:07 | 021,952,661 | ---- | C] (VMesquita                                                  ) -- C:\ProgramData\DIKOSetup245.exe
[2009.09.21 19:01:09 | 000,073,728 | ---- | C] ( ) -- C:\ProgramData\vdremote.dll
[2009.09.21 19:01:09 | 000,069,632 | ---- | C] ( ) -- C:\ProgramData\vdicmdrv.dll
[2009.09.21 19:01:09 | 000,069,632 | ---- | C] ( ) -- C:\ProgramData\auxsetup.exe
[2009.09.21 19:01:09 | 000,065,536 | ---- | C] ( ) -- C:\ProgramData\vdsvrlnk.dll
[2009.09.21 19:01:09 | 000,008,704 | ---- | C] ( ) -- C:\ProgramData\vdub.exe
[2009.08.22 14:40:32 | 001,228,240 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\ADBEPHSPCS4_LS4.exe
[2009.08.08 19:30:18 | 000,946,119 | ---- | C] (Jodix Technologies Ltd.                                    ) -- C:\ProgramData\free-wma-mp3-converter.exe
[2009.07.14 20:20:46 | 000,347,432 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WINWORD.EXE
[2009.07.01 18:51:47 | 020,631,848 | ---- | C] (Skype Technologies S.A.) -- C:\ProgramData\SkypeSetupFull.exe
[2009.06.16 14:03:56 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\Interop.SHDocVw.dll
[2009.01.10 17:36:22 | 016,126,456 | ---- | C] (Macrovision Corporation) -- C:\ProgramData\install_puls4_icq65.exe
[2007.05.07 01:07:10 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.09.05 19:35:17 | 005,242,880 | -HS- | M] () -- C:\Users\birgit\ntuser.dat
[2010.09.05 19:12:37 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.05 19:12:37 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.05 19:12:36 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.05 19:12:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.05 19:12:28 | 3220,692,992 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.05 19:11:30 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.09.05 19:11:28 | 000,524,288 | -HS- | M] () -- C:\Users\birgit\ntuser.dat{c2075e3f-3c6f-11de-8987-001c25881f46}.TMContainer00000000000000000001.regtrans-ms
[2010.09.05 19:11:28 | 000,065,536 | -HS- | M] () -- C:\Users\birgit\ntuser.dat{c2075e3f-3c6f-11de-8987-001c25881f46}.TM.blf
[2010.09.05 19:10:38 | 004,442,490 | -H-- | M] () -- C:\Users\birgit\AppData\Local\IconCache.db
[2010.09.05 19:08:04 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-99989120-414168423-3571821316-1000UA.job
[2010.09.04 20:08:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-99989120-414168423-3571821316-1000Core.job
[2010.09.04 19:25:05 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\birgit\Desktop\OTL.exe
[2010.09.04 18:53:55 | 000,000,782 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.04 18:52:59 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\ProgramData\mbam-setup.exe
[2010.09.02 22:45:48 | 000,059,392 | R--- | M] () -- C:\Windows\System32\streamhlp.dll
[2010.09.02 22:44:23 | 022,489,640 | ---- | M] (Mischel Internet Security                                  ) -- C:\ProgramData\TrojanHunter53Setup.exe
[2010.09.01 18:08:35 | 001,445,116 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.09.01 18:08:35 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.09.01 18:08:35 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.09.01 18:08:35 | 000,126,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.09.01 18:08:35 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.28 11:36:37 | 000,001,179 | ---- | M] () -- C:\Users\birgit\Desktop\Free YouTube to MP3 Converter.lnk
[2010.08.28 09:53:57 | 000,001,399 | ---- | M] () -- C:\Users\birgit\Desktop\DivX Movies.lnk
[2010.08.28 09:53:38 | 000,000,881 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010.08.25 18:43:50 | 000,159,744 | ---- | M] () -- C:\Users\birgit\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.22 13:39:11 | 000,000,996 | ---- | M] () -- C:\Users\birgit\Desktop\DVDVideoSoft Free Studio.lnk
[2010.08.22 13:37:55 | 018,088,968 | ---- | M] (DVDVideoSoft Limited.                                      ) -- C:\ProgramData\FreeYouTubeToMp3Converter.exe
[2010.08.21 10:08:28 | 000,002,051 | ---- | M] () -- C:\Users\birgit\Desktop\Google Chrome.lnk
[2010.08.14 10:50:53 | 002,333,320 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.07 09:41:18 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.08.06 20:37:43 | 011,971,973 | ---- | M] (DVDVideoSoft Limited.                                      ) -- C:\ProgramData\FreeVideoToMp3Converter40.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.09.04 18:53:55 | 000,000,782 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.02 22:45:41 | 000,059,392 | R--- | C] () -- C:\Windows\System32\streamhlp.dll
[2010.08.28 11:36:37 | 000,001,179 | ---- | C] () -- C:\Users\birgit\Desktop\Free YouTube to MP3 Converter.lnk
[2010.08.09 18:55:24 | 000,000,011 | ---- | C] () -- C:\Users\birgit\AppData\Roaming\NevoSoft Gameslog.txt
[2010.08.06 20:04:21 | 000,002,051 | ---- | C] () -- C:\Users\birgit\Desktop\Google Chrome.lnk
[2010.08.06 20:03:32 | 000,001,122 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-99989120-414168423-3571821316-1000UA.job
[2010.08.06 20:03:31 | 000,001,070 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-99989120-414168423-3571821316-1000Core.job
[2010.05.23 11:12:30 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.05.23 11:08:08 | 008,667,467 | ---- | C] () -- C:\ProgramData\vdm328_free.exe
[2010.05.22 11:42:01 | 038,649,247 | ---- | C] () -- C:\ProgramData\FFSetup230.exe
[2010.05.16 13:29:29 | 000,256,832 | ---- | C] () -- C:\ProgramData\SoftonicDownloader50481.exe
[2010.04.17 15:52:53 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.03.20 15:40:48 | 003,932,214 | ---- | C] () -- C:\ProgramData\Wallpaper.bmp
[2010.03.20 15:40:39 | 000,000,211 | ---- | C] () -- C:\ProgramData\untitled.wpl
[2010.03.20 15:34:19 | 000,034,998 | ---- | C] () -- C:\ProgramData\WPCLogo.bmp
[2010.03.20 15:34:19 | 000,015,446 | ---- | C] () -- C:\ProgramData\History.txt
[2010.03.20 15:34:19 | 000,010,672 | ---- | C] () -- C:\ProgramData\Readme.txt
[2010.03.20 15:34:19 | 000,001,402 | ---- | C] () -- C:\ProgramData\File_id.diz
[2010.01.31 12:09:29 | 000,000,156 | ---- | C] () -- C:\Users\birgit\AppData\Roaming\default.rss
[2010.01.29 21:00:08 | 034,503,088 | ---- | C] () -- C:\ProgramData\Nokia_PC_Suite_ger_web.exe
[2010.01.02 11:34:48 | 000,001,497 | ---- | C] () -- C:\ProgramData\JkDefragGUI.ini
[2010.01.02 11:34:07 | 002,575,069 | ---- | C] () -- C:\ProgramData\JkDefragGUI.exe
[2010.01.02 11:34:07 | 000,037,170 | ---- | C] () -- C:\ProgramData\ChangeLog.txt
[2010.01.02 11:34:07 | 000,001,472 | ---- | C] () -- C:\ProgramData\ReadMeFirst.txt
[2009.12.24 11:06:41 | 000,263,115 | ---- | C] () -- C:\ProgramData\Alex7b.wsz
[2009.12.04 18:32:52 | 017,363,313 | ---- | C] () -- C:\ProgramData\aol.exe
[2009.11.23 19:21:55 | 000,477,527 | ---- | C] () -- C:\ProgramData\DivXInstaller.exe
[2009.11.14 15:48:44 | 023,207,088 | ---- | C] () -- C:\ProgramData\PdfGrabber_Setup.exe
[2009.11.14 15:27:23 | 000,754,344 | ---- | C] () -- C:\ProgramData\advancedpdf2word_trial.exe
[2009.10.26 22:23:45 | 003,267,488 | ---- | C] () -- C:\ProgramData\Pandora211Recovery.exe
[2009.10.26 22:17:55 | 000,056,832 | ---- | C] () -- C:\ProgramData\file-recovery-pro-DEMO.exe
[2009.10.26 22:17:55 | 000,000,875 | ---- | C] () -- C:\ProgramData\file-recovery-pro-DEMO.ini
[2009.10.26 22:17:54 | 011,109,376 | ---- | C] () -- C:\ProgramData\file-recovery-pro-DEMO_German.msi
[2009.10.26 22:17:54 | 011,102,720 | ---- | C] () -- C:\ProgramData\file-recovery-pro-DEMO.msi
[2009.10.26 22:13:44 | 021,047,280 | ---- | C] () -- C:\ProgramData\file-recovery-pro36-demo.zip
[2009.10.10 14:12:51 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2009.10.10 14:09:23 | 012,621,312 | ---- | C] () -- C:\ProgramData\gs870w32.exe
[2009.10.10 14:05:10 | 001,720,832 | ---- | C] () -- C:\ProgramData\FreePDF4.02.EXE
[2009.10.10 11:49:52 | 000,599,173 | ---- | C] () -- C:\ProgramData\PDFBlenderSetup1.1.2.exe
[2009.10.03 17:58:13 | 001,275,896 | ---- | C] () -- C:\ProgramData\setup.exe
[2009.10.03 17:30:51 | 000,000,088 | RHS- | C] () -- C:\ProgramData\AD7517B469.sys
[2009.10.03 17:30:50 | 000,002,516 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009.09.29 18:18:31 | 000,000,402 | ---- | C] () -- C:\Users\birgit\AppData\Roaming\wklnhst.dat
[2009.09.21 19:01:09 | 000,246,767 | ---- | C] () -- C:\ProgramData\VirtualDub.chm
[2009.09.21 19:01:09 | 000,219,510 | ---- | C] () -- C:\ProgramData\VirtualDub.vdi
[2009.09.21 19:01:09 | 000,018,321 | ---- | C] () -- C:\ProgramData\copying
[2009.09.21 19:01:08 | 002,658,816 | ---- | C] () -- C:\ProgramData\VirtualDub.exe
[2009.07.01 18:57:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.06.27 14:58:17 | 076,559,360 | ---- | C] () -- C:\ProgramData\WolfQuest_Win20090606.msi
[2009.06.20 15:54:00 | 076,342,784 | ---- | C] () -- C:\ProgramData\WolfQuest_Win20080717.msi
[2009.06.16 14:03:58 | 000,053,248 | ---- | C] () -- C:\Windows\System32\dossec.dll
[2009.05.21 20:07:42 | 001,048,200 | ---- | C] () -- C:\ProgramData\MoveMediaPlayer_071303000004.exe
[2009.04.18 19:32:26 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.01.06 15:04:44 | 000,507,904 | ---- | C] () -- C:\ProgramData\pro.exe
[2008.12.28 19:19:34 | 004,998,707 | ---- | C] () -- C:\ProgramData\flvplayer_setup.exe
[2008.12.25 19:43:22 | 003,659,444 | ---- | C] () -- C:\ProgramData\FileZilla_3.1.3.1_win32-setup.exe
[2008.11.22 10:42:54 | 001,471,839 | ---- | C] () -- C:\ProgramData\wrar380d.exe
[2008.09.28 15:43:24 | 000,003,688 | ---- | C] () -- C:\Windows\ULEAD32.INI
[2008.08.26 19:24:32 | 000,159,744 | ---- | C] () -- C:\Users\birgit\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.06.16 17:35:04 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008.06.16 17:30:38 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX6000EFDG.ini
[2008.05.14 18:12:18 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.05.14 09:59:10 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2008.05.14 09:59:10 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2008.05.14 09:30:43 | 000,007,484 | ---- | C] () -- C:\Users\birgit\AppData\Local\d3d9caps.dat
[2008.02.04 19:23:10 | 000,693,792 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL
[2007.05.07 10:41:16 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007.05.07 09:22:38 | 000,000,834 | ---- | C] () -- C:\Windows\generic.ini
[2007.05.07 09:22:38 | 000,000,132 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007.05.07 01:07:10 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007.02.06 23:58:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007.02.06 23:57:58 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007.02.06 23:57:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007.02.06 23:56:30 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007.02.06 23:56:28 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007.02.06 23:52:08 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006.12.25 15:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.01.19 10:30:54 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_SVXWV4PVSVVVV8N4TFBRVDNPCLPTJBX9Y6LV9TXVVJVFJF5VVJV0
@Alternate Data Stream - 24 bytes -> C:\Windows:28623108D70BB416
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:1941675B
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:FD444D31
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:700CD00E
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:3A925163
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:997E6AF4
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:79F970BE
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:A94968B5
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:9CB2B6C5
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:51A22C60
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:CBEB737E
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:B83BF1A6
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:6A16A184
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:8EEE3BBB
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:25005EFA
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D2A5A561
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A42A9F39
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:3AE22B1A
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:273A8657
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:128A6DC9
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:E0AE69BE
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:6677D85A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:3447AB86
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:6A97C459
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:69FD6BF0
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:E1D818F7
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:CB0FEE2B
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:22313216
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A561576B
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:0CC7E693
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:6BD1DCDD
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:E1F04E8D
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:BE6DC701
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:77846FFE
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:5216CD26
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:BAC03849
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:9446E8B9
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D88D995C
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:98AE08EA
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:BDF08FAF
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:B14B4A95
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:87FA5E8A
< End of report >
--- --- ---

cosinus 05.09.2010 18:44
Du hast jetzt aber keinen Custom-Scan gemacht! Du solltest den o.g. Text benutzen und in OTL für den Custom Scan reinkopieren!

LadyFreaky 05.09.2010 19:47
OTL Logfile:
Code:
OTL logfile created on: 05.09.2010 20:03:56 - Run 3
OTL by OldTimer - Version 3.2.11.0    Folder = C:\Users\birgit\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 51,00% Memory free
3,00 Gb Paging File | 1,00 Gb Available in Paging File | 48,00% Paging File free
Paging file location(s):  [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 229,13 Gb Total Space | 120,34 Gb Free Space | 52,52% Space Free | Partition Type: NTFS
Drive D: | 228,82 Gb Total Space | 151,62 Gb Free Space | 66,26% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: BIRGIT-PC
Current User Name: birgit
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\birgit\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Users\birgit\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe (Nokia)
PRC - C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe ()
PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Program Files\Avanquest\Print Artist Platinum\ReminderApp.exe ()
PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
PRC - C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe (CyberLink Corp.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()
PRC - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\SysMonitor.exe ()
PRC - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Acer Inc.)
PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\birgit\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (CLTNetCnService) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (Boonty Games) -- C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe (BOONTY)
SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Acer HomeMedia Connect Service) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)
SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT)
SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)
SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (USBModem) -- C:\Windows\System32\DRIVERS\lgusbmodem.sys File not found
DRV - (UsbDiag) -- C:\Windows\System32\DRIVERS\lgusbdiag.sys File not found
DRV - (usbbus) -- C:\Windows\System32\DRIVERS\lgusbbus.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab)
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab)
DRV - (klbg) -- C:\Windows\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files\Acer Arcade Live\Acer PlayMovie\000.fcl (Cyberlink Corp.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (PSDNServ) -- C:\Windows\system32\drivers\PSDNServ.sys (HiTRUST)
DRV - (psdvdisk) -- C:\Windows\system32\drivers\psdvdisk.sys (HiTRUST)
DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (HiTRUST)
DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (PID_0928) Labtec WebCam(PID_0928) -- C:\Windows\System32\drivers\LV561AV.SYS (Labtec Inc.)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Labtec Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Winamp Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "chello.at"
FF - prefs.js..extensions.enabledItems: dvscontextmenuy@dvdvideosoft.com:1.0
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.11.2
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.459
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {9b339f6e-ddcd-401b-8764-230adbd01761}:2.6.0.15
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14
FF - prefs.js..keyword.URL: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query="
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties"
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.03.08 18:29:28 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.07.24 11:03:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.15 18:48:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.15 18:48:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010.05.05 17:47:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.07.24 11:03:40 | 000,000,000 | ---D | M]
 
[2009.11.28 12:33:47 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\mozilla\Extensions
[2009.11.28 12:33:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\birgit\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.09.05 18:57:26 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\mozilla\Firefox\Profiles\wuaw9i8h.default\extensions
[2009.12.24 11:05:17 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\birgit\AppData\Roaming\mozilla\Firefox\Profiles\wuaw9i8h.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2009.09.03 17:16:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\birgit\AppData\Roaming\mozilla\Firefox\Profiles\wuaw9i8h.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.08.15 19:24:34 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\birgit\AppData\Roaming\mozilla\Firefox\Profiles\wuaw9i8h.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.06.16 19:49:39 | 000,000,000 | ---D | M] (Messenger Plus Live Toolbar) -- C:\Users\birgit\AppData\Roaming\mozilla\Firefox\Profiles\wuaw9i8h.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}
[2010.07.25 13:08:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\birgit\AppData\Roaming\mozilla\Firefox\Profiles\wuaw9i8h.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.05.17 17:14:38 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\birgit\AppData\Roaming\mozilla\Firefox\Profiles\wuaw9i8h.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2010.09.05 16:24:27 | 000,000,950 | ---- | M] () -- C:\Users\birgit\AppData\Roaming\Mozilla\FireFox\Profiles\wuaw9i8h.default\searchplugins\icqplugin-1.xml
[2009.06.01 03:30:52 | 000,000,950 | ---- | M] () -- C:\Users\birgit\AppData\Roaming\Mozilla\FireFox\Profiles\wuaw9i8h.default\searchplugins\icqplugin-2.xml
[2008.07.10 14:07:28 | 000,000,944 | ---- | M] () -- C:\Users\birgit\AppData\Roaming\Mozilla\FireFox\Profiles\wuaw9i8h.default\searchplugins\icqplugin.xml
[2010.05.17 17:14:19 | 000,003,915 | ---- | M] () -- C:\Users\birgit\AppData\Roaming\Mozilla\FireFox\Profiles\wuaw9i8h.default\searchplugins\sweetim.xml
[2009.12.24 11:05:24 | 000,001,201 | ---- | M] () -- C:\Users\birgit\AppData\Roaming\Mozilla\FireFox\Profiles\wuaw9i8h.default\searchplugins\winamp-search.xml
[2010.05.16 09:48:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.05.16 09:48:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.05.05 17:49:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.08.15 18:48:41 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.08.15 18:48:41 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.08.15 18:48:41 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.08.15 18:48:41 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.08.15 18:48:41 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
[2009.04.07 15:59:38 | 000,000,872 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Yahooober31161496.gif
[2009.11.03 19:25:12 | 000,000,205 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Yahooober31161496.src
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1            localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}  - No CLSID value found.
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Acer Tour]  File not found
O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia)
O4 - HKLM..\Run: [PicPick Start] C:\Screenshoots\Picpick\picpick.exe ()
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PrintArtist] C:\Program Files\Avanquest\Print Artist Platinum\ReminderApp.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [EPSON Stylus DX6000 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe File not found
O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe File not found
O4 - HKCU..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia)
O4 - Startup: C:\Users\birgit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O8 - Extra context menu item: Free YouTube Download - C:\Users\birgit\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\birgit\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Save YouTube Video - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} hxxp://ax.emsisoft.com/asquared.cab (a-squared Scanner)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Users\birgit\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\birgit\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {00547846-E107-B2B9-8EAC-54D8942F5411} - .NET Framework
ActiveX: {05417E94-DCF0-49F0-E27A-BF62EA157293} - Java (Sun)
ActiveX: {07D2B31F-619B-FFEE-92A6-C33DF4306B00} - Microsoft VM
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {0D4EB94F-CE8A-10DC-467D-7879639C03B9} - Microsoft Windows Media Player
ActiveX: {0D75B237-9C39-461B-565A-4C1B6970F8DB} -
ActiveX: {116BC773-3A87-AD0A-3809-4ABCABF00C67} - Browser Customizations
ActiveX: {21247E7F-0241-759A-7664-1E3CB8989BE3} - Microsoft Windows Media Player 11.0
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3
ActiveX: {2BE790CD-9CC7-BE3D-5338-973A1653A507} - Microsoft Windows Media Player
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D31D9C2-F89A-516A-F57E-FB0BC983478C} - Adobe Shockwave Director 10.4
ActiveX: {3038510F-76D2-2D05-B1D7-8EFE4A0CDA2C} - Internet Explorer
ActiveX: {3203C1AC-B780-7CE0-8CAC-C00043B52026} - Browser Customizations
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {67F0B0E4-59EA-2F60-EBEF-3FFC22969554} -
ActiveX: {6B5741A4-7F4C-6461-F598-020676DA4AC8} - Microsoft Windows Media Player 11.0
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {7F48C047-8F18-FDE7-63E4-9B8F3F5CA809} -
ActiveX: {85007E83-D9A5-CF63-B44D-3C987AC99137} - .NET Framework
ActiveX: {86DAAA1F-4A32-78AA-57DF-A08718E70A08} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8A19252E-4DE1-DE6D-B654-F547958B5A61} -
ActiveX: {8B4A4E43-18EB-EA03-B1EB-C79FB973E3EA} -
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {ABCD9D8B-235A-8D1D-4004-44FA49ED73D4} - Java (Sun)
ActiveX: {C4AEA95C-0E22-E14E-13D0-4B935953FEDD} - Microsoft Windows Media Player
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CA8DDEFA-BF63-BD79-87E3-BA726CDE0A37} - Adobe Shockwave Director 11.0.3
ActiveX: {CB086E09-7BB2-CF22-4506-FBED42AE9F87} -
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {D3F337F1-8FB3-44DE-244D-C7650F3F907D} - Adobe Shockwave Director 10.4
ActiveX: {D5CAAD60-96C9-4A7A-CA13-A901F1F09905} - Microsoft Windows Media Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E3B09ADA-1FAF-B4FE-04C4-D58E6DCF83C4} - Adobe Shockwave Director 10.4
ActiveX: {E4931831-DA99-4B50-901E-D5F090610CFE} - Browser Customizations
ActiveX: {E57246B4-7612-81BC-0AA9-A793B1FC2779} - Java (Sun)
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Labtec Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.09.04 19:25:01 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\birgit\Desktop\OTL.exe
[2010.09.04 18:54:06 | 000,000,000 | ---D | C] -- C:\Users\birgit\AppData\Roaming\Malwarebytes
[2010.09.04 18:53:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.09.04 18:53:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.09.04 18:53:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.09.04 18:53:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.09.04 18:52:49 | 006,153,648 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\ProgramData\mbam-setup.exe
[2010.09.02 22:49:31 | 000,000,000 | ---D | C] -- C:\Users\birgit\AppData\Roaming\TrojanHunter
[2010.09.02 22:45:41 | 000,000,000 | ---D | C] -- C:\Program Files\TrojanHunter 5.3
[2010.09.02 22:44:19 | 022,489,640 | ---- | C] (Mischel Internet Security                                  ) -- C:\ProgramData\TrojanHunter53Setup.exe
[2010.08.22 13:37:51 | 018,088,968 | ---- | C] (DVDVideoSoft Limited.                                      ) -- C:\ProgramData\FreeYouTubeToMp3Converter.exe
[2010.08.10 18:30:21 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualFarm
[2010.08.06 20:37:11 | 011,971,973 | ---- | C] (DVDVideoSoft Limited.                                      ) -- C:\ProgramData\FreeVideoToMp3Converter40.exe
[2010.08.06 20:03:09 | 000,000,000 | ---D | C] -- C:\Users\birgit\AppData\Local\Deployment
[2010.08.06 19:50:03 | 000,000,000 | ---D | C] -- C:\Users\birgit\AppData\Local\Google
[2010.07.25 13:08:09 | 000,000,000 | ---D | C] -- C:\Users\birgit\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.07.24 11:18:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Nokia
[2010.07.24 11:13:21 | 000,000,000 | ---D | C] -- C:\Users\birgit\AppData\Local\Nokia
[2010.07.24 11:13:18 | 000,000,000 | ---D | C] -- C:\Users\birgit\AppData\Local\NokiaAccount
[2010.07.24 11:03:24 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys
[2010.07.24 11:02:16 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution
[2010.07.24 10:52:56 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaInstallerCache
[2010.07.13 17:41:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Kristanix Games
[2010.07.13 17:07:18 | 000,000,000 | ---D | C] -- C:\ProgramData\FarmFrenzy3_Arctica
[2010.06.26 11:11:16 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\EA Games
[2010.06.26 11:11:16 | 000,000,000 | ---D | C] -- C:\Users\birgit\Documents\EA Games
[2010.06.22 18:09:28 | 000,000,000 | ---D | C] -- C:\Users\birgit\AppData\Roaming\Jane s ZOO
[2010.06.22 18:08:05 | 000,000,000 | ---D | C] -- C:\Program Files\Realore
[2010.06.22 17:28:30 | 000,000,000 | ---D | C] -- C:\Users\birgit\AppData\Roaming\Oberon Janes ZOO
[2010.06.22 16:22:09 | 000,000,000 | ---D | C] -- C:\ProgramData\rionix
[2010.06.16 19:49:45 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010.06.16 18:38:32 | 000,000,000 | ---D | C] -- C:\Users\birgit\AppData\Roaming\1morebee
[2010.06.16 18:34:47 | 000,000,000 | ---D | C] -- C:\Boonty
[2010.05.23 12:57:52 | 007,213,444 | ---- | C] (www.minidvdsoft.com                                        ) -- C:\ProgramData\freedvdcreator.exe
[2010.05.22 13:54:22 | 008,062,504 | ---- | C] (                                                            ) -- C:\ProgramData\DVDStyler-1.8.0.3-win32.exe
[2010.05.16 13:58:54 | 306,699,456 | ---- | C] (Nero AG) -- C:\ProgramData\multimediasuite-ESD_small-20100412164653105-10.0.13200.nsx.exe
[2010.04.17 15:46:40 | 017,776,464 | ---- | C] (pdfforge GbR) -- C:\ProgramData\PDFCreator-0_9_9_setup.exe
[2010.03.20 15:58:49 | 003,378,431 | ---- | C] (CoreDownload Free Wallpaper Changer                        ) -- C:\ProgramData\CoreDownloadFreeWallpaperChangerSetup.exe
[2010.02.15 17:29:15 | 003,917,578 | ---- | C] (SCWA-Software                                              ) -- C:\ProgramData\VideoSS.exe
[2010.02.06 14:15:26 | 012,109,496 | ---- | C] (ICQ) -- C:\ProgramData\install_icq7.exe
[2010.01.24 13:48:19 | 032,047,558 | ---- | C] (Macrovision Corporation) -- C:\ProgramData\JAD8002_BASIC.exe
[2010.01.16 14:00:08 | 000,535,576 | ---- | C] (RealNetworks, Inc.) -- C:\ProgramData\RealPlayerSPGold_de.exe
[2010.01.01 12:52:26 | 005,176,728 | ---- | C] (Yuna Software) -- C:\ProgramData\MsgPlusLive-483.exe
[2009.12.24 10:57:09 | 011,334,424 | ---- | C] (Nullsoft, Inc.) -- C:\ProgramData\winamp5571_full_emusic-7plus_de-de.exe
[2009.12.16 21:02:44 | 001,167,688 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\wlsetup-custom.exe
[2009.12.06 11:40:58 | 003,184,296 | ---- | C] (Piriform Ltd) -- C:\ProgramData\dfsetup115.exe
[2009.12.04 19:08:29 | 002,573,488 | ---- | C] (Karlis Blumentals                                          ) -- C:\ProgramData\scrwon4.exe
[2009.11.29 18:22:52 | 007,472,320 | ---- | C] (DVDVideoSoft Limited.                                      ) -- C:\ProgramData\FreeVideoToJPGConverter1.5.1.54.exe
[2009.11.19 18:22:56 | 001,067,856 | ---- | C] (Piriform Ltd) -- C:\ProgramData\ccsetup225_slim.exe
[2009.11.14 15:39:21 | 001,128,916 | ---- | C] (www.hellopdf.com                                            ) -- C:\ProgramData\pdf2wordsetup.exe
[2009.10.26 20:10:17 | 006,113,130 | ---- | C] (InstallShield Software Corporation) -- C:\ProgramData\pci_filerecovery4.exe
[2009.10.26 14:21:02 | 015,375,944 | ---- | C] (Any-Video-Converter.com                                    ) -- C:\ProgramData\avc-free.exe
[2009.10.03 17:17:53 | 115,904,256 | ---- | C] (Corel Corporation                                          ) -- C:\ProgramData\WinDVDPro2010-TBYB.exe
[2009.09.23 17:36:07 | 021,952,661 | ---- | C] (VMesquita                                                  ) -- C:\ProgramData\DIKOSetup245.exe
[2009.09.21 19:01:09 | 000,073,728 | ---- | C] ( ) -- C:\ProgramData\vdremote.dll
[2009.09.21 19:01:09 | 000,069,632 | ---- | C] ( ) -- C:\ProgramData\vdicmdrv.dll
[2009.09.21 19:01:09 | 000,069,632 | ---- | C] ( ) -- C:\ProgramData\auxsetup.exe
[2009.09.21 19:01:09 | 000,065,536 | ---- | C] ( ) -- C:\ProgramData\vdsvrlnk.dll
[2009.09.21 19:01:09 | 000,008,704 | ---- | C] ( ) -- C:\ProgramData\vdub.exe
[2009.08.22 14:40:32 | 001,228,240 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\ADBEPHSPCS4_LS4.exe
[2009.08.08 19:30:18 | 000,946,119 | ---- | C] (Jodix Technologies Ltd.                                    ) -- C:\ProgramData\free-wma-mp3-converter.exe
[2009.07.14 20:20:46 | 000,347,432 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WINWORD.EXE
[2009.07.01 18:51:47 | 020,631,848 | ---- | C] (Skype Technologies S.A.) -- C:\ProgramData\SkypeSetupFull.exe
[2009.06.16 14:03:56 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\Interop.SHDocVw.dll
[2009.01.10 17:36:22 | 016,126,456 | ---- | C] (Macrovision Corporation) -- C:\ProgramData\install_puls4_icq65.exe
[2007.05.07 01:07:10 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 90 Days ==========
 
[2010.09.05 20:13:36 | 005,242,880 | -HS- | M] () -- C:\Users\birgit\ntuser.dat
[2010.09.05 20:08:01 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-99989120-414168423-3571821316-1000UA.job
[2010.09.05 20:08:01 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-99989120-414168423-3571821316-1000Core.job
[2010.09.05 19:57:48 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.09.05 19:57:48 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.09.05 19:57:45 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.09.05 19:57:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.09.05 19:57:36 | 3220,692,992 | -HS- | M] () -- C:\hiberfil.sys
[2010.09.05 19:11:30 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.09.05 19:11:28 | 000,524,288 | -HS- | M] () -- C:\Users\birgit\ntuser.dat{c2075e3f-3c6f-11de-8987-001c25881f46}.TMContainer00000000000000000001.regtrans-ms
[2010.09.05 19:11:28 | 000,065,536 | -HS- | M] () -- C:\Users\birgit\ntuser.dat{c2075e3f-3c6f-11de-8987-001c25881f46}.TM.blf
[2010.09.05 19:10:38 | 004,442,490 | -H-- | M] () -- C:\Users\birgit\AppData\Local\IconCache.db
[2010.09.04 19:25:05 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\birgit\Desktop\OTL.exe
[2010.09.04 18:53:55 | 000,000,782 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.04 18:52:59 | 006,153,648 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\ProgramData\mbam-setup.exe
[2010.09.02 22:45:48 | 000,059,392 | R--- | M] () -- C:\Windows\System32\streamhlp.dll
[2010.09.02 22:44:23 | 022,489,640 | ---- | M] (Mischel Internet Security                                  ) -- C:\ProgramData\TrojanHunter53Setup.exe
[2010.09.01 18:08:35 | 001,445,116 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.09.01 18:08:35 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.09.01 18:08:35 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.09.01 18:08:35 | 000,126,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.09.01 18:08:35 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.28 11:36:37 | 000,001,179 | ---- | M] () -- C:\Users\birgit\Desktop\Free YouTube to MP3 Converter.lnk
[2010.08.28 09:53:57 | 000,001,399 | ---- | M] () -- C:\Users\birgit\Desktop\DivX Movies.lnk
[2010.08.28 09:53:38 | 000,000,881 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk
[2010.08.25 18:43:50 | 000,159,744 | ---- | M] () -- C:\Users\birgit\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.22 13:39:11 | 000,000,996 | ---- | M] () -- C:\Users\birgit\Desktop\DVDVideoSoft Free Studio.lnk
[2010.08.22 13:37:55 | 018,088,968 | ---- | M] (DVDVideoSoft Limited.                                      ) -- C:\ProgramData\FreeYouTubeToMp3Converter.exe
[2010.08.21 10:08:28 | 000,002,051 | ---- | M] () -- C:\Users\birgit\Desktop\Google Chrome.lnk
[2010.08.14 10:50:53 | 002,333,320 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.07 09:41:18 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.08.06 20:37:43 | 011,971,973 | ---- | M] (DVDVideoSoft Limited.                                      ) -- C:\ProgramData\FreeVideoToMp3Converter40.exe
[2010.07.31 12:19:04 | 000,113,933 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2010.07.31 12:19:04 | 000,097,549 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2010.07.24 11:11:38 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2010.07.24 11:07:44 | 000,000,000 | -H-- | M] () -- C:\Windows\wusa.lock
[2010.07.24 11:07:07 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Ovi Suite.lnk
[2010.07.01 15:48:59 | 000,002,056 | ---- | M] () -- C:\Users\Public\Desktop\Die Sims™ 2 Apartment-Leben.lnk
[2010.07.01 15:48:59 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\www.thesims3.com.lnk
[2010.06.26 11:14:19 | 000,001,977 | ---- | M] () -- C:\Users\Public\Desktop\Die Sims™ 2 Haustiere.lnk
[2010.06.16 18:37:41 | 000,000,178 | ---- | M] () -- C:\Users\Public\Desktop\ Download-Spiele.url
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.09.04 18:53:55 | 000,000,782 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.09.02 22:45:41 | 000,059,392 | R--- | C] () -- C:\Windows\System32\streamhlp.dll
[2010.08.28 11:36:37 | 000,001,179 | ---- | C] () -- C:\Users\birgit\Desktop\Free YouTube to MP3 Converter.lnk
[2010.08.09 18:55:24 | 000,000,011 | ---- | C] () -- C:\Users\birgit\AppData\Roaming\NevoSoft Gameslog.txt
[2010.08.06 20:04:21 | 000,002,051 | ---- | C] () -- C:\Users\birgit\Desktop\Google Chrome.lnk
[2010.08.06 20:03:32 | 000,001,122 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-99989120-414168423-3571821316-1000UA.job
[2010.08.06 20:03:31 | 000,001,070 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-99989120-414168423-3571821316-1000Core.job
[2010.07.24 11:11:38 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2010.07.24 11:07:44 | 000,000,000 | -H-- | C] () -- C:\Windows\wusa.lock
[2010.07.24 11:07:07 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Ovi Suite.lnk
[2010.07.01 15:48:59 | 000,002,056 | ---- | C] () -- C:\Users\Public\Desktop\Die Sims™ 2 Apartment-Leben.lnk
[2010.07.01 15:48:59 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\www.thesims3.com.lnk
[2010.06.26 11:14:19 | 000,001,977 | ---- | C] () -- C:\Users\Public\Desktop\Die Sims™ 2 Haustiere.lnk
[2010.05.23 11:12:30 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010.05.23 11:08:08 | 008,667,467 | ---- | C] () -- C:\ProgramData\vdm328_free.exe
[2010.05.22 11:42:01 | 038,649,247 | ---- | C] () -- C:\ProgramData\FFSetup230.exe
[2010.05.16 13:29:29 | 000,256,832 | ---- | C] () -- C:\ProgramData\SoftonicDownloader50481.exe
[2010.04.17 15:52:53 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.03.20 15:40:48 | 003,932,214 | ---- | C] () -- C:\ProgramData\Wallpaper.bmp
[2010.03.20 15:40:39 | 000,000,211 | ---- | C] () -- C:\ProgramData\untitled.wpl
[2010.03.20 15:34:19 | 000,034,998 | ---- | C] () -- C:\ProgramData\WPCLogo.bmp
[2010.03.20 15:34:19 | 000,015,446 | ---- | C] () -- C:\ProgramData\History.txt
[2010.03.20 15:34:19 | 000,010,672 | ---- | C] () -- C:\ProgramData\Readme.txt
[2010.03.20 15:34:19 | 000,001,402 | ---- | C] () -- C:\ProgramData\File_id.diz
[2010.01.31 12:09:29 | 000,000,156 | ---- | C] () -- C:\Users\birgit\AppData\Roaming\default.rss
[2010.01.29 21:00:08 | 034,503,088 | ---- | C] () -- C:\ProgramData\Nokia_PC_Suite_ger_web.exe
[2010.01.02 11:34:48 | 000,001,497 | ---- | C] () -- C:\ProgramData\JkDefragGUI.ini
[2010.01.02 11:34:07 | 002,575,069 | ---- | C] () -- C:\ProgramData\JkDefragGUI.exe
[2010.01.02 11:34:07 | 000,037,170 | ---- | C] () -- C:\ProgramData\ChangeLog.txt
[2010.01.02 11:34:07 | 000,001,472 | ---- | C] () -- C:\ProgramData\ReadMeFirst.txt
[2009.12.24 11:06:41 | 000,263,115 | ---- | C] () -- C:\ProgramData\Alex7b.wsz
[2009.12.04 18:32:52 | 017,363,313 | ---- | C] () -- C:\ProgramData\aol.exe
[2009.11.23 19:21:55 | 000,477,527 | ---- | C] () -- C:\ProgramData\DivXInstaller.exe
[2009.11.14 15:48:44 | 023,207,088 | ---- | C] () -- C:\ProgramData\PdfGrabber_Setup.exe
[2009.11.14 15:27:23 | 000,754,344 | ---- | C] () -- C:\ProgramData\advancedpdf2word_trial.exe
[2009.10.26 22:23:45 | 003,267,488 | ---- | C] () -- C:\ProgramData\Pandora211Recovery.exe
[2009.10.26 22:17:55 | 000,056,832 | ---- | C] () -- C:\ProgramData\file-recovery-pro-DEMO.exe
[2009.10.26 22:17:55 | 000,000,875 | ---- | C] () -- C:\ProgramData\file-recovery-pro-DEMO.ini
[2009.10.26 22:17:54 | 011,109,376 | ---- | C] () -- C:\ProgramData\file-recovery-pro-DEMO_German.msi
[2009.10.26 22:17:54 | 011,102,720 | ---- | C] () -- C:\ProgramData\file-recovery-pro-DEMO.msi
[2009.10.26 22:13:44 | 021,047,280 | ---- | C] () -- C:\ProgramData\file-recovery-pro36-demo.zip
[2009.10.10 14:12:51 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2009.10.10 14:09:23 | 012,621,312 | ---- | C] () -- C:\ProgramData\gs870w32.exe
[2009.10.10 14:05:10 | 001,720,832 | ---- | C] () -- C:\ProgramData\FreePDF4.02.EXE
[2009.10.10 11:49:52 | 000,599,173 | ---- | C] () -- C:\ProgramData\PDFBlenderSetup1.1.2.exe
[2009.10.03 17:58:13 | 001,275,896 | ---- | C] () -- C:\ProgramData\setup.exe
[2009.10.03 17:30:51 | 000,000,088 | RHS- | C] () -- C:\ProgramData\AD7517B469.sys
[2009.10.03 17:30:50 | 000,002,516 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2009.09.29 18:18:31 | 000,000,402 | ---- | C] () -- C:\Users\birgit\AppData\Roaming\wklnhst.dat
[2009.09.21 19:01:09 | 000,246,767 | ---- | C] () -- C:\ProgramData\VirtualDub.chm
[2009.09.21 19:01:09 | 000,219,510 | ---- | C] () -- C:\ProgramData\VirtualDub.vdi
[2009.09.21 19:01:09 | 000,018,321 | ---- | C] () -- C:\ProgramData\copying
[2009.09.21 19:01:08 | 002,658,816 | ---- | C] () -- C:\ProgramData\VirtualDub.exe
[2009.07.01 18:57:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.06.27 14:58:17 | 076,559,360 | ---- | C] () -- C:\ProgramData\WolfQuest_Win20090606.msi
[2009.06.20 15:54:00 | 076,342,784 | ---- | C] () -- C:\ProgramData\WolfQuest_Win20080717.msi
[2009.06.16 14:03:58 | 000,053,248 | ---- | C] () -- C:\Windows\System32\dossec.dll
[2009.05.21 20:07:42 | 001,048,200 | ---- | C] () -- C:\ProgramData\MoveMediaPlayer_071303000004.exe
[2009.04.18 19:32:26 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2009.01.06 15:04:44 | 000,507,904 | ---- | C] () -- C:\ProgramData\pro.exe
[2008.12.28 19:19:34 | 004,998,707 | ---- | C] () -- C:\ProgramData\flvplayer_setup.exe
[2008.12.25 19:43:22 | 003,659,444 | ---- | C] () -- C:\ProgramData\FileZilla_3.1.3.1_win32-setup.exe
[2008.11.22 10:42:54 | 001,471,839 | ---- | C] () -- C:\ProgramData\wrar380d.exe
[2008.09.28 15:43:24 | 000,003,688 | ---- | C] () -- C:\Windows\ULEAD32.INI
[2008.08.26 19:24:32 | 000,159,744 | ---- | C] () -- C:\Users\birgit\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.06.16 17:35:04 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008.06.16 17:30:38 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX6000EFDG.ini
[2008.05.14 18:12:18 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2008.05.14 09:59:10 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini
[2008.05.14 09:59:10 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini
[2008.05.14 09:30:43 | 000,007,484 | ---- | C] () -- C:\Users\birgit\AppData\Local\d3d9caps.dat
[2008.02.04 19:23:10 | 000,693,792 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL
[2007.05.07 10:41:16 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll
[2007.05.07 09:22:38 | 000,000,834 | ---- | C] () -- C:\Windows\generic.ini
[2007.05.07 09:22:38 | 000,000,132 | ---- | C] () -- C:\Windows\Alaunch.ini
[2007.05.07 01:07:10 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll
[2007.02.06 23:58:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007.02.06 23:57:58 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007.02.06 23:57:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007.02.06 23:56:30 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007.02.06 23:56:28 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007.02.06 23:52:08 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006.12.25 15:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.01.19 10:30:54 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
 
========== LOP Check ==========
 
[2010.06.16 18:38:32 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\1morebee
[2009.06.13 10:38:22 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Anabel
[2009.10.26 14:29:47 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Any Video Converter
[2009.07.08 18:48:52 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Ashtons Family Resort
[2008.10.14 20:12:03 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\BeachPartyCraze
[2008.10.04 18:07:01 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Big Fish Games
[2008.12.28 16:00:49 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\BloodTies
[2009.12.04 19:09:44 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Blumentals
[2009.05.06 17:58:13 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Boolat Games
[2009.03.08 21:47:24 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Boomzap
[2008.09.25 18:01:15 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Canneverbe_Limited
[2010.01.24 13:51:23 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\COWON
[2009.09.09 17:50:48 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Developer
[2010.05.16 13:33:50 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Droppix
[2010.08.22 13:39:16 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\DVDVideoSoftIEHelpers
[2008.12.27 22:55:36 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\eGames
[2009.05.02 10:23:56 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\EleFun Games
[2009.01.06 12:52:34 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\EPSON
[2008.12.25 20:06:54 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\FileZilla
[2009.03.10 19:56:48 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Flood Light Games
[2008.12.26 17:45:17 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Gaijin Ent
[2009.03.07 16:34:19 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Gamelab
[2009.03.10 17:26:28 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Games
[2008.11.08 13:44:33 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Go-Go Gourmet Chef of the Year
[2009.09.26 12:54:04 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\gtk-2.0
[2010.08.22 12:24:45 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\ICQ
[2009.04.19 12:21:24 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\InterVideo
[2008.06.18 20:42:11 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Jane s Hotel  Family Hero
[2010.06.22 18:10:15 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Jane s ZOO
[2008.08.30 09:50:14 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Jasc
[2009.12.05 17:11:57 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\LG Electronics
[2008.12.14 19:22:06 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Meridian93
[2009.07.30 19:37:02 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Miranda
[2009.10.04 09:23:00 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Movienizer
[2010.05.22 15:27:31 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\muvee Technologies
[2008.06.01 15:37:28 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\MysteryStudio
[2010.08.09 18:55:24 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\NevoSoft Games
[2010.07.24 11:19:11 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Nokia
[2010.01.06 22:28:54 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\oberon
[2009.02.19 12:35:21 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Oberon Games
[2010.06.22 17:33:24 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Oberon Janes ZOO
[2008.09.14 10:21:59 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\OpenOffice.org
[2010.01.27 19:09:11 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Opera
[2009.10.26 22:24:13 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\PandoraRecovery
[2010.07.23 18:34:43 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\PC Suite
[2008.12.27 11:10:59 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Pirateville
[2009.11.14 16:20:48 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\PixelPlanet
[2010.01.20 20:14:41 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\PlayFirst
[2010.04.03 16:04:30 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\SPIL Games
[2009.09.29 18:18:35 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Template
[2009.11.28 12:33:45 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Thunderbird
[2010.09.02 22:49:31 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\TrojanHunter
[2008.08.26 19:23:57 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\TrueCrypt
[2008.12.13 16:47:06 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Valusoft
[2010.05.23 11:13:47 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Video DVD Maker FREE
[2009.03.08 21:23:03 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\ViquaSoft
[2009.02.20 16:41:11 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Wildlife Park 2 - Abenteuer auf der Ranch
[2009.02.20 23:02:23 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Wildlife Park 2 - Crazy Zoo
[2009.02.20 22:22:38 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Wildlife Park 2 - Marine World
[2010.04.03 16:04:40 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\YoudaGames
[2010.08.10 18:30:18 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Zylom
[2010.09.05 19:11:33 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.06.16 18:38:32 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\1morebee
[2009.12.06 16:32:33 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Adobe
[2008.05.27 19:32:09 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\AdobeUM
[2009.06.13 10:38:22 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Anabel
[2009.10.26 14:29:47 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Any Video Converter
[2009.04.11 09:24:43 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Apple Computer
[2009.07.08 18:48:52 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Ashtons Family Resort
[2008.05.14 10:05:09 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\ATI
[2008.10.14 20:12:03 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\BeachPartyCraze
[2008.10.04 18:07:01 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Big Fish Games
[2008.05.31 09:03:15 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\BigFish
[2008.12.28 16:00:49 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\BloodTies
[2009.12.04 19:09:44 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Blumentals
[2009.05.06 17:58:13 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Boolat Games
[2009.03.08 21:47:24 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Boomzap
[2008.09.25 18:01:15 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Canneverbe_Limited
[2009.10.03 17:33:36 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Corel
[2010.01.24 13:51:23 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\COWON
[2010.06.03 10:56:23 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\CyberLink
[2009.09.09 17:50:48 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Developer
[2010.06.04 16:31:01 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\DivX
[2009.08.22 15:45:11 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Download Manager
[2010.05.16 13:33:50 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Droppix
[2010.08.26 19:09:02 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\dvdcss
[2010.08.22 13:39:16 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\DVDVideoSoftIEHelpers
[2008.12.27 22:55:36 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\eGames
[2009.05.02 10:23:56 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\EleFun Games
[2009.01.06 12:52:34 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\EPSON
[2008.12.25 20:06:54 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\FileZilla
[2009.03.10 19:56:48 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Flood Light Games
[2008.12.26 17:45:17 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Gaijin Ent
[2009.03.07 16:34:19 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Gamelab
[2009.03.10 17:26:28 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Games
[2008.11.08 13:44:33 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Go-Go Gourmet Chef of the Year
[2009.09.26 12:54:04 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\gtk-2.0
[2010.08.22 12:24:45 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\ICQ
[2010.08.10 18:30:19 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Identities
[2008.05.21 19:53:33 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\InstallShield
[2009.04.19 12:21:24 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\InterVideo
[2008.06.18 20:42:11 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Jane s Hotel  Family Hero
[2010.06.22 18:10:15 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Jane s ZOO
[2008.08.30 09:50:14 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Jasc
[2009.12.05 17:11:57 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\LG Electronics
[2008.05.31 15:39:26 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Macromedia
[2010.09.04 18:54:06 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Media Center Programs
[2010.05.23 12:53:30 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Media Player Classic
[2008.12.14 19:22:06 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Meridian93
[2010.08.14 11:16:28 | 000,000,000 | --SD | M] -- C:\Users\birgit\AppData\Roaming\Microsoft
[2008.09.20 14:49:38 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Microsoft Games
[2009.07.30 19:37:02 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Miranda
[2009.05.21 20:07:50 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Move Networks
[2009.10.04 09:23:00 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Movienizer
[2009.11.19 18:34:30 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Mozilla
[2010.05.22 15:27:31 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\muvee Technologies
[2008.06.01 15:37:28 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\MysteryStudio
[2008.09.09 21:55:50 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\NCH Software
[2010.05.16 15:09:15 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Nero
[2010.08.09 18:55:24 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\NevoSoft Games
[2010.07.24 11:19:11 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Nokia
[2010.01.06 22:28:54 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\oberon
[2009.02.19 12:35:21 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Oberon Games
[2010.06.22 17:33:24 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Oberon Janes ZOO
[2008.09.14 10:21:59 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\OpenOffice.org
[2010.01.27 19:09:11 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Opera
[2009.10.26 22:24:13 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\PandoraRecovery
[2010.07.23 18:34:43 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\PC Suite
[2008.12.27 11:10:59 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Pirateville
[2009.11.14 16:20:48 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\PixelPlanet
[2010.01.20 20:14:41 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\PlayFirst
[2010.03.08 18:30:27 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Real
[2008.12.14 14:41:17 | 000,000,000 | RH-D | M] -- C:\Users\birgit\AppData\Roaming\SecuROM
[2009.10.08 18:43:07 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\skypePM
[2010.04.03 16:04:30 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\SPIL Games
[2009.09.29 18:18:35 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Template
[2009.11.28 12:33:45 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Thunderbird
[2010.09.02 22:49:31 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\TrojanHunter
[2008.08.26 19:23:57 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\TrueCrypt
[2008.12.13 16:47:06 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Valusoft
[2010.05.23 11:13:47 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Video DVD Maker FREE
[2009.03.08 21:23:03 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\ViquaSoft
[2009.04.09 18:49:17 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\vlc
[2009.02.20 16:41:11 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Wildlife Park 2 - Abenteuer auf der Ranch
[2009.02.20 23:02:23 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Wildlife Park 2 - Crazy Zoo
[2009.02.20 22:22:38 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Wildlife Park 2 - Marine World
[2008.11.22 10:46:01 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\WinRAR
[2010.04.03 16:04:40 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\YoudaGames
[2010.08.10 18:30:18 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Zylom
 
< %APPDATA%\*.exe /s >
[2008.05.29 08:03:08 | 000,037,176 | ---- | M] () -- C:\Users\birgit\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2009.10.26 22:19:03 | 000,590,336 | R--- | M] () -- C:\Users\birgit\AppData\Roaming\Microsoft\Installer\{0B45E11E-F9F2-4CC7-821A-BB1957EE14D4}\Icon0B45E11E.exe
[2009.02.12 20:37:34 | 000,097,144 | ---- | M] () -- C:\Users\birgit\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe
[2009.05.21 20:07:50 | 000,034,062 | ---- | M] () -- C:\Users\birgit\AppData\Roaming\Move Networks\ie_bin\Uninst.exe
[2007.08.29 16:36:06 | 000,167,424 | ---- | M] () -- C:\Users\birgit\AppData\Roaming\NCH Software\Components\aacdec\aacdec.exe
[2007.08.29 16:36:00 | 000,110,592 | ---- | M] () -- C:\Users\birgit\AppData\Roaming\NCH Software\Components\mp3el\mp3enc.exe
[2010.03.03 18:20:08 | 000,443,912 | ---- | M] (RealNetworks, Inc.) -- C:\Users\birgit\AppData\Roaming\Real\Update\setup3.10\setup.exe
[2010.03.04 18:06:21 | 000,079,368 | ---- | M] (RealNetworks, Inc.) -- C:\Users\birgit\AppData\Roaming\Real\Update\setup3.10\RUP\vista.exe
[2010.05.29 18:11:58 | 000,443,912 | ---- | M] (RealNetworks, Inc.) -- C:\Users\birgit\AppData\Roaming\Real\Update\setup3.11\setup.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: AHCIX86S.SYS  >
[2006.08.14 12:27:02 | 000,117,760 | ---- | M] (ATI Technologies Inc.) MD5=6241F2C3073FEAB1EB1BCEE7EEE7A95A -- C:\DRV\VGA_ATI_836\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.05.17 09:45:41 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[2008.05.17 09:45:41 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys
[2008.05.17 09:45:40 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll
[2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll
[2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.05.14 09:35:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.05.14 09:35:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll
[2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe
[2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2007.07.27 23:26:40 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll
[2009.06.16 14:03:58 | 000,053,248 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\dossec.dll
[2009.03.08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009.03.08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009.06.16 14:03:56 | 000,126,976 | ---- | M] ( ) Unable to obtain MD5 -- C:\Windows\System32\Interop.SHDocVw.dll
[2008.01.19 09:35:15 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\msvbvm60.dll
[2008.01.19 09:38:03 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2008.01.19 09:36:10 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_SVXWV4PVSVVVV8N4TFBRVDNPCLPTJBX9Y6LV9TXVVJVFJF5VVJV0
@Alternate Data Stream - 24 bytes -> C:\Windows:28623108D70BB416
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:1941675B
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:FD444D31
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:700CD00E
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:3A925163
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:997E6AF4
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:79F970BE
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:A94968B5
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:9CB2B6C5
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:51A22C60
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:CBEB737E
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:B83BF1A6
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:6A16A184
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:8EEE3BBB
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:25005EFA
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D2A5A561
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A42A9F39
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:3AE22B1A
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:273A8657
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:128A6DC9
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:E0AE69BE
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:6677D85A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:3447AB86
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:6A97C459
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:69FD6BF0
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:E1D818F7
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:CB0FEE2B
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:22313216
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A561576B
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:0CC7E693
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:6BD1DCDD
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:E1F04E8D
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:BE6DC701
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:77846FFE
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:5216CD26
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:BAC03849
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:9446E8B9
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D88D995C
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:98AE08EA
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:BDF08FAF
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:B14B4A95
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:87FA5E8A
< End of report >
--- --- ---

cosinus 05.09.2010 19:58
Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}  - No CLSID value found.
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Acer Tour]  File not found
@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_SVXWV4PVSVVVV8N4TFBRVDNPCLPTJBX9Y6LV9TXVVJVFJF5VVJV0
@Alternate Data Stream - 24 bytes -> C:\Windows:28623108D70BB416
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:1941675B
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:FD444D31
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:700CD00E
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:3A925163
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:997E6AF4
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:79F970BE
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:A94968B5
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:9CB2B6C5
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:51A22C60
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:CBEB737E
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:B83BF1A6
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:6A16A184
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:8EEE3BBB
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:25005EFA
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D2A5A561
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A42A9F39
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:3AE22B1A
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:273A8657
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:128A6DC9
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:E0AE69BE
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:6677D85A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:3447AB86
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:6A97C459
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:69FD6BF0
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:E1D818F7
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:CB0FEE2B
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:22313216
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A561576B
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:0CC7E693
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:6BD1DCDD
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:E1F04E8D
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:BE6DC701
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:77846FFE
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:5216CD26
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:BAC03849
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:9446E8B9
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D88D995C
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:98AE08EA
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:BDF08FAF
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:B14B4A95
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:87FA5E8A
:Commands
[purity]
[resethosts]
[emptytemp]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

LadyFreaky 05.09.2010 21:20
ist das normal, dass das jetzt so lang dauert???

bin auf run fix und seit dem steht
resetting hostfiles ...

wie lang soll das noch dauern?

cosinus 05.09.2010 21:22
Hast Du OTL wieder per Rechtsklick => als Admin ausführen gestartet?

LadyFreaky 05.09.2010 21:33
ja hab den code kopiert eingefügt bin auf run fix dann hat er kurz unten geladen .... dann kam irgendso ne meldung er könne host ... net finden und seit dem steht eben das was ich vorhin geschrieben habe und das ich nicht unterbrechen solll

cosinus 05.09.2010 21:38
Das wollte ich nicht wissen. Meine Frage war, ob Du OTL per Rechtsklickl, ausführen als Admin gestartet hast.

LadyFreaky 05.09.2010 21:40
ja hab ich

cosinus 05.09.2010 21:41
Ok, dann brich es mal ab und mach es nochmal aber mit diesem Text:

Code:
:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}  - No CLSID value found.
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Acer Tour]  File not found
@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_SVXWV4PVSVVVV8N4TFBRVDNPCLPTJBX9Y6LV9TXVVJVFJF5VVJV0
@Alternate Data Stream - 24 bytes -> C:\Windows:28623108D70BB416
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:1941675B
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:FD444D31
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:700CD00E
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:3A925163
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:997E6AF4
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:79F970BE
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:A94968B5
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:9CB2B6C5
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:51A22C60
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:CBEB737E
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:B83BF1A6
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:6A16A184
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:8EEE3BBB
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:25005EFA
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D2A5A561
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A42A9F39
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:3AE22B1A
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:273A8657
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:128A6DC9
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:E0AE69BE
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:6677D85A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:3447AB86
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:6A97C459
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:69FD6BF0
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:E1D818F7
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:CB0FEE2B
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:22313216
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A561576B
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:0CC7E693
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:6BD1DCDD
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:E1F04E8D
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:BE6DC701
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:77846FFE
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:5216CD26
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:BAC03849
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:9446E8B9
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D88D995C
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:98AE08EA
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:BDF08FAF
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:B14B4A95
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:87FA5E8A
:Commands
[emptytemp]

LadyFreaky 05.09.2010 21:59
soo, jetzt aber

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
File C:\Program Files\pdfforge Toolbar\SearchSettings.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\ not found.
File C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
File C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
File C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Acer Empowering Technology Monitor not found.
File C:\Acer\Empowering Technology\SysMonitor.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Acer Tour not found.
Unable to delete ADS C:\ProgramData:$SS_DESCRIPTOR_SVXWV4PVSVVVV8N4TFBRVDNPCLPTJBX9Y6LV9TXVVJVFJF5VVJV0 .
Unable to delete ADS C:\Windows:28623108D70BB416 .
Unable to delete ADS C:\ProgramData\TEMP:1941675B .
Unable to delete ADS C:\ProgramData\TEMP:FD444D31 .
Unable to delete ADS C:\ProgramData\TEMP:700CD00E .
Unable to delete ADS C:\ProgramData\TEMP:3A925163 .
Unable to delete ADS C:\ProgramData\TEMP:997E6AF4 .
Unable to delete ADS C:\ProgramData\TEMP:79F970BE .
Unable to delete ADS C:\ProgramData\TEMP:A94968B5 .
Unable to delete ADS C:\ProgramData\TEMP:9CB2B6C5 .
Unable to delete ADS C:\ProgramData\TEMP:51A22C60 .
Unable to delete ADS C:\ProgramData\TEMP:CBEB737E .
Unable to delete ADS C:\ProgramData\TEMP:B83BF1A6 .
Unable to delete ADS C:\ProgramData\TEMP:6A16A184 .
Unable to delete ADS C:\ProgramData\TEMP:4F636E25 .
Unable to delete ADS C:\ProgramData\TEMP:8EEE3BBB .
Unable to delete ADS C:\ProgramData\TEMP:25005EFA .
Unable to delete ADS C:\ProgramData\TEMP:D2A5A561 .
Unable to delete ADS C:\ProgramData\TEMP:A42A9F39 .
Unable to delete ADS C:\ProgramData\TEMP:3AE22B1A .
Unable to delete ADS C:\ProgramData\TEMP:273A8657 .
Unable to delete ADS C:\ProgramData\TEMP:128A6DC9 .
Unable to delete ADS C:\ProgramData\TEMP:E0AE69BE .
Unable to delete ADS C:\ProgramData\TEMP:6677D85A .
Unable to delete ADS C:\ProgramData\TEMP:3447AB86 .
Unable to delete ADS C:\ProgramData\TEMP:6A97C459 .
Unable to delete ADS C:\ProgramData\TEMP:69FD6BF0 .
Unable to delete ADS C:\ProgramData\TEMP:E1D818F7 .
Unable to delete ADS C:\ProgramData\TEMP:CB0FEE2B .
Unable to delete ADS C:\ProgramData\TEMP:22313216 .
Unable to delete ADS C:\ProgramData\TEMP:A561576B .
Unable to delete ADS C:\ProgramData\TEMP:0CC7E693 .
Unable to delete ADS C:\ProgramData\TEMP:6BD1DCDD .
Unable to delete ADS C:\ProgramData\TEMP:E1F04E8D .
Unable to delete ADS C:\ProgramData\TEMP:BE6DC701 .
Unable to delete ADS C:\ProgramData\TEMP:77846FFE .
Unable to delete ADS C:\ProgramData\TEMP:5216CD26 .
Unable to delete ADS C:\ProgramData\TEMP:BAC03849 .
Unable to delete ADS C:\ProgramData\TEMP:9446E8B9 .
Unable to delete ADS C:\ProgramData\TEMP:D88D995C .
Unable to delete ADS C:\ProgramData\TEMP:98AE08EA .
Unable to delete ADS C:\ProgramData\TEMP:BDF08FAF .
Unable to delete ADS C:\ProgramData\TEMP:B14B4A95 .
Unable to delete ADS C:\ProgramData\TEMP:87FA5E8A .
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: birgit
->Temp folder emptied: 100084903 bytes
->Temporary Internet Files folder emptied: 1342712 bytes
->Java cache emptied: 67547406 bytes
->FireFox cache emptied: 96548257 bytes
->Google Chrome cache emptied: 8834417 bytes
->Opera cache emptied: 8580 bytes
->Flash cache emptied: 48483 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 50611 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 262,00 mb


OTL by OldTimer - Version 3.2.11.0 log created on 09052010_225216

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\CLDigitalHome\PCMMediaServer.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...

cosinus 06.09.2010 07:17
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

LadyFreaky 06.09.2010 09:54
also das runterladen
cc-Cleaner (den ich eh hab) drüberlaufen lassen

nein ich bin nicht blond aber mit
Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

meinst du damit Kaspersky vorübergehend zu deaktivieren? oder einfach Fenster von Kasp net offen haben, genauso bei dem Browsern?!

kann ich aber dann erst heute Abend durchführen bin grad net an meinem PC ...

Wollt mich schon mal zwischenzeitlich für deine Hilfe bedanken!!!

cosinus 06.09.2010 11:21
Zitat:
meinst du damit Kaspersky vorübergehend zu deaktivieren?
Ja, Kaspersky muss komplett deaktiviert werden, damit es CF nicht beeinflussen kann.

LadyFreaky 06.09.2010 11:50
sobald mir CF die TXT Datei geöffnet hat, kann ich Kasp wieder einschalten oder noch warten?!

Sorry für die blöden Fragen, aber hab weder Kasp. jemals einfach so abgedreht, noch ein Programm benutzt das bei falscher Handhabung zu Schaden führen kann. Von daher will ich lieber alles vorher geklärt wissen "gg"

Mit Browser schließen meinst du da auch das Modem abdrehen, bzw. Kabel vom PC ziehen?!

cosinus 06.09.2010 12:42
Kaspersky kannst Du einschalten wenn ich es Dir sage ;)

LadyFreaky 06.09.2010 13:56
wie lang wirst du heut in etwa noch im Forum on sein?

Komm erst so um 19:00 Uhr dazu damit zu beginnen

LadyFreaky 06.09.2010 17:59
so ich wer jetzt soweit .... wie lange bist du heut noch im Forum online?!

cosinus 06.09.2010 19:32
Poste doch erstmal das Log :balla:
Und Deine Fragen sind nicht nachvollziehbar, es sei denn Du verwechselst ein Forum mit einem Chat :stirn:

LadyFreaky 06.09.2010 19:36
ich wollt eben warten weil du gemeint hast kaspersky soll ich erst wieder aufdrehen wenn du es sagst .... und wollt ich eben dann net zu lange abgedreht lassen

das malewareprgrogramm ... arbeitet das selbstständig also muss ich das auch abdrehen?

LadyFreaky 06.09.2010 19:37
was ich vergessen hab: wie lang dauert der scan im normal fall?

cosinus 06.09.2010 20:05
Zitat:
was ich vergessen hab: wie lang dauert der scan im normal fall?
Kann man so pauschal nicht beantworten. Und den Virenscanner kann man "abgedreht" lassen, denn Schädlinge fliegen nicht einfach so von allein auf dem PC. Ein Virenscanner ist nur ein Hilfsmittel mehr nicht, aber nicht die entscheidende Komponente, um einen Windows-PC sauber zu halten.

LadyFreaky 06.09.2010 20:36
sooo vollbracht

Combofix Logfile:
Code:
ComboFix 10-09-06.01 - birgit 06.09.2010  20:59:40.1.3 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6001.1.1252.43.1031.18.3071.1215 [GMT 2:00]
ausgeführt von:: c:\users\birgit\Desktop\cofi.exe
SP: Windows-Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\aol.exe
c:\programdata\DivXInstaller.exe
c:\programdata\FFSetup230.exe
c:\programdata\flvplayer_setup.exe
c:\programdata\FreePDF4.02.EXE
c:\programdata\gs870w32.exe
c:\programdata\MoveMediaPlayer_071303000004.exe
c:\programdata\Pandora211Recovery.exe
c:\programdata\PDFBlenderSetup1.1.2.exe
c:\programdata\pro.exe
c:\programdata\setup.exe
c:\programdata\SoftonicDownloader50481.exe
c:\programdata\vdm328_free.exe
c:\programdata\wrar380d.exe

.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Boonty Games


(((((((((((((((((((((((  Dateien erstellt von 2010-08-06 bis 2010-09-06  ))))))))))))))))))))))))))))))
.

2010-09-06 19:13 . 2010-09-06 19:13        --------        d-----w-        c:\users\Default\AppData\Local\temp
2010-09-06 16:37 . 2010-09-06 16:37        --------        d-----w-        c:\program files\CCleaner
2010-09-05 19:19 . 2010-09-05 19:19        --------        d-----w-        C:\_OTL
2010-09-04 16:54 . 2010-09-04 16:54        --------        d-----w-        c:\users\birgit\AppData\Roaming\Malwarebytes
2010-09-04 16:53 . 2010-04-29 10:19        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-04 16:53 . 2010-09-04 16:53        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2010-09-04 16:53 . 2010-09-04 16:53        --------        d-----w-        c:\programdata\Malwarebytes
2010-09-04 16:53 . 2010-04-29 10:19        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-09-02 20:49 . 2010-09-02 20:49        --------        d-----w-        c:\users\birgit\AppData\Roaming\TrojanHunter
2010-09-02 20:45 . 2010-09-04 14:40        --------        d-----w-        c:\program files\TrojanHunter 5.3
2010-08-29 12:12 . 2010-08-29 13:10        --------        d-----w-        c:\temp\dvd-out
2010-08-13 14:37 . 2010-05-27 19:16        81920        ----a-w-        c:\windows\system32\iccvid.dll
2010-08-13 14:37 . 2010-06-11 15:31        274432        ----a-w-        c:\windows\system32\schannel.dll
2010-08-13 14:37 . 2010-06-21 13:18        2036736        ----a-w-        c:\windows\system32\win32k.sys
2010-08-13 14:37 . 2010-06-18 16:43        36352        ----a-w-        c:\windows\system32\rtutils.dll
2010-08-13 14:37 . 2010-06-08 17:00        3598216        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2010-08-13 14:37 . 2010-06-08 17:00        3545992        ----a-w-        c:\windows\system32\ntoskrnl.exe
2010-08-13 14:37 . 2010-06-11 15:30        1257472        ----a-w-        c:\windows\system32\msxml3.dll
2010-08-13 14:37 . 2010-06-18 14:43        302080        ----a-w-        c:\windows\system32\drivers\srv.sys
2010-08-13 14:37 . 2010-06-18 14:43        144896        ----a-w-        c:\windows\system32\drivers\srv2.sys
2010-08-13 14:37 . 2010-06-16 15:59        898952        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2010-08-10 16:30 . 2010-08-10 16:52        --------        d-----w-        c:\programdata\VirtualFarm

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-06 19:17 . 2008-05-14 18:00        --------        d-----w-        c:\programdata\Kaspersky Lab
2010-09-06 19:14 . 2010-02-18 15:45        12        ----a-w-        c:\windows\bthservsdp.dat
2010-09-06 17:06 . 2006-11-02 15:33        628504        ----a-w-        c:\windows\system32\perfh007.dat
2010-09-06 17:06 . 2006-11-02 15:33        126054        ----a-w-        c:\windows\system32\perfc007.dat
2010-09-06 16:36 . 2010-09-06 16:36        3427248        ----a-w-        c:\programdata\ccsetup235.exe
2010-09-06 16:36 . 2010-09-06 16:36        3427248        ----a-w-        c:\programdata\ccsetup235.exe
2010-09-05 19:19 . 2010-04-17 13:53        --------        d-----w-        c:\program files\pdfforge Toolbar
2010-09-05 17:05 . 2009-04-09 17:08        --------        d-----w-        c:\program files\Common Files\DVDVideoSoft
2010-09-05 17:03 . 2008-10-28 17:38        --------        d-----w-        c:\programdata\GamesBar
2010-09-05 17:03 . 2008-06-18 17:42        --------        d-----w-        c:\program files\GamesBar
2010-09-05 16:55 . 2008-05-14 07:30        --------        d-----w-        c:\program files\Yahoo!
2010-09-04 16:52 . 2010-09-04 16:52        6153648        ----a-w-        c:\programdata\mbam-setup.exe
2010-09-04 16:52 . 2010-09-04 16:52        6153648        ----a-w-        c:\programdata\mbam-setup.exe
2010-09-02 20:44 . 2010-09-02 20:44        22489640        ----a-w-        c:\programdata\TrojanHunter53Setup.exe
2010-09-02 20:44 . 2010-09-02 20:44        22489640        ----a-w-        c:\programdata\TrojanHunter53Setup.exe
2010-08-28 07:54 . 2010-05-08 14:03        57344        ----a-w-        c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-08-28 07:53 . 2010-08-28 07:53        56765        ----a-w-        c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-08-28 07:53 . 2010-05-08 14:01        --------        d-----w-        c:\programdata\DivX
2010-08-28 07:53 . 2008-11-01 12:32        --------        d-----w-        c:\program files\DivX
2010-08-28 07:53 . 2010-08-28 07:53        56997        ----a-w-        c:\programdata\DivX\WebPlayer\Uninstaller.exe
2010-08-28 07:53 . 2010-08-28 07:53        53600        ----a-w-        c:\programdata\DivX\Update\Uninstaller.exe
2010-08-28 07:53 . 2010-08-28 07:53        57691        ----a-w-        c:\programdata\DivX\Player\Uninstaller.exe
2010-08-28 07:53 . 2010-08-28 07:53        84063        ----a-w-        c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-08-28 07:53 . 2010-08-28 07:53        54153        ----a-w-        c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-08-28 07:52 . 2010-08-28 07:53        185640        ----a-w-        c:\programdata\DivX\Setup\finishPlugin.dll
2010-08-28 07:52 . 2010-08-28 07:52        144696        ----a-w-        c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.exe
2010-08-28 07:52 . 2010-05-08 14:02        1062184        ----a-w-        c:\programdata\DivX\Setup\Resource.dll
2010-08-28 07:52 . 2010-05-08 14:02        850200        ----a-w-        c:\programdata\DivX\Setup\DivXSetup.exe
2010-08-26 17:09 . 2009-04-09 16:48        --------        d-----w-        c:\users\birgit\AppData\Roaming\dvdcss
2010-08-25 15:09 . 2010-08-25 15:09        15376        ----a-w-        c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\clldr.dll
2010-08-25 15:09 . 2010-08-25 15:09        15376        ----a-w-        c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\clldr.dll
2010-08-24 15:13 . 2010-02-06 12:16        --------        d-----w-        c:\program files\ICQ7.0
2010-08-22 11:39 . 2010-07-25 11:08        --------        d-----w-        c:\users\birgit\AppData\Roaming\DVDVideoSoftIEHelpers
2010-08-22 11:38 . 2009-04-09 17:08        --------        d-----w-        c:\program files\DVDVideoSoft
2010-08-22 11:37 . 2010-08-22 11:37        18088968        ----a-w-        c:\programdata\FreeYouTubeToMp3Converter.exe
2010-08-22 11:37 . 2010-08-22 11:37        18088968        ----a-w-        c:\programdata\FreeYouTubeToMp3Converter.exe
2010-08-22 10:24 . 2008-05-15 18:04        --------        d-----w-        c:\users\birgit\AppData\Roaming\ICQ
2010-08-18 17:31 . 2010-08-18 17:31        170584        ----a-w-        c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\prloader.dll
2010-08-18 17:31 . 2010-08-18 17:31        311680        ----a-w-        c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\avp.exe
2010-08-15 17:24 . 2010-08-15 17:24        52224        ----a-w-        c:\users\birgit\AppData\Roaming\Mozilla\Firefox\Profiles\wuaw9i8h.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
2010-08-15 17:24 . 2010-08-15 17:24        101376        ----a-w-        c:\users\birgit\AppData\Roaming\Mozilla\Firefox\Profiles\wuaw9i8h.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
2010-08-14 08:03 . 2007-05-06 22:57        --------        d-----w-        c:\programdata\Microsoft Help
2010-08-14 08:02 . 2006-11-02 11:18        --------        d-----w-        c:\program files\Windows Mail
2010-08-10 16:30 . 2008-05-25 07:34        --------        d-----w-        c:\users\birgit\AppData\Roaming\Zylom
2010-08-09 16:55 . 2010-01-06 19:25        --------        d-----w-        c:\users\birgit\AppData\Roaming\NevoSoft Games
2010-08-07 07:52 . 2009-07-01 16:52        --------        d-----w-        c:\programdata\Skype
2010-08-07 07:50 . 2010-02-18 15:47        --------        d-----w-        c:\program files\Common Files\Nokia
2010-08-07 07:50 . 2010-02-18 15:40        --------        d-----w-        c:\program files\Nokia
2010-08-06 18:37 . 2010-08-06 18:37        11971973        ----a-w-        c:\programdata\FreeVideoToMp3Converter40.exe
2010-08-06 18:37 . 2010-08-06 18:37        11971973        ----a-w-        c:\programdata\FreeVideoToMp3Converter40.exe
2010-08-06 16:14 . 2009-12-20 18:09        --------        d-----w-        c:\program files\Messenger Plus! Live
2010-07-31 10:19 . 2010-05-05 15:49        97549        ----a-w-        c:\windows\system32\drivers\klick.dat
2010-07-31 10:19 . 2010-05-05 15:49        113933        ----a-w-        c:\windows\system32\drivers\klin.dat
2010-07-24 09:19 . 2010-01-29 19:15        --------        d-----w-        c:\users\birgit\AppData\Roaming\Nokia
2010-07-24 09:18 . 2010-07-24 09:18        --------        d-----w-        c:\programdata\Nokia
2010-07-24 09:11 . 2010-01-29 19:15        --------        d-----w-        c:\programdata\PC Suite
2010-07-24 09:11 . 2010-07-24 09:11        0        ---ha-w-        c:\windows\system32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
2010-07-24 09:02 . 2010-07-24 09:02        --------        d-----w-        c:\program files\PC Connectivity Solution
2010-07-24 08:53 . 2010-07-24 08:53        12212040        ----a-w-        c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2010-07-24 08:53 . 2010-07-24 08:53        13930312        ----a-w-        c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2010-07-24 08:53 . 2010-07-24 08:53        77824        ----a-w-        c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-07-24 08:53 . 2010-07-24 08:53        38912        ----a-w-        c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMF11Runx86.exe
2010-07-24 08:53 . 2010-07-24 08:53        38912        ----a-w-        c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMF11Runx64.exe
2010-07-24 08:53 . 2010-07-24 08:53        50000        ----a-w-        c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\pcswpc.exe
2010-07-24 08:52 . 2010-07-24 08:52        --------        d-----w-        c:\programdata\NokiaInstallerCache
2010-07-24 08:49 . 2010-07-24 08:53        103412296        ----a-w-        c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer.exe
2010-07-23 16:34 . 2010-01-29 19:15        --------        d-----w-        c:\users\birgit\AppData\Roaming\PC Suite
2010-07-13 15:41 . 2010-07-13 15:41        --------        d-----w-        c:\programdata\Kristanix Games
2010-07-13 15:32 . 2010-07-13 15:07        --------        d-----w-        c:\programdata\FarmFrenzy3_Arctica
2010-06-26 06:05 . 2010-08-13 14:38        916480        ----a-w-        c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-13 14:38        109056        ----a-w-        c:\windows\system32\iesysprep.dll
2010-06-26 06:02 . 2010-08-13 14:38        71680        ----a-w-        c:\windows\system32\iesetup.dll
2010-06-26 04:25 . 2010-08-13 14:38        133632        ----a-w-        c:\windows\system32\ieUnatt.exe
2010-06-15 15:21 . 2010-06-15 15:21        129624        ----a-w-        c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mmpprtc.dll
2009-07-14 18:21 . 2009-07-14 18:20        347432        ----a-w-        c:\program files\WINWORD.EXE
2010-05-05 15:51 . 2010-05-05 15:51        604140        --sha-w-        c:\windows\System32\drivers\ISwift3.dat
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2010-03-18 187192]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"NokiaOviSuite2"="c:\program files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe" [2010-07-02 671608]
"Google Update"="c:\users\birgit\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-08-06 136176]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaMServer"="c:\program files\Common Files\Nokia\MPlatform\NokiaMServer" [X]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 464168]
"Skytel"="Skytel.exe" [2007-06-15 1826816]
"PlayMovie"="c:\program files\Acer Arcade Live\Acer PlayMovie\PMVService.exe" [2007-07-13 178280]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552]
"PicPick Start"="c:\screenshoots\Picpick\picpick.exe" [2009-04-14 914432]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2009-09-05 385024]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"PrintArtist"="c:\program files\Avanquest\Print Artist Platinum\ReminderApp.exe" [2009-07-02 144664]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-08 202256]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2010-01-07 974848]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2010-08-18 311680]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2010-04-19 106496]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-08-20 1164584]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-02-15 151552]

c:\users\birgit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-5-7 528384]
PCM Media Sharing.lnk - c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe [2007-5-7 200812]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~2\mzvkbd3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-12-15 33808]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-05-15 21008]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Live\Acer PlayMovie\000.fcl [2007-08-31 39408]
S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2007-04-04 266343]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2010-01-07 380928]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-05-16 19472]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper        REG_MULTI_SZ          getPlusHelper
bthsvcs        REG_MULTI_SZ          BthServ
.
Inhalt des "geplante Tasks" Ordners

2010-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-99989120-414168423-3571821316-1000Core.job
- c:\users\birgit\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-06 18:03]

2010-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-99989120-414168423-3571821316-1000UA.job
- c:\users\birgit\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-06 18:03]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
mStart Page = hxxp://de.intl.acer.yahoo.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/su/*hxxp://de.yahoo.com
IE: Free YouTube Download - c:\users\birgit\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\birgit\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Hinzufügen zu Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Save YouTube Video - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm
FF - ProfilePath - c:\users\birgit\AppData\Roaming\Mozilla\Firefox\Profiles\wuaw9i8h.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
FF - prefs.js: browser.search.selectedEngine - LEO Eng-Deu
FF - prefs.js: browser.startup.homepage - chello.at
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
FF - component: c:\program files\Common Files\DVDVideoSoft\Dll\FFContextMenuY\components\FFContextMenu.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - component: c:\program files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll
FF - component: c:\program files\pdfforge Toolbar\SSFF\components\SearchSettingsFF.dll
FF - component: c:\programdata\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: c:\users\birgit\AppData\Roaming\Mozilla\Firefox\Profiles\wuaw9i8h.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\users\birgit\AppData\Roaming\Mozilla\Firefox\Profiles\wuaw9i8h.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
FF - component: c:\users\birgit\AppData\Roaming\Mozilla\Firefox\Profiles\wuaw9i8h.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
FF - component: c:\users\birgit\AppData\Roaming\Mozilla\Firefox\Profiles\wuaw9i8h.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}\components\FFExternalAlert.dll
FF - component: c:\users\birgit\AppData\Roaming\Mozilla\Firefox\Profiles\wuaw9i8h.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761}\components\RadioWMPCore.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\birgit\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\birgit\AppData\Roaming\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

BHO-{ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}  - (no file)
HKCU-Run-ICQ - ~c:\program files\ICQ7.0\ICQ.exe
HKLM-Run-eRecoveryService - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-{F37167DD-4436-4641-90B6-329D60632DDA} - c:\program files\InstallShield Installation Information\{F37167DD-4436-4641-90B6-329D60632DDA}\Setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-06 21:17
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Live\Acer PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-99989120-414168423-3571821316-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:71,4c,3b,bf,56,80,50,02,79,f6,c1,d9,17,8a,65,0e,a8,b9,e0,d2,61,be,1b,
  bb,62,18,3c,a3,4c,8c,68,c5,c6,e7,3d,b0,59,81,f3,d3,ed,cb,e6,c7,cb,65,b6,33,\
"??"=hex:14,b9,de,e2,71,1e,77,00,99,62,bc,41,e8,7c,95,79

[HKEY_USERS\S-1-5-21-99989120-414168423-3571821316-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
"datasecu"=hex:10,bc,2e,6b,8a,60,59,bb,af,c9,a8,85,a6,33,30,74,b5,97,c1,d7,2b,
  cc,cd,36,ba,00,25,86,ed,99,5b,94,30,4f,94,f6,5d,cb,58,fd,b8,cc,23,72,9e,de,\
"rkeysecu"=hex:b6,8a,44,25,46,c4,1b,56,d2,08,da,b3,29,f6,76,ef

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(5596)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\acer\Empowering Technology\ePerformance\MemCheck.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\acer\Empowering Technology\eDataSecurity\eDSService.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe
c:\windows\system32\WUDFHost.exe
c:\windows\RtHDVCpl.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
c:\acer\Empowering Technology\eRecovery\ERAGENT.EXE
c:\users\birgit\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
c:\program files\Common Files\Nokia\NoA\nokiaaserver.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-09-06  21:26:48 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-09-06 19:26

Vor Suchlauf: 27 Verzeichnis(se), 129.272.082.432 Bytes frei
Nach Suchlauf: 32 Verzeichnis(se), 128.939.151.360 Bytes frei

- - End Of File - - B4CC859B5A2951D22968EF090C0D95C5
--- --- ---



nur hab ich jetzt geschafft dass ich in keinen meiner browser mehr am pc rein komm ... irgendwas mit registrierungsschlüssel ...

cosinus 06.09.2010 20:41
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.

LadyFreaky 06.09.2010 20:46
dazu müsst ich erstmal einen meiner browser öffnen können :( ka was ich da verbockt hab aber es kommt:

Es wurde versucht ... einen registrierungsschlüssel einem unzuverlässigen Vorgang zu unterziehen, der zum löschen markiert wurde

kommt bei IE, firefox und chrome

cosinus 06.09.2010 20:52
Versuch es im abgesicherten Modus oder mit einem anderen Benutzerkonto, zB einem dass Du neu über die Systemsteuerung erstellst...

LadyFreaky 06.09.2010 21:01
ich habs geschafft dass ich auch nicht mehr in die systemsteuerung komm mit der gleichen meldung ... oh shit was ha ich da bitte vermasselt bei cccleaner :(

irgendwie geht gar nxi mehr wollt mir jetzt durch stick opera holen aber wenn ich öffne kommt auch das mit dem schlüssel

cosinus 06.09.2010 21:17
Abgesicherter Modus??

LadyFreaky 06.09.2010 21:23
und was mach ich dort dann?!

cosinus 06.09.2010 21:40
Waswohl, Du sollst es dort probieren!

LadyFreaky 06.09.2010 22:18
so hier erstmal das von osram

OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 23:16:31 on 06.09.2010

OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Kaspersky Lab" - C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskUserS-1-5-21-99989120-414168423-3571821316-1000Core.job" - "Google Inc." - C:\Users\birgit\AppData\Local\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskUserS-1-5-21-99989120-414168423-3571821316-1000UA.job" - "Google Inc." - C:\Users\birgit\AppData\Local\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"adfs" (adfs) - ? - C:\Windows\system32\drivers\adfs.sys  (File not found)
"catchme" (catchme) - ? - C:\cofi\catchme.sys  (File not found)
"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\fssfltr.sys
"int15" (int15) - ? - C:\Acer\Empowering Technology\eRecovery\int15.sys  (File found, but it contains no detailed information)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"Kaspersky Lab Driver" (KLIF) - "Kaspersky Lab" - C:\Windows\System32\DRIVERS\klif.sys
"kl1" (kl1) - "Kaspersky Lab" - C:\Windows\System32\DRIVERS\kl1.sys
"LGE Mobile Composite USB Device" (usbbus) - ? - C:\Windows\System32\DRIVERS\lgusbbus.sys  (File not found)
"LGE Mobile USB Modem" (USBModem) - ? - C:\Windows\System32\DRIVERS\lgusbmodem.sys  (File not found)
"LGE Mobile USB Serial Port" (UsbDiag) - ? - C:\Windows\System32\DRIVERS\lgusbdiag.sys  (File not found)
"PSDFilter" (PSDFilter) - "HiTRUST" - C:\Windows\System32\DRIVERS\psdfilter.sys
"PSDNSERVER" (PSDNServ) - "HiTRUST" - C:\Windows\System32\drivers\PSDNServ.sys
"psdvdisk" (psdvdisk) - "HiTRUST" - C:\Windows\System32\drivers\psdvdisk.sys
"truecrypt" (truecrypt) - "TrueCrypt Foundation" - C:\Windows\System32\drivers\truecrypt.sys
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\DRIVERS\NTIDrvr.sys
"{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}" ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) - "Cyberlink Corp." - C:\Program Files\Acer Arcade Live\Acer PlayMovie\000.fcl

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{8D1636FD-CA49-4B4E-90E4-0A20E03A15E8} "JetFlExt Class" - "JetAudio" - C:\Program Files\JetAudio\JetFlExt.dll
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -  (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - c:\program files\real\realplayer\rpshell.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{BD88A479-9623-4897-8546-BC62B9628F44} "SPTHandler" - ? -  (File not found | COM-object registry key not found)
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll
<binary data> "Acer eDataSecurity Management" - "HiTRUST" - C:\Windows\system32\eDStoolbar.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{EEE6C35D-6118-11DC-9C72-001320C79847} "SweetIM ToolbarURLSearchHook Class" - "SweetIM Technologies Ltd." - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} "Yahoo! Toolbar mit Pop-Up-Blocker" - ? -  (File not found | COM-object registry key not found)
{E312764E-7706-43F1-8DAB-FCDD2B1E416D} "{E312764E-7706-43F1-8DAB-FCDD2B1E416D}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} "a-squared Scanner" - "Emsi Software GmbH" - C:\Windows\DOWNLO~1\asquared.ocx / hxxp://ax.emsisoft.com/asquared.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -  (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} "{E2883E8F-472F-4FB0-9522-AC9BF37916A7}" - ? -  (File not found | COM-object registry key not found) / hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{4248FE82-7FCB-46AC-B270-339F08212110} "&Virtuelle Tastatur" - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
"ICQ7" - "ICQ, LLC." - C:\Program Files\ICQ7.0\ICQ.exe
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{CCF151D8-D089-449F-A5A4-D9909053F20F} "Li&nks untersuchen" - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll
<binary data> "Acer eDataSecurity Management" - "HiTRUST" - C:\Windows\system32\eDStoolbar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{E33CF602-D945-461A-83F0-819F76A199F8} "FilterBHO Class" - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} "IEVkbdBHO Class" - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} "ShowBarObj Class" - "HiTRUST" - C:\Windows\system32\ActiveToolBand.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Program Files\Windows Live\Toolbar\wltcore.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Users\birgit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Empowering Technology Launcher.lnk" - "Acer Inc." - C:\Acer\Empowering Technology\eAPLauncher.exe  (Shortcut exists | File exists)
"PCM Media Sharing.lnk" - ? - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Google Update" - "Google Inc." - "C:\Users\birgit\AppData\Local\Google\Update\GoogleUpdate.exe" /c
"NokiaOviSuite2" - "Nokia" - C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe -tray
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Acer Tour Reminder" - "Acer Inc." - C:\Acer\AcerTour\Reminder.exe
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AVP" - "Kaspersky Lab" - "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
"DivXUpdate" - ? - "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"eDataSecurity Loader" - "HiTRUST" - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
"FreePDF Assistant" - "shbox.de" - C:\Program Files\FreePDF_XP\fpassist.exe
"iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe"
"Malwarebytes Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"NokiaMServer" - "Nokia" - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
"PicPick Start" - ? - C:\Screenshoots\Picpick\picpick.exe  (File found, but it contains no detailed information)
"PlayMovie" - "CyberLink Corp." - "C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe"
"PrintArtist" - ? - "C:\Program Files\Avanquest\Print Artist Platinum\ReminderApp.exe" PrintArtist
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SearchSettings" - "Spigot, Inc." - C:\Program Files\pdfforge Toolbar\SearchSettings.exe
"StartCCC" - ? - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe  (File found, but it contains no detailed information)
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"SweetIM" - "SweetIM Technologies Ltd." - C:\Program Files\SweetIM\Messenger\SweetIM.exe
"TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
"WarReg_PopUp" - "Acer Inc." - C:\Acer\WR_PopUp\WarReg_PopUp.exe

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
"Redirected Port" - ? - C:\Windows\system32\redmonnt.dll  (File found, but it contains no detailed information)
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Program Files\NOS\bin\getPlus_Helper.dll,-101" (getPlusHelper) - "NOS Microsystems Ltd." - C:\Program Files\NOS\bin\getPlus_Helper.dll
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Acer HomeMedia Connect Service" (Acer HomeMedia Connect Service) - "CyberLink" - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
"Application Updater" (Application Updater) - "Spigot, Inc." - C:\Program Files\Application Updater\ApplicationUpdater.exe
"Bonjour-Dienst" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
"eDSService.exe" (eDataSecurity Service) - "HiTRSUT" - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
"ePerformance Service" (AcerMemUsageCheckService) - ? - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
"eRecovery Service" (eRecoveryService) - "Acer Inc." - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Kaspersky Internet Security" (AVP) - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"NMSAccessU" (NMSAccessU) - ? - C:\Program Files\CDBurnerXP\NMSAccessU.exe  (File found, but it contains no detailed information)
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
"ServiceLayer" (ServiceLayer) - "Nokia" - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
"Symantec Lic NetConnect service" (CLTNetCnService) - ? - "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon  (File not found)
"Windows Live Family Safety-Dienst" (fsssvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\Family Safety\fsssvc.exe

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"klogon" - "Kaspersky Lab" - C:\Windows\system32\klogon.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

LadyFreaky 06.09.2010 22:24
Hier das letzte

http://i52.tinypic.com/n530o3.jpg

cosinus 06.09.2010 22:32
Downloade Dir bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur eine Sekunde.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

LadyFreaky 06.09.2010 22:36
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: Acer
System Product Name: Aspire M3100
Logical Drives Mask: 0x000003fc

Kernel Drivers (total 144):
0x86A3C000 \SystemRoot\system32\ntkrnlpa.exe
0x86A09000 \SystemRoot\system32\hal.dll
0x80607000 \SystemRoot\system32\kdcom.dll
0x8060F000 \SystemRoot\system32\PSHED.dll
0x80620000 \SystemRoot\system32\BOOTVID.dll
0x80628000 \SystemRoot\system32\CLFS.SYS
0x80669000 \SystemRoot\system32\CI.dll
0x80749000 \SystemRoot\system32\drivers\Wdf01000.sys
0x807C5000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8E600000 \SystemRoot\system32\drivers\acpi.sys
0x8E646000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8E64F000 \SystemRoot\system32\drivers\msisadrv.sys
0x8E657000 \SystemRoot\system32\drivers\pci.sys
0x8E67E000 \SystemRoot\System32\drivers\partmgr.sys
0x8E68D000 \SystemRoot\system32\drivers\volmgr.sys
0x8E69C000 \SystemRoot\System32\drivers\volmgrx.sys
0x8E6E6000 \SystemRoot\system32\drivers\pciide.sys
0x8E6ED000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8E6FB000 \SystemRoot\System32\drivers\mountmgr.sys
0x8E70B000 \SystemRoot\system32\drivers\atapi.sys
0x8E713000 \SystemRoot\system32\drivers\ataport.SYS
0x8E731000 \SystemRoot\system32\drivers\fltmgr.sys
0x8E763000 \SystemRoot\system32\drivers\fileinfo.sys
0x8E773000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x8E77C000 \SystemRoot\system32\drivers\klbg.sys
0x8E787000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8E806000 \SystemRoot\system32\drivers\ndis.sys
0x8E911000 \SystemRoot\system32\drivers\msrpc.sys
0x8E93C000 \SystemRoot\system32\drivers\NETIO.SYS
0x8EA03000 \SystemRoot\System32\drivers\tcpip.sys
0x8EAEC000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8EC02000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8ED11000 \SystemRoot\system32\drivers\volsnap.sys
0x8ED4A000 \SystemRoot\System32\Drivers\spldr.sys
0x8ED52000 \SystemRoot\system32\drivers\psdvdisk.sys
0x8ED64000 \SystemRoot\system32\drivers\PSDNServ.sys
0x8ED6D000 \SystemRoot\System32\Drivers\mup.sys
0x8ED7C000 \SystemRoot\System32\drivers\ecache.sys
0x8EDA3000 \SystemRoot\system32\drivers\disk.sys
0x8EDB4000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8EDD5000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x8EDDD000 \SystemRoot\system32\drivers\crcdisk.sys
0x8EDE6000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8EDF1000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8EB07000 \SystemRoot\system32\DRIVERS\processr.sys
0x96808000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x96F30000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x96FCF000 \SystemRoot\System32\drivers\watchdog.sys
0x96FDC000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8EB16000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x8EB54000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x96FEE000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x96FF0000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8EB6C000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8EB76000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8EBB4000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8EBC3000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8EBD3000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8EBE1000 \SystemRoot\system32\DRIVERS\fdc.sys
0x8E976000 \SystemRoot\system32\DRIVERS\serial.sys
0x8EBEC000 \SystemRoot\system32\DRIVERS\serenum.sys
0x8E990000 \SystemRoot\system32\DRIVERS\parport.sys
0x8E9A8000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8EBF6000 \SystemRoot\system32\DRIVERS\klmouflt.sys
0x8E9BB000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8E9C6000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8E9D1000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x98003000 \SystemRoot\system32\DRIVERS\storport.sys
0x98044000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x9804F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x98066000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x98071000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x98094000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x980A3000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x980B7000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x980CC000 \SystemRoot\system32\DRIVERS\termdd.sys
0x980DC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x980DE000 \SystemRoot\system32\DRIVERS\ks.sys
0x98108000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x98112000 \SystemRoot\system32\DRIVERS\umbus.sys
0x9811F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x98153000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x98171000 \SystemRoot\system32\drivers\HdAudio.sys
0x981B0000 \SystemRoot\system32\drivers\portcls.sys
0x807D2000 \SystemRoot\system32\drivers\drmk.sys
0x9760B000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x97E03000 \SystemRoot\system32\DRIVERS\klif.sys
0x97E4C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x97E55000 \SystemRoot\System32\Drivers\Null.SYS
0x97E5C000 \SystemRoot\System32\Drivers\Beep.SYS
0x97E6C000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x97E73000 \SystemRoot\System32\drivers\vga.sys
0x97E7F000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x97EA0000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x97EA8000 \SystemRoot\system32\drivers\rdpencdd.sys
0x97EB0000 \SystemRoot\System32\Drivers\Msfs.SYS
0x97EBB000 \SystemRoot\System32\Drivers\Npfs.SYS
0x97EC9000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x97ED2000 \SystemRoot\system32\DRIVERS\tdx.sys
0x97EE8000 \SystemRoot\system32\DRIVERS\smb.sys
0x9880E000 \SystemRoot\system32\DRIVERS\kl1.sys
0x98D2E000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x98D40000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x98D42000 \SystemRoot\system32\drivers\afd.sys
0x98D8A000 \SystemRoot\System32\DRIVERS\netbt.sys
0x98DBC000 \SystemRoot\system32\DRIVERS\pacer.sys
0x98DD2000 \SystemRoot\system32\DRIVERS\klim6.sys
0x98DD9000 \SystemRoot\system32\DRIVERS\netbios.sys
0x98DE7000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x97EFC000 \SystemRoot\System32\drivers\truecrypt.sys
0x97F34000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x98800000 \SystemRoot\system32\drivers\nsiproxy.sys
0x97F70000 \SystemRoot\System32\Drivers\dfsc.sys
0x97F87000 \SystemRoot\System32\Drivers\fastfat.SYS
0x864C0000 \SystemRoot\System32\win32k.sys
0x97FAF000 \SystemRoot\System32\drivers\Dxapi.sys
0x97FB9000 \SystemRoot\system32\DRIVERS\monitor.sys
0x866E0000 \SystemRoot\System32\TSDDD.dll
0x86700000 \SystemRoot\System32\cdd.dll
0x86710000 \SystemRoot\System32\ATMFD.DLL
0x97FC8000 \SystemRoot\system32\drivers\luafv.sys
0x97FE3000 \SystemRoot\system32\drivers\WudfPf.sys
0xA3409000 \SystemRoot\system32\drivers\spsys.sys
0xA34B8000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA34C8000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA34DB000 \SystemRoot\system32\drivers\HTTP.sys
0xA3548000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA3565000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA357E000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA3593000 \SystemRoot\system32\drivers\mrxdav.sys
0xA35B3000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA3C01000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA3C3A000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA3C52000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA3C79000 \SystemRoot\System32\DRIVERS\srv.sys
0xA3CC7000 \SystemRoot\system32\DRIVERS\parvdm.sys
0xA3CCE000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
0xA3CDF000 \SystemRoot\system32\drivers\peauth.sys
0xA3DBD000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA3DC7000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA3DD3000 \??\C:\Program Files\Acer Arcade Live\Acer PlayMovie\000.fcl
0xA35D2000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x977D6000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x76FB0000 \Windows\System32\ntdll.dll

Processes (total 91):
0 System Idle Process
4 System
512 C:\Windows\System32\smss.exe
580 csrss.exe
636 C:\Windows\System32\wininit.exe
648 csrss.exe
680 C:\Windows\System32\services.exe
708 C:\Windows\System32\winlogon.exe
720 C:\Windows\System32\lsass.exe
744 C:\Windows\System32\lsm.exe
892 C:\Windows\System32\svchost.exe
952 C:\Windows\System32\svchost.exe
1004 C:\Windows\System32\svchost.exe
1072 C:\Windows\System32\Ati2evxx.exe
1096 C:\Windows\System32\svchost.exe
1132 C:\Windows\System32\svchost.exe
1188 C:\Windows\System32\svchost.exe
1280 C:\Windows\System32\audiodg.exe
1304 C:\Windows\System32\svchost.exe
1324 C:\Windows\System32\SLsvc.exe
1388 C:\Windows\System32\svchost.exe
1468 C:\Windows\System32\Ati2evxx.exe
1584 C:\Windows\System32\svchost.exe
1760 C:\Windows\System32\spoolsv.exe
1784 C:\Windows\System32\svchost.exe
544 C:\Windows\System32\taskeng.exe
1944 C:\Windows\System32\dwm.exe
332 C:\Windows\System32\taskeng.exe
1564 C:\Windows\explorer.exe
2088 C:\Program Files\Windows Defender\MSASCui.exe
2096 C:\Windows\RtHDVCpl.exe
2108 C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
2124 C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe
2168 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
2264 C:\Program Files\iTunes\iTunesHelper.exe
2280 C:\Program Files\FreePDF_XP\fpassist.exe
2304 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
2324 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2360 C:\Program Files\Avanquest\Print Artist Platinum\ReminderApp.exe
2368 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
2388 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
2404 C:\Program Files\SweetIM\Messenger\SweetIM.exe
2420 C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
2464 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2504 C:\Program Files\Windows Sidebar\sidebar.exe
2524 C:\Windows\ehome\ehtray.exe
2532 C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
2552 C:\Users\birgit\AppData\Local\Google\Update\GoogleUpdate.exe
2560 C:\Program Files\Windows Media Player\wmpnscfg.exe
2628 C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
2660 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
2992 C:\Windows\ehome\ehmsas.exe
3008 C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
3052 C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
3072 C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
3164 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
3184 C:\Program Files\Application Updater\ApplicationUpdater.exe
3208 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
3220 C:\Program Files\Bonjour\mDNSResponder.exe
3244 C:\Windows\System32\svchost.exe
3272 C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
3320 C:\Program Files\CDBurnerXP\NMSAccessU.exe
3448 C:\Windows\System32\svchost.exe
3460 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
3492 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
3580 C:\Windows\System32\svchost.exe
3616 C:\Windows\System32\svchost.exe
3668 C:\Windows\System32\SearchIndexer.exe
3716 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
844 C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
2272 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
2544 WUDFHost.exe
2980 C:\Program Files\Windows Media Player\wmpnetwk.exe
3252 C:\Windows\System32\mobsync.exe
4696 C:\Program Files\iPod\bin\iPodService.exe
4836 C:\Users\birgit\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
6052 C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
1476 C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
4212 C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
2256 C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
2712 C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
5816 C:\Program Files\Mozilla Firefox\firefox.exe
4360 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
4344 C:\Windows\System32\wuauclt.exe
4456 C:\Windows\explorer.exe
4392 C:\Program Files\Mozilla Firefox\plugin-container.exe
4144 C:\Windows\System32\SearchProtocolHost.exe
4284 C:\Windows\System32\SearchFilterHost.exe
4820 <unknown>
284 <unknown>
5772 C:\Users\birgit\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`f3947600 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000003b`3be4a400 (NTFS)

PhysicalDrive0 Model Number: ST3500830AS, Rev: 3.AAD

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: 75374D27B77E61C9316E27BACDEE41C1E2C9874E


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

cosinus 06.09.2010 22:38
Schau mal hier => Vista Notfall/Recovery-CD 32-Bit - Dr. Windows

Lad das iso runter, brenn es per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten). Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen.

LadyFreaky 06.09.2010 22:40
das mach ich dann morgen .... sonst komm ich morgen gar nimma auf

Aber mal als Zwischenstand: hat mein PC was?!

kann ich Kaspersky wieder einschalten?

Danke schon mal für die Hilfe

und wie boote ich von der cd ... dh cd rein und pc neustarten und dann macht ders automatisch dass von der cd bootet?

cosinus 06.09.2010 22:41
Hör mal auf mit Deinem Kaspersky. Das kannst Du noch früh genug aktivieren :rolleyes:

LadyFreaky 06.09.2010 22:49
sorry ...

aber das mit der CD mach ich morgen.

Was hast du denn bist jetzt aus all den Scans raus lesen können?

cosinus 07.09.2010 07:27
Du hast einen infizierten MBR. Nun mach das mal mit der CD.

LadyFreaky 07.09.2010 09:15
keine Ahnung was das ist, aber es hört sich nicht rosig an ...

Wieder erst heute abend ... mist

LadyFreaky 07.09.2010 12:11
Es tut mir echt leid wenn ich ständig dumme Fragen stelle, aber sowas is halt für mich vollkommenes Neuland. Ich sag auch gleich mal vorweg ich hab weder ne Vista-Installations-CD noch ein Backup (ja ich weiß ich bin ein Idiot dass ich das nie gemacht habe, im nachhinein ist man da immer schlauer)

Was macht diese Recovery? vernichtet die den Trojaner?!

cosinus 07.09.2010 12:28
Zitat:
Ich sag auch gleich mal vorweg ich hab weder ne Vista-Installations-CD
Was meinst Du wohl, warum ich Dir den Link zur ISO geschickt habe? :stirn:

Zitat:
Was macht diese Recovery? vernichtet die den Trojaner?!
Die selber macht nichts. Aber mit den Befehlen reparieren wir den MBR.

LadyFreaky 07.09.2010 12:53
mit mir hat mans net leicht was? :heilig:

Hast du ne Vermutung wie ich das Ding abbekommen habe?

cosinus 07.09.2010 13:30
Zitat:
Hast du ne Vermutung wie ich das Ding abbekommen habe?
Indem du einen Schädling ausgeführt, das kann ich jetzt nicht mehr genau nachvollziehen.
Machst Du das jetzt mit der CD oder nicht?!

LadyFreaky 07.09.2010 14:48
Ja mach ich noch , bin erst grad heim gekommen

LadyFreaky 07.09.2010 16:00
so hab das jetzt gemacht. wie ich den 1. code eingegeben habe kam was von das keine daten erhaten sind ... beim 2. stand dann erfolgreich beendet ....

war das so richtig?!

cosinus 07.09.2010 16:05
Dann bitte jetzt wieder MBRCheck zur Kontrolle ausführen und das neue Log davon posten.

LadyFreaky 07.09.2010 16:09
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 1 (build 6001), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies, LTD
System Manufacturer: Acer
System Product Name: Aspire M3100
Logical Drives Mask: 0x000003fc

Kernel Drivers (total 144):
0x86A10000 \SystemRoot\system32\ntkrnlpa.exe
0x86DC9000 \SystemRoot\system32\hal.dll
0x80600000 \SystemRoot\system32\kdcom.dll
0x80608000 \SystemRoot\system32\PSHED.dll
0x80619000 \SystemRoot\system32\BOOTVID.dll
0x80621000 \SystemRoot\system32\CLFS.SYS
0x80662000 \SystemRoot\system32\CI.dll
0x80742000 \SystemRoot\system32\drivers\Wdf01000.sys
0x807BE000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8E60B000 \SystemRoot\system32\drivers\acpi.sys
0x8E651000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8E65A000 \SystemRoot\system32\drivers\msisadrv.sys
0x8E662000 \SystemRoot\system32\drivers\pci.sys
0x8E689000 \SystemRoot\System32\drivers\partmgr.sys
0x8E698000 \SystemRoot\system32\drivers\volmgr.sys
0x8E6A7000 \SystemRoot\System32\drivers\volmgrx.sys
0x8E6F1000 \SystemRoot\system32\drivers\pciide.sys
0x8E6F8000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x8E706000 \SystemRoot\System32\drivers\mountmgr.sys
0x8E716000 \SystemRoot\system32\drivers\atapi.sys
0x8E71E000 \SystemRoot\system32\drivers\ataport.SYS
0x8E73C000 \SystemRoot\system32\drivers\fltmgr.sys
0x8E76E000 \SystemRoot\system32\drivers\fileinfo.sys
0x8E77E000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x8E787000 \SystemRoot\system32\drivers\klbg.sys
0x8E803000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8E874000 \SystemRoot\system32\drivers\ndis.sys
0x8E97F000 \SystemRoot\system32\drivers\msrpc.sys
0x8E9AA000 \SystemRoot\system32\drivers\NETIO.SYS
0x8EA02000 \SystemRoot\System32\drivers\tcpip.sys
0x8EAEB000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8EC08000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8ED17000 \SystemRoot\system32\drivers\volsnap.sys
0x8ED50000 \SystemRoot\System32\Drivers\spldr.sys
0x8ED58000 \SystemRoot\system32\drivers\psdvdisk.sys
0x8ED6A000 \SystemRoot\system32\drivers\PSDNServ.sys
0x8ED73000 \SystemRoot\System32\Drivers\mup.sys
0x8ED82000 \SystemRoot\System32\drivers\ecache.sys
0x8EDA9000 \SystemRoot\system32\drivers\disk.sys
0x8EDBA000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8EDDB000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x8EDE3000 \SystemRoot\system32\drivers\crcdisk.sys
0x8EDEC000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8EDF7000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8EB06000 \SystemRoot\system32\DRIVERS\processr.sys
0x96400000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x96B28000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x96BC7000 \SystemRoot\System32\drivers\watchdog.sys
0x96BD4000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8EB15000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x96BE6000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x96BFE000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8EB53000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x8EB5D000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x8EB67000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8EBA5000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8EBB4000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8EBC4000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8EBD2000 \SystemRoot\system32\DRIVERS\fdc.sys
0x8EBDD000 \SystemRoot\system32\DRIVERS\serial.sys
0x8E9E4000 \SystemRoot\system32\DRIVERS\serenum.sys
0x8E792000 \SystemRoot\system32\DRIVERS\parport.sys
0x8E7AA000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8EBF7000 \SystemRoot\system32\DRIVERS\klmouflt.sys
0x8E9EE000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8E7BD000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8E7C8000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x94202000 \SystemRoot\system32\DRIVERS\storport.sys
0x94243000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x9424E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x94265000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x94270000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x94293000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x942A2000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x942B6000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x942CB000 \SystemRoot\system32\DRIVERS\termdd.sys
0x942DB000 \SystemRoot\system32\DRIVERS\swenum.sys
0x942DD000 \SystemRoot\system32\DRIVERS\ks.sys
0x94307000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x94311000 \SystemRoot\system32\DRIVERS\umbus.sys
0x9431E000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x94352000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x94370000 \SystemRoot\system32\drivers\HdAudio.sys
0x943AF000 \SystemRoot\system32\drivers\portcls.sys
0x807CB000 \SystemRoot\system32\drivers\drmk.sys
0x97A09000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x9820C000 \SystemRoot\system32\DRIVERS\klif.sys
0x98255000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x9825E000 \SystemRoot\System32\Drivers\Null.SYS
0x98265000 \SystemRoot\System32\Drivers\Beep.SYS
0x98275000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x9827C000 \SystemRoot\System32\drivers\vga.sys
0x98288000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x982A9000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x982B1000 \SystemRoot\system32\drivers\rdpencdd.sys
0x982B9000 \SystemRoot\System32\Drivers\Msfs.SYS
0x982C4000 \SystemRoot\System32\Drivers\Npfs.SYS
0x982D2000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x982DB000 \SystemRoot\system32\DRIVERS\tdx.sys
0x982F1000 \SystemRoot\system32\DRIVERS\smb.sys
0x98401000 \SystemRoot\system32\DRIVERS\kl1.sys
0x98921000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x98933000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x98935000 \SystemRoot\system32\drivers\afd.sys
0x9897D000 \SystemRoot\System32\DRIVERS\netbt.sys
0x989AF000 \SystemRoot\system32\DRIVERS\pacer.sys
0x989C5000 \SystemRoot\system32\DRIVERS\klim6.sys
0x989CC000 \SystemRoot\system32\DRIVERS\netbios.sys
0x989DA000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x98305000 \SystemRoot\System32\drivers\truecrypt.sys
0x9833D000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x989ED000 \SystemRoot\system32\drivers\nsiproxy.sys
0x98379000 \SystemRoot\System32\Drivers\dfsc.sys
0x98390000 \SystemRoot\System32\Drivers\fastfat.SYS
0x862E0000 \SystemRoot\System32\win32k.sys
0x983B8000 \SystemRoot\System32\drivers\Dxapi.sys
0x983C2000 \SystemRoot\system32\DRIVERS\monitor.sys
0x86500000 \SystemRoot\System32\TSDDD.dll
0x86520000 \SystemRoot\System32\cdd.dll
0x86530000 \SystemRoot\System32\ATMFD.DLL
0x983D1000 \SystemRoot\system32\drivers\luafv.sys
0x97BC9000 \SystemRoot\system32\drivers\WudfPf.sys
0xA300C000 \SystemRoot\system32\drivers\spsys.sys
0xA30BB000 \SystemRoot\system32\DRIVERS\lltdio.sys
0xA30CB000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xA30DE000 \SystemRoot\system32\drivers\HTTP.sys
0xA314B000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xA3168000 \SystemRoot\system32\DRIVERS\bowser.sys
0xA3181000 \SystemRoot\System32\drivers\mpsdrv.sys
0xA3196000 \SystemRoot\system32\drivers\mrxdav.sys
0xA31B6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xA380D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xA3846000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xA385E000 \SystemRoot\System32\DRIVERS\srv2.sys
0xA3885000 \SystemRoot\System32\DRIVERS\srv.sys
0xA38D3000 \SystemRoot\system32\DRIVERS\parvdm.sys
0xA38DA000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
0xA38EB000 \SystemRoot\system32\drivers\peauth.sys
0xA39C9000 \SystemRoot\System32\Drivers\secdrv.SYS
0xA39D3000 \SystemRoot\System32\drivers\tcpipreg.sys
0xA39DF000 \??\C:\Program Files\Acer Arcade Live\Acer PlayMovie\000.fcl
0xA31D5000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x97BE3000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x779F0000 \Windows\System32\ntdll.dll

Processes (total 82):
0 System Idle Process
4 System
512 C:\Windows\System32\smss.exe
580 csrss.exe
636 C:\Windows\System32\wininit.exe
648 csrss.exe
680 C:\Windows\System32\services.exe
692 C:\Windows\System32\lsass.exe
704 C:\Windows\System32\lsm.exe
848 C:\Windows\System32\winlogon.exe
892 C:\Windows\System32\svchost.exe
952 C:\Windows\System32\svchost.exe
992 C:\Windows\System32\svchost.exe
1084 C:\Windows\System32\Ati2evxx.exe
1108 C:\Windows\System32\svchost.exe
1144 C:\Windows\System32\svchost.exe
1156 C:\Windows\System32\svchost.exe
1276 C:\Windows\System32\audiodg.exe
1304 C:\Windows\System32\svchost.exe
1324 C:\Windows\System32\SLsvc.exe
1380 C:\Windows\System32\svchost.exe
1568 C:\Windows\System32\svchost.exe
1580 C:\Windows\System32\Ati2evxx.exe
1748 C:\Windows\System32\spoolsv.exe
1772 C:\Windows\System32\svchost.exe
1516 C:\Windows\System32\dwm.exe
1656 C:\Windows\System32\taskeng.exe
1816 C:\Windows\explorer.exe
2052 C:\Program Files\Windows Defender\MSASCui.exe
2060 C:\Windows\RtHDVCpl.exe
2068 C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
2092 C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe
2256 C:\Program Files\iTunes\iTunesHelper.exe
2264 C:\Program Files\FreePDF_XP\fpassist.exe
2280 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
2312 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2332 C:\Program Files\Avanquest\Print Artist Platinum\ReminderApp.exe
2340 C:\Program Files\Common Files\Real\Update_OB\realsched.exe
2360 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
2372 C:\Program Files\SweetIM\Messenger\SweetIM.exe
2380 C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
2388 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2404 C:\Program Files\Windows Sidebar\sidebar.exe
2420 C:\Windows\ehome\ehtray.exe
2432 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
2440 C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
2456 C:\Program Files\Windows Media Player\wmpnscfg.exe
2488 C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
2496 C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
2560 C:\Windows\System32\taskeng.exe
2672 C:\Users\birgit\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
2772 C:\Windows\ehome\ehmsas.exe
3132 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3236 C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
3304 C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
3400 C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
3428 C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
3524 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
3544 C:\Program Files\Application Updater\ApplicationUpdater.exe
3564 C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
3576 C:\Program Files\Bonjour\mDNSResponder.exe
3600 C:\Windows\System32\svchost.exe
3620 C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
3664 C:\Program Files\CDBurnerXP\NMSAccessU.exe
3804 C:\Windows\System32\svchost.exe
3824 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
3876 C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
3960 C:\Windows\System32\svchost.exe
4016 C:\Windows\System32\svchost.exe
4052 C:\Windows\System32\SearchIndexer.exe
1596 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
2928 WUDFHost.exe
4260 C:\Program Files\Windows Media Player\wmpnetwk.exe
4288 C:\Program Files\iPod\bin\iPodService.exe
4488 C:\Windows\System32\mobsync.exe
5456 C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
5616 C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
5652 C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
5676 C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
4808 C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
6076 C:\Windows\System32\wuauclt.exe
4136 C:\Users\birgit\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000001`f3947600 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x0000003b`3be4a400 (NTFS)

PhysicalDrive0 Model Number: ST3500830AS, Rev: 3.AAD

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

cosinus 07.09.2010 16:53
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

LadyFreaky 07.09.2010 18:47
So hier das Ergebniss von Malreware

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4562

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18943

07.09.2010 19:45:22
mbam-log-2010-09-07 (19-45-22).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 360895
Laufzeit: 1 Stunde(n), 48 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 3

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\Program Files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll (Adware.WidgiToolbar) -> No action taken.

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\Program Files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll (Adware.WidgiToolbar) -> No action taken.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Program Files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll (Adware.WidgiToolbar) -> No action taken.
C:\Program Files\pdfforge Toolbar\WidgiHelper.exe (Adware.WidgiToolbar) -> No action taken.
C:\_OTL\MovedFiles\09052010_211939\C_Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Adware.WidgiToolbar) -> No action taken.


soll ich die ganzen adware löschen?

cosinus 07.09.2010 19:33
Ja, bitte alles löschen

LadyFreaky 07.09.2010 22:20
Spyware

SUPERAntiSpyware Scan Log
SUPERAntiSpyware.com | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

Generated 09/07/2010 at 11:18 PM

Application Version : 4.42.1000

Core Rules Database Version : 5464
Trace Rules Database Version: 3276

Scan type : Complete Scan
Total Scan Time : 02:39:51

Memory items scanned : 863
Memory threats detected : 0
Registry items scanned : 9881
Registry threats detected : 0
File items scanned : 261451
File threats detected : 8

Adware.Tracking Cookie
C:\Users\birgit\AppData\Roaming\Microsoft\Windows\Cookies\birgit@atdmt[1].txt
C:\Users\birgit\AppData\Roaming\Microsoft\Windows\Cookies\birgit@apmebf[1].txt
C:\Users\birgit\AppData\Roaming\Microsoft\Windows\Cookies\birgit@mediaplex[2].txt
C:\Users\birgit\AppData\Roaming\Microsoft\Windows\Cookies\birgit@cdn.at.atwola[1].txt
C:\Users\birgit\AppData\Roaming\Microsoft\Windows\Cookies\birgit@tacoda[2].txt
C:\Users\birgit\AppData\Roaming\Microsoft\Windows\Cookies\birgit@advertising[2].txt
C:\Users\birgit\AppData\Roaming\Microsoft\Windows\Cookies\birgit@atwola[1].txt
C:\Users\birgit\AppData\Roaming\Microsoft\Windows\Cookies\birgit@at.atwola[2].txt

cosinus 08.09.2010 09:11
Sieht ok aus.
Noch Probleme oder weitere Funde in der Zwischenzeit?

LadyFreaky 08.09.2010 09:28
Probleme in dem Sinn hatte ich die ganze Zeit über nicht es kam eben nur erst durch die Meldung von Kasp. raus das was net stimmt ....

Bin im Moment in der arbeit und kann erst am Abend wieder an meinen PC

soll ich Kasp wieder einschalten ob der was zu sagen hat?

Sollt deiner Meinung nach der Trojaner weg sein?!

Was kann ich dagegen tun, damit dass net nochmal passiert?

cosinus 08.09.2010 12:35
Ja, Kaspersky kannst Du wieder einschalten.

LadyFreaky 08.09.2010 18:44
Soo, Kaspersky wieder an und bis dato keine Meldung

War der MBR nur nachträglich noch infisziert aber der Trojaner schon weg? Im Bericht steht der wurde am SO Abend gelöscht?!

Soll ich die ganzen Programme die ich bezüglich der Scans verwendet habe löschen ?!

Gibts es eine Möglichkeit zu verhindern, dass sowas nicht nochmal vorkommt?

Ich möchte mich ganz herzlich für deine Hilfe und deine Geduld bedanken!!!!! DANKE DANKE DANKE DANKE!!!!!

cosinus 08.09.2010 19:58
Zitat:
Gibts es eine Möglichkeit zu verhindern, dass sowas nicht nochmal vorkommt?
Halte Dich am besten grob an diese fünf Regeln:

1) Sei misstrauisch im Internet und v.a. bei unbekannten E-Mails, sei vorsichtig bei der Herausgabe persönlicher Daten!!
2) Halte Windows und alle verwendeten Programme immer aktuell
3) Führe regelmäßig Backups auf externe Medien durch
4) Arbeite mit eingeschränkten Rechten
5) Nutze sichere Programme wie zB Opera oder Firefox zum Surfen statt den IE, zum Mailen Thunderbird statt Outlook Express - E-Mails nur als reinen text anzeigen lassen

Alles noch genauer erklärt steht hier => Kompromittierung unvermeidbar?


Achso wir wären soweit jetzt durch! :abklatsch:

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update



PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.


Alle Zeitangaben in WEZ +1. Es ist jetzt 02:24 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131