Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Trojaner! Malware bereits ausgeführt, Virus aber noch da? (https://www.trojaner-board.de/99432-trojaner-malware-bereits-ausgefuehrt-virus-noch.html)

Benya08 22.05.2011 18:43
Trojaner! Malware bereits ausgeführt, Virus aber noch da?
 
Hallo,
jetzt hat es wohl auch mich erwischt...
Vorhin hat mich mein Freund gant verängstigt angerufen, und mir gesagt, dass mit meinem Laptop (der bei ihm stand) was nicht stimmt, obwohl er gar nichts gemacht hat...
die Symptome sind die gleichen, wie sie die Leute mit dem Tr/Kazy.mekml.1 gepostet haben, nur dass Avira mir nicht den Virus angezeigt hat..
Hab nun nach langem Lesen hier im Forum Malwarebytes und OTL ausgeführt, Malware hat auch 6 infizierte Objekte gefunden und entfernt. Der Desktop war danach aber immer noch schwarz, nur kam eben keine Fehlermeldung mehr.. Hab dann Unhide.exe ausgeführt, nun sind alle dateien, außer die in der Startleiste wieder da, aber das muss ich denk ich selbst einrichten.
Ich frag mich nun nur, ob der Virus jetzt wirklich weg ist, oder nur die Symptome verschwunden sind?

Hier die Log-Dateien:

Malwarebytes:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6639

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

22.05.2011 18:27:13
mbam-log-2011-05-22 (18-27-13).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 547770
Laufzeit: 4 Stunde(n), 12 Minute(n), 20 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
c:\programdata\wvlmhxgdqr.exe (Trojan.FakeMS.Gen) -> 4748 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wvLmHXgdqR (Trojan.FakeMS.Gen) -> Value: wvLmHXgdqR -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programdata\wvlmhxgdqr.exe (Trojan.FakeMS.Gen) -> Delete on reboot.
c:\programdata\45080312.exe (Rogue.WindowsRecoveryConsole) -> Quarantined and deleted successfully.
c:\Users\Maya\AppData\Local\Temp\tmp41D1.tmp (Trojan.FakeMS.Gen) -> Quarantined and deleted successfully.
d:\PROG\Unipatch.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.



OTL:OTL Logfile:
Code:
OTL logfile created on: 22.05.2011 18:48:59 - Run 1
OTL by OldTimer - Version 3.2.23.0    Folder = C:\Users\Maya\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,49 Gb Available Physical Memory | 50,75% Memory free
6,09 Gb Paging File | 4,34 Gb Available in Paging File | 71,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,17 Gb Total Space | 25,20 Gb Free Space | 17,48% Space Free | Partition Type: NTFS
Drive D: | 144,15 Gb Total Space | 83,45 Gb Free Space | 57,89% Space Free | Partition Type: NTFS
 
Computer Name: MAYA-PC | User Name: Maya | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.05.22 18:47:16 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Maya\Desktop\OTL.exe
PRC - [2011.05.12 09:52:33 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.24 09:43:06 | 000,304,304 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2011.03.16 15:42:06 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.01.06 12:36:56 | 003,046,808 | ---- | M] () -- C:\Program Files\Pando Networks\Media Booster\PMB.exe
PRC - [2010.12.20 18:15:28 | 000,111,928 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe
PRC - [2010.12.13 09:39:19 | 000,281,768 | -H-- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.11.20 09:48:34 | 003,365,176 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2010.10.25 11:07:48 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\System32\dgdersvc.exe
PRC - [2010.10.25 11:03:52 | 000,217,088 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2010.04.05 14:50:00 | 000,494,920 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010.01.03 18:07:48 | 000,246,520 | -H-- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2009.11.24 11:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
PRC - [2009.09.28 22:42:57 | 000,204,800 | -H-- | M] (Realtek Semiconductor Corp.) -- C:\Users\Maya\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2009.08.18 17:01:16 | 000,671,796 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe
PRC - [2009.08.18 16:31:22 | 000,483,393 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Program Files\Common Files\Marmiko Shared\MWLaMaS.exe
PRC - [2009.07.01 18:37:06 | 000,037,888 | -H-- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2009.06.02 08:59:46 | 005,451,536 | -H-- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Logitech Vid\Vid.exe
PRC - [2009.05.08 10:35:50 | 002,780,432 | -H-- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009.05.08 10:34:08 | 000,559,888 | -H-- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2009.04.30 16:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () -- D:\Eigene Dateien\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2008.09.11 00:02:24 | 000,809,480 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2008.06.11 11:22:16 | 000,409,600 | -H-- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008.05.14 18:05:30 | 000,500,784 | -H-- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008.05.14 18:05:22 | 000,526,896 | -H-- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008.04.18 15:18:02 | 000,167,936 | -H-- | M] (Acer Corp.) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2008.04.10 16:30:20 | 000,167,936 | -H-- | M] (CyberLink) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
PRC - [2008.04.10 16:30:14 | 000,147,456 | -H-- | M] (CyberLink Corp.) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2008.03.21 13:22:52 | 000,024,576 | -H-- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008.03.18 21:27:12 | 000,013,312 | -H-- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008.01.16 18:35:02 | 000,081,504 | -H-- | M] () -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
PRC - [2007.12.06 17:15:28 | 000,110,592 | -H-- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.05.22 18:47:16 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Maya\Desktop\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (SearchAnonymizer)
SRV - [2011.05.12 09:52:33 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.16 15:42:06 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.10.25 11:07:48 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\System32\dgdersvc.exe -- (dgdersvc)
SRV - [2010.10.25 11:03:52 | 000,217,088 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010.01.03 18:07:48 | 000,246,520 | -H-- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.08.13 15:52:03 | 000,069,120 | ---- | M] (BOONTY) [On_Demand | Stopped] -- C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe -- (Boonty Games)
SRV - [2009.04.30 16:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- D:\Eigene Dateien\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008.05.14 18:05:30 | 000,500,784 | -H-- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.03.21 13:22:52 | 000,024,576 | -H-- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.03.18 21:27:12 | 000,013,312 | -H-- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.16 18:35:02 | 000,081,504 | -H-- | M] () [Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2007.12.06 17:15:28 | 000,110,592 | -H-- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2005.11.17 14:18:52 | 001,527,900 | -H-- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.03.16 15:42:06 | 000,137,656 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.12.13 09:39:38 | 000,061,960 | -H-- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.10.25 11:07:48 | 000,018,120 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2010.10.25 11:03:52 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.08.27 15:23:08 | 000,019,200 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX)
DRV - [2010.08.27 06:32:08 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2010.08.27 06:32:08 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2010.08.27 06:32:08 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010.06.17 15:27:02 | 000,028,520 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.30 22:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2009.04.30 16:00:12 | 000,025,624 | -H-- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009.04.05 15:56:08 | 000,271,360 | -H-- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.04.05 15:55:58 | 000,018,048 | -H-- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.02.13 11:35:01 | 000,011,608 | -H-- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.11.11 13:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008.11.11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008.11.11 13:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008.04.27 21:07:44 | 000,909,824 | -H-- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.04.18 15:01:24 | 000,061,424 | -H-- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008.03.21 10:48:24 | 000,015,392 | -H-- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008.03.01 01:13:38 | 001,202,560 | -H-- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.01.16 18:35:08 | 000,122,368 | -H-- | M] (Cyberlink Corp.) [Kernel | Auto | Stopped] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel)
DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {8e41e543-e069-4197-8608-e8b4c2f75747} - C:\Program Files\wellgames\tbwell.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://home.sweetim.com"
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5
FF - prefs.js..extensions.enabledItems: dvscontextmenuy@dvdvideosoft.com:1.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.6
FF - prefs.js..extensions.enabledItems: {AA994882-F391-4d2e-806F-8908DA4814ED}:2.11.9
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.1.0.2
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.1.0
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.1&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.20 17:43:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.20 17:43:48 | 000,000,000 | ---D | M]
 
[2010.10.04 23:36:23 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Maya\AppData\Roaming\mozilla\Extensions
[2010.10.04 23:36:23 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Maya\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2011.05.22 11:35:47 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions
[2010.11.10 22:21:33 | 000,000,000 | -H-D | M] (Winamp Toolbar) -- C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010.05.12 20:37:32 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.06 18:39:33 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.06.16 21:54:30 | 000,000,000 | -H-D | M] ("ICQ Toolbar") -- C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.11.10 22:21:22 | 000,000,000 | -H-D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.04.03 23:00:51 | 000,000,000 | -H-D | M] (kikin plugin) -- C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
[2010.06.30 23:26:17 | 000,000,000 | -H-D | M] ("DVDVideoSoft Menu") -- C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.02.17 22:26:52 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.05.06 18:39:28 | 000,000,000 | -H-D | M] (Greasemonkey) -- C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009.07.20 15:23:14 | 000,000,000 | -H-D | M] ("Ask Toolbar for Firefox") -- C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2011.02.07 00:31:52 | 000,000,000 | -H-D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2010.11.10 22:21:33 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\staged-xpis
[2009.03.16 17:42:14 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\toolbar_extras@de.yahoo.com
[2009.10.11 00:10:00 | 000,002,299 | -H-- | M] () -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\bing.xml
[2010.10.09 22:00:47 | 000,000,873 | -H-- | M] () -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\conduit.xml
[2011.05.20 17:23:34 | 000,000,950 | -H-- | M] () -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\icqplugin-1.xml
[2009.11.04 00:19:07 | 000,000,950 | -H-- | M] () -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\icqplugin-2.xml
[2010.06.14 18:57:22 | 000,000,950 | -H-- | M] () -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\icqplugin-3.xml
[2010.06.19 21:44:49 | 000,000,950 | -H-- | M] () -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\icqplugin-4.xml
[2010.07.07 16:28:43 | 000,000,950 | -H-- | M] () -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\icqplugin-5.xml
[2010.07.08 16:05:14 | 000,000,950 | -H-- | M] () -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\icqplugin-6.xml
[2010.07.09 19:53:11 | 000,000,950 | -H-- | M] () -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\icqplugin-7.xml
[2010.07.15 23:06:34 | 000,000,950 | -H-- | M] () -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\icqplugin-8.xml
[2011.05.20 17:44:10 | 000,000,950 | -H-- | M] () -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\icqplugin-9.xml
[2010.06.16 21:54:30 | 000,000,168 | -H-- | M] () -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\icqplugin.gif
[2010.06.16 21:54:30 | 000,000,618 | -H-- | M] () -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\icqplugin.src
[2010.05.12 18:40:06 | 000,001,042 | -H-- | M] () -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\icqplugin.xml
[2011.01.02 11:39:36 | 000,001,218 | -H-- | M] () -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\kikin-search.xml
[2011.02.07 00:31:40 | 000,003,915 | -H-- | M] () -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\sweetim.xml
[2009.10.11 00:10:01 | 000,001,651 | -H-- | M] () -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\winamp-search.xml
[2009.10.11 00:10:01 | 000,002,041 | -H-- | M] () -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\{307CBA51-B200-478D-9B7A-F4776E73E981}.xml
[2009.10.11 00:10:01 | 000,002,152 | -H-- | M] () -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\{66AE9E10-D1D0-49F2-B0CF-25FBD0F3162A}.xml
[2009.10.11 00:10:01 | 000,001,834 | -H-- | M] () -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\{D262DACB-64AD-40D1-BD79-9BEC349ABA21}.xml
[2010.08.31 17:16:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.03.11 01:15:22 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.07.27 13:35:57 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.08.31 17:16:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2009.03.16 17:39:16 | 000,000,000 | ---D | M] (Yahoo! Deutschland Toolbar und Extras) -- C:\Program Files\Mozilla Firefox\extensions\toolbar_extras@de.yahoo.com
[2009.08.16 23:08:10 | 000,000,000 | ---D | M] (DVDVideoSoft YouTube Download Firefox Integration) -- C:\PROGRAM FILES\COMMON FILES\DVDVIDEOSOFT\DLL\FFCONTEXTMENUY
[2011.02.07 00:52:31 | 000,000,000 | ---D | M] (PriceGong) -- C:\PROGRAM FILES\PRICEGONG\2.1.0\FF
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.05.20 17:43:41 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.05.20 17:43:41 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.05.20 17:43:41 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.05.20 17:43:41 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.05.20 17:43:41 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (wellgames Toolbar) - {8e41e543-e069-4197-8608-e8b4c2f75747} - C:\Program Files\wellgames\tbwell.dll (Conduit Ltd.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll (kikin)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (wellgames Toolbar) - {8e41e543-e069-4197-8608-e8b4c2f75747} - C:\Program Files\wellgames\tbwell.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (wellgames Toolbar) - {8E41E543-E069-4197-8608-E8B4C2F75747} - C:\Program Files\wellgames\tbwell.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DW6]  File not found
O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [msnmsgr]  File not found
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
O4 - Startup: C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Maya\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Maya\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O8 - Extra context menu item: Save YouTube Video - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {A21769F8-CEC5-4AFA-A6A4-CC921A15DF40} hxxp://www.n2030.com/coreXplayer.dll (ActiveXControl Object)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} -  File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} -  File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (halqueue.dll) -  File not found
O20 - AppInit_DLLs: (dbgcpl.dll) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Maya\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Maya\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1ae05757-6dc3-11df-9a5a-001d72d3e6c5}\Shell - "" = AutoRun
O33 - MountPoints2\{1ae05757-6dc3-11df-9a5a-001d72d3e6c5}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.22 18:47:09 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Maya\Desktop\OTL.exe
[2011.05.22 13:54:48 | 000,000,000 | -H-D | C] -- C:\Users\Maya\AppData\Roaming\Malwarebytes
[2011.05.22 13:54:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.05.22 13:54:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.22 13:53:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\Malwarebytes
[2011.05.22 13:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.05.22 12:10:31 | 000,000,000 | -H-D | C] -- C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery
[2011.05.16 22:05:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.05.16 14:37:22 | 000,000,000 | -H-D | C] -- C:\Users\Maya\Desktop\gomhb
[2011.05.16 14:37:01 | 000,000,000 | -H-D | C] -- C:\Users\Maya\AppData\Local\WinZip
[2011.05.12 10:01:56 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011.05.12 10:01:56 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011.05.12 10:01:52 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.05.12 09:58:58 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.05.12 09:58:57 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.05.12 09:53:55 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.05.12 09:53:55 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.05.12 09:53:54 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.05.12 09:53:54 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.05.12 09:53:53 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.05.12 09:53:53 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.05.12 09:53:52 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.05.12 09:53:52 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.05.12 09:53:51 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.05.12 09:53:51 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.05.12 09:53:51 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.05.12 09:53:51 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.05.12 09:53:51 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.05.12 09:53:51 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.05.12 09:53:50 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.05.12 09:53:50 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.05.12 09:53:50 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.05.12 09:53:24 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.05.12 09:53:23 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.05.12 09:53:05 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.05.12 09:52:59 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.05.12 09:52:33 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.05.12 09:52:33 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.28 23:14:46 | 000,000,000 | -H-D | C] -- C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Submarine Titans
[2011.04.28 23:10:53 | 000,000,000 | ---D | C] -- C:\Program Files\Submarine Titans
[2011.04.28 23:05:56 | 000,000,000 | -H-D | C] -- C:\CHAOS
[2011.04.28 22:52:16 | 000,000,000 | ---D | C] -- C:\Program Files\DS9TheFallen
[2011.04.28 22:52:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Deep Space Nine-The Fallen
[2011.04.24 13:04:22 | 000,000,000 | -H-D | C] -- C:\Users\Maya\Desktop\by AstiNews de - Nintendo Super NES Emulator inkl
[2010.08.25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2009.03.17 01:35:54 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Maya\AppData\Local\*.tmp files -> C:\Users\Maya\AppData\Local\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.22 18:47:16 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Maya\Desktop\OTL.exe
[2011.05.22 18:40:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.05.22 18:30:54 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.05.22 18:30:34 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011.05.22 18:30:27 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.22 18:30:27 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.22 18:30:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.22 18:30:00 | 3146,633,216 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.22 13:34:23 | 000,000,184 | -H-- | M] () -- C:\Users\Maya\Desktop\NPE.ctl
[2011.05.22 13:33:52 | 006,161,848 | -H-- | M] (Symantec Corporation) -- C:\Users\Maya\Desktop\NPE.exe
[2011.05.22 13:10:46 | 000,000,000 | -H-- | M] () -- C:\Users\Maya\AppData\Roaming\SMRBackup162.dat
[2011.05.22 12:10:34 | 000,000,144 | -H-- | M] () -- C:\ProgramData\~45080312r
[2011.05.22 12:10:34 | 000,000,120 | -H-- | M] () -- C:\ProgramData\~45080312
[2011.05.22 12:10:31 | 000,000,599 | -H-- | M] () -- C:\Users\Maya\Desktop\Windows Vista Recovery.lnk
[2011.05.22 12:10:25 | 000,000,336 | -H-- | M] () -- C:\ProgramData\45080312
[2011.05.22 11:10:22 | 000,077,824 | -H-- | M] () -- C:\Users\Maya\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.22 02:09:17 | 000,002,475 | -H-- | M] () -- C:\Users\Maya\Desktop\TubeBox! starten.lnk
[2011.05.21 04:28:21 | 000,001,981 | -H-- | M] () -- C:\Users\Maya\Desktop\Der Herr der Ringe Online.lnk
[2011.05.17 20:44:04 | 000,052,169 | -H-- | M] () -- C:\Users\Maya\Desktop\Darwinfinken.jpg
[2011.05.16 23:25:47 | 000,080,165 | -H-- | M] () -- C:\Users\Maya\Desktop\Zwillingsspechte.jpg
[2011.05.16 23:03:00 | 000,087,006 | -H-- | M] () -- C:\Users\Maya\Desktop\Erdhörnchen.jpg
[2011.05.16 22:06:31 | 000,007,052 | -H-- | M] () -- C:\Users\Maya\AppData\Local\d3d9caps.dat
[2011.05.16 14:36:31 | 001,194,521 | -H-- | M] () -- C:\Users\Maya\Desktop\gomhb.zip
[2011.05.14 15:31:39 | 000,428,312 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Maya\AppData\Local\*.tmp files -> C:\Users\Maya\AppData\Local\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.05.22 13:34:23 | 000,000,184 | -H-- | C] () -- C:\Users\Maya\Desktop\NPE.ctl
[2011.05.22 13:10:46 | 000,000,000 | -H-- | C] () -- C:\Users\Maya\AppData\Roaming\SMRBackup162.dat
[2011.05.22 12:10:34 | 000,000,144 | -H-- | C] () -- C:\ProgramData\~45080312r
[2011.05.22 12:10:34 | 000,000,120 | -H-- | C] () -- C:\ProgramData\~45080312
[2011.05.22 12:10:31 | 000,000,599 | -H-- | C] () -- C:\Users\Maya\Desktop\Windows Vista Recovery.lnk
[2011.05.22 12:10:25 | 000,000,336 | -H-- | C] () -- C:\ProgramData\45080312
[2011.05.21 04:28:21 | 000,001,981 | -H-- | C] () -- C:\Users\Maya\Desktop\Der Herr der Ringe Online.lnk
[2011.05.17 20:44:03 | 000,052,169 | -H-- | C] () -- C:\Users\Maya\Desktop\Darwinfinken.jpg
[2011.05.16 23:25:47 | 000,080,165 | -H-- | C] () -- C:\Users\Maya\Desktop\Zwillingsspechte.jpg
[2011.05.16 23:02:59 | 000,087,006 | -H-- | C] () -- C:\Users\Maya\Desktop\Erdhörnchen.jpg
[2011.05.16 14:36:30 | 001,194,521 | -H-- | C] () -- C:\Users\Maya\Desktop\gomhb.zip
[2011.03.23 22:04:21 | 000,007,052 | -H-- | C] () -- C:\Users\Maya\AppData\Local\d3d9caps.dat
[2011.01.06 18:30:35 | 000,000,092 | -H-- | C] () -- C:\Users\Maya\AppData\Local\fusioncache.dat
[2010.12.06 01:28:48 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.12.06 01:28:48 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.10.25 11:09:56 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2010.10.25 11:09:56 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2010.10.25 11:09:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2010.10.25 11:09:56 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2010.08.25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010.08.25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010.08.25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010.08.25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.08.25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.08.25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010.08.11 16:06:52 | 000,000,833 | ---- | C] () -- C:\Windows\WININIT.INI
[2010.08.11 16:06:30 | 000,001,284 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.08.11 16:06:30 | 000,000,892 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010.08.11 16:06:02 | 000,247,296 | ---- | C] () -- C:\Windows\UN160407.EXE
[2010.07.27 13:41:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.02.21 21:18:19 | 000,000,032 | RH-- | C] () -- C:\ProgramData\hash.dat
[2009.09.24 20:06:27 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2009.09.05 22:26:57 | 000,013,786 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2009.09.01 20:53:32 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009.09.01 20:53:32 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009.09.01 20:53:32 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2009.08.25 16:25:44 | 000,000,077 | ---- | C] () -- C:\Windows\NARBACULARDROP.INI
[2009.08.23 16:15:34 | 000,000,000 | -H-- | C] () -- C:\Users\Maya\AppData\Roaming\wklnhst.dat
[2009.08.08 18:55:51 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.08 18:55:51 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.07.24 15:13:28 | 000,000,038 | ---- | C] () -- C:\Windows\MahJongg Mega-Pack.dat
[2009.06.26 13:12:52 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll
[2009.06.26 13:10:50 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009.06.26 13:10:28 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.06.15 00:00:30 | 000,101,263 | ---- | C] () -- C:\Windows\System32\8e5b993f-dec8-addd-530b-73b476200d78.exe
[2009.05.31 14:34:19 | 000,183,040 | ---- | C] () -- C:\Windows\PI.EXE
[2009.05.08 10:13:04 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009.04.30 22:39:36 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009.04.30 16:00:12 | 000,025,624 | -H-- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009.04.19 21:07:49 | 000,000,000 | -H-- | C] () -- C:\ProgramData\LauncherAccess.dt
[2009.04.19 21:01:04 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009.04.05 15:56:08 | 000,271,360 | -H-- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.04.05 15:55:58 | 000,018,048 | -H-- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.03.23 20:31:35 | 000,077,824 | -H-- | C] () -- C:\Users\Maya\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.03.17 01:25:23 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2009.03.17 01:25:23 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2009.03.16 18:07:59 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.03.16 16:08:18 | 000,204,800 | -H-- | C] () -- C:\Windows\System32\SysHook.dll
[2009.03.16 16:02:48 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2009.03.16 16:02:48 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2009.03.16 16:02:48 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.05.08 05:32:19 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.05.08 05:32:19 | 000,121,520 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.05.08 05:32:19 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.05.08 05:32:19 | 000,000,000 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.05.07 20:06:49 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.05.07 20:03:50 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.05.07 20:03:50 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.04.30 10:09:06 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.04.30 10:09:01 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2008.04.30 10:09:01 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2008.04.30 10:09:01 | 000,000,041 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,428,312 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,099,568 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:33:01 | 000,000,000 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[2000.10.05 02:43:40 | 000,069,632 | R--- | C] () -- C:\Windows\ST1_Un0.exe
 
========== LOP Check ==========
 
[2009.07.19 18:57:00 | 000,000,000 | -HSD | M] -- C:\Users\Maya\AppData\Roaming\.#
[2008.05.07 20:02:23 | 000,000,000 | -H-D | M] -- C:\Users\Maya\AppData\Roaming\Acer GameZone Console
[2010.03.24 23:20:53 | 000,000,000 | -H-D | M] -- C:\Users\Maya\AppData\Roaming\Ancient Quest of Saqqarah__intenium
[2009.10.02 22:29:10 | 000,000,000 | -H-D | M] -- C:\Users\Maya\AppData\Roaming\Azureus
[2009.07.11 22:52:22 | 000,000,000 | -H-D | M] -- C:\Users\Maya\AppData\Roaming\Big Fish Games
[2009.07.20 16:25:30 | 000,000,000 | -H-D | M] -- C:\Users\Maya\AppData\Roaming\BitTorrent
[2009.08.13 15:52:24 | 000,000,000 | -H-D | M] -- C:\Users\Maya\AppData\Roaming\Boonty
[2009.06.14 23:39:44 | 000,000,000 | -H-D | M] -- C:\Users\Maya\AppData\Roaming\Canneverbe_Limited
[2009.10.21 20:35:20 | 000,000,000 | -H-D | M] -- C:\Users\Maya\AppData\Roaming\Clickteam
[2010.06.30 23:26:16 | 000,000,000 | -H-D | M] -- C:\Users\Maya\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.08.25 16:41:20 | 000,000,000 | -H-D | M] -- C:\Users\Maya\AppData\Roaming\EleFun Games
[2010.06.28 21:43:17 | 000,000,000 | -H-D | M] -- C:\Users\Maya\AppData\Roaming\FarmingSimulator2008
[2009.04.18 20:35:09 | 000,000,000 | -H-D | M] -- C:\Users\Maya\AppData\Roaming\FloodLightGames
[2010.02.25 01:13:56 | 000,000,000 | -H-D | M] -- C:\Users\Maya\AppData\Roaming\FOG Downloader
[2009.04.01 18:48:36 | 000,000,000 | -H-D | M] -- C:\Users\Maya\AppData\Roaming\Gaijin Ent
[2011.05.22 17:42:09 | 000,000,000 | -H-D | M] -- C:\Users\Maya\AppData\Roaming\ICQ
[2009.03.29 23:58:34 | 000,000,000 | -H-D | M] -- C:\Users\Maya\AppData\Roaming\iWin
[2010.04.04 12:45:37 | 000,000,000 | -H-D | M] -- C:\Users\Maya\AppData\Roaming\kikin
[2010.09.19 18:09:44 | 000,000,000 | -H-D | M] -- C:\Users\Maya\AppData\Roaming\LG Electronics
[2010.12.16 18:44:32 | 000,000,000 | -H-D | M] -- C:\Users\Maya\AppData\Roaming\LimeWire
[2009.06.26 13:14:24 | 000,000,000 | -H-D | M] -- C:\Users\Maya\AppData\Roaming\MAGIX
[2011.03.02 23:37:23 | 000,000,000 | -H-D | M] -- C:\Users\Maya\AppData\Roaming\OCS
[2009.08.11 21:14:41 | 000,000,000 | -H-D | M] -- C:\Users\Maya\AppData\Roaming\OpenOffice.org
[2009.10.11 00:10:01 | 000,000,000 | -H-D | M] -- C:\Users\Maya\AppData\Roaming\Opera
[2010.06.15 22:13:51 | 000,000,000 | -H-D | M] -- C:\Users\Maya\AppData\Roaming\Peace Craft
[2009.05.23 17:31:22 | 000,000,000 | -H-D | M] -- C:\Users\Maya\AppData\Roaming\PlayFirst
[2010.09.15 22:00:08 | 000,000,000 | -H-D | M] -- C:\Users\Maya\AppData\Roaming\Pogo Games
[2011.01.06 13:26:22 | 000,000,000 | -H-D | M] -- C:\Users\Maya\AppData\Roaming\Samsung
[2009.09.24 20:06:56 | 000,000,000 | -H-D | M] -- C:\Users\Maya\AppData\Roaming\Skunk Studios
[2011.01.27 22:30:51 | 000,000,000 | -H-D | M] -- C:\Users\Maya\AppData\Roaming\T-Online
[2009.09.20 12:56:53 | 000,000,000 | -H-D | M] -- C:\Users\Maya\AppData\Roaming\Template
[2010.02.21 21:13:54 | 000,000,000 | -H-D | M] -- C:\Users\Maya\AppData\Roaming\Three Rings Design
[2010.07.29 11:49:09 | 000,000,000 | -H-D | M] -- C:\Users\Maya\AppData\Roaming\TubeBox
[2009.12.11 16:02:45 | 000,000,000 | -H-D | M] -- C:\Users\Maya\AppData\Roaming\ViquaSoft
[2010.03.09 23:51:32 | 000,000,000 | -H-D | M] -- C:\Users\Maya\AppData\Roaming\Zylom
[2011.05.22 18:29:02 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.12.17 04:31:25 | 000,000,424 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{9E1969E7-8A4A-496F-8B42-09C11E4AE0D2}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:9E22BBE8
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:FB914833
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:95B8F7F6
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:A3B8F70C
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:580E04D8
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:8173A019
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:D61F920D
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:2B99FE60
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:193426B4
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:57B4E612
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:FC420CE6
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:588B60C7
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:225C4FFC
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:8140CB50
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:793F316E
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:CF61CE5A
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:131C0EE9

< End of report >
--- --- ---

cosinus 23.05.2011 13:36
War das der erste und einzige Scan mit Malwarebytes? Oder schon öfter gescannt? Wenn ja, zu jedem Scan gibt es auch ein Log, dann bitte alle posten.

Benya08 23.05.2011 15:06
Das war der erste und bis jetzt einzige Scan, oder muss ich jetzt nochmal einen machen, nachdem er die 6 Dateien gelöscht hat?
Windows Vista recovery hatte vorher auch angezeigt, dass da 11 infizierte Dateien wären...
Nach dem Malwarescan läuft der Pc ja auch wieder recht normal, aber zwischendurch kommt manchmal einfach so Musik, man sieht aber nichts, auch wenn kein Fenster auf ist oder so. Gestern abend kam zum Beispiel der Trailer von hangover 2... das spielt dann einen Moment und geht dann wieder weg. Ist ja nicht schlimm, aber das kann doch nicht normal sein?

cosinus 23.05.2011 18:43
Zitat:
O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (wellgames Toolbar) - {8e41e543-e069-4197-8608-e8b4c2f75747} - C:\Program Files\wellgames\tbwell.dll (Conduit Ltd.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll (kikin)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Hm, was willst du mit diesen komischen Toolbars auf dem Rechner? Am besten alles entfernen wo Toolbar steht, was in der Systemsteuerung unter Software bzw. Programme und Funktionen zu sehen ist und bei zukünftigen Programminstallation immer die benutzerdefinierte Methode anklicken, damit man bei der Installation mögliche Toolbars abwählen kann.
Deinstalliere bei der Gelegenheit auch alle anderen unnötigen Programme über die Systemsteuerung.

Benya08 25.05.2011 16:56
Alles klar, hab alle Toolbars und überflüssigen Programme deinstalliert.

cosinus 25.05.2011 20:40
Dann bitte ein frisches OTL-Log nun erstellen:

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Benya08 27.05.2011 15:48
OTL Logfile:
Code:
OTL logfile created on: 27.05.2011 16:13:10 - Run 2
OTL by OldTimer - Version 3.2.23.0    Folder = c:\Users\Maya\Desktop\Texte\LogDateien
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,93 Gb Total Physical Memory | 1,32 Gb Available Physical Memory | 45,17% Memory free
6,09 Gb Paging File | 3,92 Gb Available in Paging File | 64,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,17 Gb Total Space | 32,48 Gb Free Space | 22,53% Space Free | Partition Type: NTFS
Drive D: | 144,15 Gb Total Space | 83,45 Gb Free Space | 57,89% Space Free | Partition Type: NTFS
 
Computer Name: MAYA-PC | User Name: Maya | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.05.27 10:41:31 | 000,941,936 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2011.05.26 11:49:40 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011.05.22 18:47:16 | 000,580,096 | ---- | M] (OldTimer Tools) -- c:\Users\Maya\Desktop\Texte\LogDateien\OTL.exe
PRC - [2011.05.12 09:52:33 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.16 15:42:06 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.12.20 18:15:28 | 000,111,928 | R--- | M] (SweetIM Technologies Ltd.) -- C:\Program Files\SweetIM\Messenger\SweetIM.exe
PRC - [2010.12.13 09:39:19 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.11.20 09:48:34 | 003,365,176 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
PRC - [2010.10.25 11:07:48 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) -- C:\Windows\System32\dgdersvc.exe
PRC - [2010.10.25 11:03:52 | 000,217,088 | ---- | M] (Teruten) -- C:\Windows\System32\FsUsbExService.Exe
PRC - [2010.10.23 11:23:38 | 002,880,784 | ---- | M] (Turbine, Inc.) -- C:\Program Files\Codemasters\Der Herr der Ringe Online\TurbineLauncher.exe
PRC - [2010.04.05 14:50:00 | 000,494,920 | R--- | M] (WinZip Computing, S.L.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2010.01.14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010.01.03 18:07:48 | 000,246,520 | ---- | M] () -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe
PRC - [2009.11.24 11:32:22 | 000,234,792 | ---- | M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
PRC - [2009.09.28 22:42:57 | 000,204,800 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Maya\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2009.08.18 17:01:16 | 000,671,796 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe
PRC - [2009.08.18 16:31:22 | 000,483,393 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Program Files\Common Files\Marmiko Shared\MWLaMaS.exe
PRC - [2009.07.01 18:37:06 | 000,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2009.06.02 08:59:46 | 005,451,536 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Logitech Vid\Vid.exe
PRC - [2009.05.08 10:35:50 | 002,780,432 | ---- | M] () -- C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
PRC - [2009.05.08 10:34:08 | 000,559,888 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
PRC - [2009.04.30 16:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
PRC - [2009.04.23 05:21:42 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009.04.23 05:18:38 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () -- D:\Eigene Dateien\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2008.09.11 00:02:24 | 000,809,480 | ---- | M] (Dritek System Inc.) -- C:\Program Files\Launch Manager\LManager.exe
PRC - [2008.06.11 11:22:16 | 000,409,600 | ---- | M] (Acer Inc.) -- C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2008.05.14 18:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
PRC - [2008.05.14 18:05:22 | 000,526,896 | ---- | M] (Egis Incorporated) -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
PRC - [2008.04.18 15:18:02 | 000,167,936 | ---- | M] (Acer Corp.) -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
PRC - [2008.04.10 16:30:20 | 000,167,936 | ---- | M] (CyberLink) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
PRC - [2008.04.10 16:30:14 | 000,147,456 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2008.03.21 13:22:52 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
PRC - [2008.03.18 21:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2008.01.16 18:35:02 | 000,081,504 | ---- | M] () -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
PRC - [2007.12.06 17:15:28 | 000,110,592 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.05.22 18:47:16 | 000,580,096 | ---- | M] (OldTimer Tools) -- c:\Users\Maya\Desktop\Texte\LogDateien\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (SearchAnonymizer)
SRV - [2011.05.12 09:52:33 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.16 15:42:06 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.10.25 11:07:48 | 000,095,568 | ---- | M] (Devguru Co., Ltd.) [Auto | Running] -- C:\Windows\System32\dgdersvc.exe -- (dgdersvc)
SRV - [2010.10.25 11:03:52 | 000,217,088 | ---- | M] (Teruten) [Auto | Running] -- C:\Windows\System32\FsUsbExService.Exe -- (FsUsbExService)
SRV - [2010.01.03 18:07:48 | 000,246,520 | ---- | M] () [Auto | Running] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.08.24 13:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009.08.13 15:52:03 | 000,069,120 | ---- | M] (BOONTY) [On_Demand | Stopped] -- C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe -- (Boonty Games)
SRV - [2009.04.30 16:01:10 | 000,154,136 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv)
SRV - [2008.10.20 22:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- D:\Eigene Dateien\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2008.05.14 18:05:30 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.03.21 13:22:52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.03.18 21:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.16 18:35:02 | 000,081,504 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2007.12.06 17:15:28 | 000,110,592 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2005.11.17 14:18:52 | 001,527,900 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.03.16 15:42:06 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.12.13 09:39:38 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.10.25 11:07:48 | 000,018,120 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2010.10.25 11:03:52 | 000,036,640 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2010.08.27 15:23:08 | 000,019,200 | ---- | M] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Stopped] -- C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys -- (MTOnlPktAlyX)
DRV - [2010.08.27 06:32:08 | 000,121,576 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2010.08.27 06:32:08 | 000,096,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2010.08.27 06:32:08 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010.06.17 15:27:02 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.30 22:55:58 | 002,687,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LV302V32.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV - [2009.04.30 16:00:12 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2009.04.05 15:56:08 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.04.05 15:55:58 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.02.13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.11.11 13:42:00 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2008.11.11 13:41:00 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2008.11.11 13:41:00 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2008.04.27 21:07:44 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.04.18 15:01:24 | 000,061,424 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2008.03.21 10:48:24 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2008.03.01 01:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.01.16 18:35:08 | 000,122,368 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Stopped] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys -- (NTIPPKernel)
DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://home.sweetim.com"
FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.5
FF - prefs.js..extensions.enabledItems: dvscontextmenuy@dvdvideosoft.com:1.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.6
FF - prefs.js..extensions.enabledItems: {AA994882-F391-4d2e-806F-8908DA4814ED}:2.11.9
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.1.0.2
FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.12.1
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.1.0
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.1&q="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.05.26 11:50:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.26 11:50:01 | 000,000,000 | ---D | M]
 
[2010.10.04 23:36:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maya\AppData\Roaming\mozilla\Extensions
[2010.10.04 23:36:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maya\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2011.05.27 16:11:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions
[2010.11.10 22:21:33 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010.05.12 20:37:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.06 18:39:33 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.06.16 21:54:30 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.11.10 22:21:22 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.04.03 23:00:51 | 000,000,000 | ---D | M] (kikin plugin) -- C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
[2010.06.30 23:26:17 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.02.17 22:26:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.05.06 18:39:28 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009.07.20 15:23:14 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2011.02.07 00:31:52 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2010.11.10 22:21:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\staged-xpis
[2009.03.16 17:42:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\toolbar_extras@de.yahoo.com
[2009.10.11 00:10:00 | 000,002,299 | ---- | M] () -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\bing.xml
[2010.10.09 22:00:47 | 000,000,873 | ---- | M] () -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\conduit.xml
[2011.05.20 17:23:34 | 000,000,950 | ---- | M] () -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\icqplugin-1.xml
[2011.05.26 11:50:34 | 000,000,950 | ---- | M] () -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\icqplugin-10.xml
[2009.11.04 00:19:07 | 000,000,950 | ---- | M] () -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\icqplugin-2.xml
[2010.06.14 18:57:22 | 000,000,950 | ---- | M] () -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\icqplugin-3.xml
[2010.06.19 21:44:49 | 000,000,950 | ---- | M] () -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\icqplugin-4.xml
[2010.07.07 16:28:43 | 000,000,950 | ---- | M] () -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\icqplugin-5.xml
[2010.07.08 16:05:14 | 000,000,950 | ---- | M] () -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\icqplugin-6.xml
[2010.07.09 19:53:11 | 000,000,950 | ---- | M] () -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\icqplugin-7.xml
[2010.07.15 23:06:34 | 000,000,950 | ---- | M] () -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\icqplugin-8.xml
[2011.05.20 17:44:10 | 000,000,950 | ---- | M] () -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\icqplugin-9.xml
[2010.06.16 21:54:30 | 000,000,168 | ---- | M] () -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\icqplugin.gif
[2010.06.16 21:54:30 | 000,000,618 | ---- | M] () -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\icqplugin.src
[2010.05.12 18:40:06 | 000,001,042 | ---- | M] () -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\icqplugin.xml
[2011.01.02 11:39:36 | 000,001,218 | ---- | M] () -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\kikin-search.xml
[2011.02.07 00:31:40 | 000,003,915 | ---- | M] () -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\sweetim.xml
[2009.10.11 00:10:01 | 000,001,651 | ---- | M] () -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\winamp-search.xml
[2009.10.11 00:10:01 | 000,002,041 | ---- | M] () -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\{307CBA51-B200-478D-9B7A-F4776E73E981}.xml
[2009.10.11 00:10:01 | 000,002,152 | ---- | M] () -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\{66AE9E10-D1D0-49F2-B0CF-25FBD0F3162A}.xml
[2009.10.11 00:10:01 | 000,001,834 | ---- | M] () -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\{D262DACB-64AD-40D1-BD79-9BEC349ABA21}.xml
[2010.08.31 17:16:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.03.11 01:15:22 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.07.27 13:35:57 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.08.31 17:16:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2009.03.16 17:39:16 | 000,000,000 | ---D | M] (Yahoo! Deutschland Toolbar und Extras) -- C:\Program Files\Mozilla Firefox\extensions\toolbar_extras@de.yahoo.com
[2009.08.16 23:08:10 | 000,000,000 | ---D | M] (DVDVideoSoft YouTube Download Firefox Integration) -- C:\PROGRAM FILES\COMMON FILES\DVDVIDEOSOFT\DLL\FFCONTEXTMENUY
[2011.02.07 00:52:31 | 000,000,000 | ---D | M] (PriceGong) -- C:\PROGRAM FILES\PRICEGONG\2.1.0\FF
[2010.07.17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2011.05.26 11:49:51 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.05.26 11:49:51 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.05.26 11:49:51 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.05.26 11:49:51 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.05.26 11:49:51 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (wellgames Toolbar) - {8e41e543-e069-4197-8608-e8b4c2f75747} -  File not found
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll (kikin)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (wellgames Toolbar) - {8e41e543-e069-4197-8608-e8b4c2f75747} -  File not found
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{8CEF2A68-1813-FB99-71EC-974C6400131E}]  File not found
O4 - HKCU..\Run: [DW6]  File not found
O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [msnmsgr]  File not found
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
O4 - Startup: C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Maya\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Maya\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Save YouTube Video - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {A21769F8-CEC5-4AFA-A6A4-CC921A15DF40} hxxp://www.n2030.com/coreXplayer.dll (ActiveXControl Object)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} -  File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} -  File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - AppInit_DLLs: (halqueue.dll) -  File not found
O20 - AppInit_DLLs: (dbgcpl.dll) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Maya\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Maya\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1ae05757-6dc3-11df-9a5a-001d72d3e6c5}\Shell - "" = AutoRun
O33 - MountPoints2\{1ae05757-6dc3-11df-9a5a-001d72d3e6c5}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\System32\Microsoft
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {413D33C4-13AF-ABC8-DDFD-D2A53F852140} - Browser Customizations
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\Windows\System32\Microsoft
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: aux - wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - wdmaud.drv (Microsoft Corporation)
Drivers32: aux2 - wdmaud.drv (Microsoft Corporation)
Drivers32: aux3 - wdmaud.drv (Microsoft Corporation)
Drivers32: aux4 - wdmaud.drv (Microsoft Corporation)
Drivers32: aux5 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi - wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi4 - wdmaud.drv (Microsoft Corporation)
Drivers32: midi5 - wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - midimap.dll (Microsoft Corporation)
Drivers32: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer4 - wdmaud.drv (Microsoft Corporation)
Drivers32: mixer5 - wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - sirenacm.dll (Microsoft Corporation)
Drivers32: MSVideo - vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - iccvid.dll (Radius Inc.)
Drivers32: VIDC.I420 - lvcodec2.dll (Logitech Inc.)
Drivers32: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32: wave - wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave4 - wdmaud.drv (Microsoft Corporation)
Drivers32: wave5 - wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.05.26 11:42:42 | 000,000,000 | ---D | C] -- C:\Users\Maya\AppData\Roaming\Hiti
[2011.05.26 11:42:42 | 000,000,000 | ---D | C] -- C:\Users\Maya\AppData\Roaming\Dubog
[2011.05.22 19:59:33 | 000,000,000 | ---D | C] -- C:\Users\Maya\Desktop\Schule
[2011.05.22 13:54:48 | 000,000,000 | ---D | C] -- C:\Users\Maya\AppData\Roaming\Malwarebytes
[2011.05.22 13:54:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.05.22 13:54:03 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011.05.22 13:53:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.05.22 13:53:42 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.05.22 12:10:31 | 000,000,000 | ---D | C] -- C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Vista Recovery
[2011.05.16 22:05:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2011.05.16 14:37:01 | 000,000,000 | ---D | C] -- C:\Users\Maya\AppData\Local\WinZip
[2011.04.28 23:14:46 | 000,000,000 | ---D | C] -- C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Submarine Titans
[2011.04.28 23:10:53 | 000,000,000 | ---D | C] -- C:\Program Files\Submarine Titans
[2011.04.28 23:05:56 | 000,000,000 | ---D | C] -- C:\CHAOS
[2010.08.25 19:59:08 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
[2009.03.17 01:35:54 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Users\Maya\AppData\Local\*.tmp files -> C:\Users\Maya\AppData\Local\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.27 15:40:04 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.05.27 15:35:06 | 000,000,046 | ---- | M] () -- C:\Users\Maya\jagex_runescape_preferences.dat
[2011.05.27 14:37:13 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.27 14:37:13 | 000,003,216 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.27 10:40:06 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.05.27 10:37:56 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2011.05.27 10:37:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.27 10:37:08 | 3146,633,216 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.26 16:41:56 | 000,001,935 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011.05.26 13:40:06 | 212,812,876 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.05.26 11:55:23 | 000,065,315 | ---- | M] () -- C:\Users\Maya\Desktop\tommyylance (Small).jpg
[2011.05.24 14:38:49 | 000,002,475 | ---- | M] () -- C:\Users\Maya\Desktop\TubeBox! starten.lnk
[2011.05.24 12:32:32 | 000,060,419 | ---- | M] () -- C:\Users\Maya\Desktop\deichbrand-2011-flyer.jpg
[2011.05.24 07:21:35 | 000,832,912 | ---- | M] () -- C:\Users\Maya\Desktop\tommyylance.jpg
[2011.05.23 08:58:34 | 000,079,872 | ---- | M] () -- C:\Users\Maya\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.05.22 13:54:04 | 000,000,870 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.22 13:33:52 | 006,161,848 | ---- | M] (Symantec Corporation) -- C:\Users\Maya\Desktop\NPE.exe
[2011.05.22 13:10:46 | 000,000,000 | ---- | M] () -- C:\Users\Maya\AppData\Roaming\SMRBackup162.dat
[2011.05.22 12:10:34 | 000,000,144 | ---- | M] () -- C:\ProgramData\~45080312r
[2011.05.22 12:10:34 | 000,000,120 | ---- | M] () -- C:\ProgramData\~45080312
[2011.05.22 12:10:25 | 000,000,336 | ---- | M] () -- C:\ProgramData\45080312
[2011.05.21 04:28:21 | 000,001,981 | ---- | M] () -- C:\Users\Maya\Desktop\Der Herr der Ringe Online.lnk
[2011.05.16 22:06:31 | 000,007,052 | ---- | M] () -- C:\Users\Maya\AppData\Local\d3d9caps.dat
[2011.05.16 22:05:45 | 000,002,037 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.05.14 15:31:39 | 000,428,312 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[2 C:\Users\Maya\AppData\Local\*.tmp files -> C:\Users\Maya\AppData\Local\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.05.26 11:55:23 | 000,065,315 | ---- | C] () -- C:\Users\Maya\Desktop\tommyylance (Small).jpg
[2011.05.24 12:32:32 | 000,060,419 | ---- | C] () -- C:\Users\Maya\Desktop\deichbrand-2011-flyer.jpg
[2011.05.24 07:21:35 | 000,832,912 | ---- | C] () -- C:\Users\Maya\Desktop\tommyylance.jpg
[2011.05.22 19:09:39 | 000,000,790 | ---- | C] () -- C:\Users\Public\Desktop\Winamp.lnk
[2011.05.22 19:09:39 | 000,000,474 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.05.22 19:09:38 | 000,002,037 | ---- | C] () -- C:\Users\Public\Desktop\Google Earth.lnk
[2011.05.22 19:09:38 | 000,001,935 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011.05.22 19:09:38 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2011.05.22 19:09:38 | 000,001,688 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.05.22 19:09:38 | 000,001,578 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2011.05.22 19:09:38 | 000,001,573 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.2.lnk
[2011.05.22 19:09:38 | 000,001,439 | ---- | C] () -- C:\Users\Public\Desktop\Nero StartSmart.lnk
[2011.05.22 19:09:38 | 000,000,870 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.22 19:09:38 | 000,000,488 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2011.05.22 13:10:46 | 000,000,000 | ---- | C] () -- C:\Users\Maya\AppData\Roaming\SMRBackup162.dat
[2011.05.22 12:10:34 | 000,000,144 | ---- | C] () -- C:\ProgramData\~45080312r
[2011.05.22 12:10:34 | 000,000,120 | ---- | C] () -- C:\ProgramData\~45080312
[2011.05.22 12:10:25 | 000,000,336 | ---- | C] () -- C:\ProgramData\45080312
[2011.05.21 04:28:21 | 000,001,981 | ---- | C] () -- C:\Users\Maya\Desktop\Der Herr der Ringe Online.lnk
[2011.03.23 22:04:21 | 000,007,052 | ---- | C] () -- C:\Users\Maya\AppData\Local\d3d9caps.dat
[2011.01.06 18:30:35 | 000,000,092 | ---- | C] () -- C:\Users\Maya\AppData\Local\fusioncache.dat
[2010.12.06 01:28:48 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2010.12.06 01:28:48 | 000,036,640 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2010.10.25 11:09:56 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2010.10.25 11:09:56 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2010.10.25 11:09:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2010.10.25 11:09:56 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2010.08.25 20:30:02 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2010.08.25 20:30:00 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2010.08.25 20:30:00 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin
[2010.08.25 19:57:00 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config
[2010.08.25 19:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\System32\iglhsip32.dll
[2010.08.25 19:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\System32\iglhcp32.dll
[2010.08.11 16:06:52 | 000,000,833 | ---- | C] () -- C:\Windows\WININIT.INI
[2010.08.11 16:06:30 | 000,001,284 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.08.11 16:06:30 | 000,000,892 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2010.08.11 16:06:02 | 000,247,296 | ---- | C] () -- C:\Windows\UN160407.EXE
[2010.07.27 13:41:36 | 000,000,056 | ---- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.02.21 21:18:19 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2009.09.24 20:06:27 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2009.09.05 22:26:57 | 000,013,786 | ---- | C] () -- C:\Windows\DIIUnin.dat
[2009.09.01 20:53:32 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2009.09.01 20:53:32 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2009.09.01 20:53:32 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2009.08.25 16:25:44 | 000,000,077 | ---- | C] () -- C:\Windows\NARBACULARDROP.INI
[2009.08.23 16:15:34 | 000,000,000 | ---- | C] () -- C:\Users\Maya\AppData\Roaming\wklnhst.dat
[2009.08.08 18:55:51 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.08 18:55:51 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.07.24 15:13:28 | 000,000,038 | ---- | C] () -- C:\Windows\MahJongg Mega-Pack.dat
[2009.06.26 13:12:52 | 000,053,248 | ---- | C] () -- C:\Windows\System32\mgxasio2.dll
[2009.06.26 13:10:50 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009.06.26 13:10:28 | 000,007,119 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2009.06.15 00:00:30 | 000,101,263 | ---- | C] () -- C:\Windows\System32\8e5b993f-dec8-addd-530b-73b476200d78.exe
[2009.05.31 14:34:19 | 000,183,040 | ---- | C] () -- C:\Windows\PI.EXE
[2009.05.08 10:13:04 | 000,013,584 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2009.04.30 22:39:36 | 000,082,289 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2009.04.30 16:00:12 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys
[2009.04.19 21:07:49 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt
[2009.04.19 21:01:04 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2009.04.05 15:56:08 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.04.05 15:55:58 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.03.23 20:31:35 | 000,079,872 | ---- | C] () -- C:\Users\Maya\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.03.17 01:25:23 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1527.dll
[2009.03.17 01:25:23 | 000,147,172 | ---- | C] () -- C:\Windows\System32\igfcg550.bin
[2009.03.16 18:07:59 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.03.16 16:08:18 | 000,204,800 | ---- | C] () -- C:\Windows\System32\SysHook.dll
[2009.03.16 16:02:48 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2009.03.16 16:02:48 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2009.03.16 16:02:48 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2008.10.07 10:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.05.08 05:32:19 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.05.08 05:32:19 | 000,121,520 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.05.08 05:32:19 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2008.05.08 05:32:19 | 000,000,000 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.05.07 20:06:49 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll
[2008.05.07 20:03:50 | 000,001,024 | R--- | C] () -- C:\Windows\System32\NTIOFM4.dll
[2008.05.07 20:03:50 | 000,001,024 | R--- | C] () -- C:\Windows\System32\NTIBUN5.dll
[2008.04.30 10:09:06 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2008.04.30 10:09:01 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2008.04.30 10:09:01 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2008.04.30 10:09:01 | 000,000,041 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,428,312 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,099,568 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:33:01 | 000,000,000 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2001.12.26 16:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 23:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 16:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 22:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
[2000.10.05 02:43:40 | 000,069,632 | R--- | C] () -- C:\Windows\ST1_Un0.exe
 
========== LOP Check ==========
 
[2009.07.19 18:57:00 | 000,000,000 | -HSD | M] -- C:\Users\Maya\AppData\Roaming\.#
[2008.05.07 20:02:23 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\Acer GameZone Console
[2010.03.24 23:20:53 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\Ancient Quest of Saqqarah__intenium
[2009.10.02 22:29:10 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\Azureus
[2009.07.11 22:52:22 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\Big Fish Games
[2009.07.20 16:25:30 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\BitTorrent
[2009.08.13 15:52:24 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\Boonty
[2009.06.14 23:39:44 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\Canneverbe_Limited
[2009.10.21 20:35:20 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\Clickteam
[2011.05.27 06:04:23 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\Dubog
[2010.06.30 23:26:16 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.08.25 16:41:20 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\EleFun Games
[2010.06.28 21:43:17 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\FarmingSimulator2008
[2009.04.18 20:35:09 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\FloodLightGames
[2010.02.25 01:13:56 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\FOG Downloader
[2009.04.01 18:48:36 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\Gaijin Ent
[2011.05.26 11:43:15 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\Hiti
[2011.05.27 15:46:53 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\ICQ
[2009.03.29 23:58:34 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\iWin
[2010.04.04 12:45:37 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\kikin
[2010.09.19 18:09:44 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\LG Electronics
[2010.12.16 18:44:32 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\LimeWire
[2009.06.26 13:14:24 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\MAGIX
[2011.03.02 23:37:23 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\OCS
[2009.08.11 21:14:41 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\OpenOffice.org
[2009.10.11 00:10:01 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\Opera
[2010.06.15 22:13:51 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\Peace Craft
[2009.05.23 17:31:22 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\PlayFirst
[2010.09.15 22:00:08 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\Pogo Games
[2011.01.06 13:26:22 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\Samsung
[2009.09.24 20:06:56 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\Skunk Studios
[2011.01.27 22:30:51 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\T-Online
[2009.09.20 12:56:53 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\Template
[2010.02.21 21:13:54 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\Three Rings Design
[2010.07.29 11:49:09 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\TubeBox
[2009.12.11 16:02:45 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\ViquaSoft
[2010.03.09 23:51:32 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\Zylom
[2011.05.27 10:36:31 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.12.17 04:31:25 | 000,000,424 | ---- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{9E1969E7-8A4A-496F-8B42-09C11E4AE0D2}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.07.19 18:57:00 | 000,000,000 | -HSD | M] -- C:\Users\Maya\AppData\Roaming\.#
[2008.05.07 20:02:23 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\Acer GameZone Console
[2009.03.23 22:09:49 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\Adobe
[2010.03.24 23:20:53 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\Ancient Quest of Saqqarah__intenium
[2011.01.23 22:14:37 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\Avira
[2009.10.02 22:29:10 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\Azureus
[2009.07.11 22:52:22 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\Big Fish Games
[2009.07.20 16:25:30 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\BitTorrent
[2009.08.13 15:52:24 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\Boonty
[2009.06.14 23:39:44 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\Canneverbe_Limited
[2009.10.21 20:35:20 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\Clickteam
[2009.03.29 20:43:51 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\CyberLink
[2011.05.27 06:04:23 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\Dubog
[2009.11.01 01:03:46 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\dvdcss
[2010.06.30 23:26:16 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.08.25 16:41:20 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\EleFun Games
[2010.06.28 21:43:17 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\FarmingSimulator2008
[2009.04.18 20:35:09 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\FloodLightGames
[2010.02.25 01:13:56 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\FOG Downloader
[2009.04.01 18:48:36 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\Gaijin Ent
[2009.09.29 20:41:06 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\Google
[2011.05.26 11:43:15 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\Hiti
[2011.05.27 15:46:53 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\ICQ
[2010.03.09 23:51:32 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\Identities
[2009.05.16 23:05:41 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\InstallShield
[2009.03.29 23:58:34 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\iWin
[2010.04.04 12:45:37 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\kikin
[2010.09.19 18:09:44 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\LG Electronics
[2010.12.16 18:44:32 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\LimeWire
[2009.03.16 15:59:37 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\Macromedia
[2009.06.26 13:14:24 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\MAGIX
[2011.05.22 13:54:48 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\Media Center Programs
[2010.10.12 19:27:33 | 000,000,000 | --SD | M] -- C:\Users\Maya\AppData\Roaming\Microsoft
[2011.05.21 08:29:42 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\Mozilla
[2011.03.02 23:37:23 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\OCS
[2009.08.11 21:14:41 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\OpenOffice.org
[2009.10.11 00:10:01 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\Opera
[2010.06.15 22:13:51 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\Peace Craft
[2009.05.23 17:31:22 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\PlayFirst
[2010.09.15 22:00:08 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\Pogo Games
[2011.01.06 13:26:22 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\Samsung
[2009.09.24 20:06:56 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\Skunk Studios
[2011.05.27 10:40:16 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\Skype
[2010.11.16 18:15:37 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\skypePM
[2011.01.27 22:30:51 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\T-Online
[2009.09.20 12:56:53 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\Template
[2010.02.21 21:13:54 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\Three Rings Design
[2010.07.29 11:49:09 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\TubeBox
[2009.12.11 16:02:45 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\ViquaSoft
[2009.10.07 00:24:50 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\vlc
[2011.05.24 10:51:52 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\Winamp
[2009.04.01 01:13:17 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\WinRAR
[2010.03.09 23:51:32 | 000,000,000 | ---D | M] -- C:\Users\Maya\AppData\Roaming\Zylom
 
< %APPDATA%\*.exe /s >
[2010.10.04 23:36:12 | 000,163,840 | ---- | M] (Mozilla Foundation) -- C:\Users\Maya\AppData\Roaming\LimeWire\browser\xulrunner\crashreporter.exe
[2010.10.04 23:36:14 | 000,196,608 | ---- | M] (Mozilla Foundation) -- C:\Users\Maya\AppData\Roaming\LimeWire\browser\xulrunner\updater.exe
[2010.10.04 23:36:14 | 000,014,848 | ---- | M] () -- C:\Users\Maya\AppData\Roaming\LimeWire\browser\xulrunner\xpcshell.exe
[2010.10.04 23:36:14 | 000,077,824 | ---- | M] (Mozilla Foundation) -- C:\Users\Maya\AppData\Roaming\LimeWire\browser\xulrunner\xpicleanup.exe
[2010.10.04 23:36:14 | 000,266,240 | ---- | M] (Mozilla Foundation) -- C:\Users\Maya\AppData\Roaming\LimeWire\browser\xulrunner\xpidl.exe
[2010.10.04 23:36:14 | 000,018,432 | ---- | M] () -- C:\Users\Maya\AppData\Roaming\LimeWire\browser\xulrunner\xpt_dump.exe
[2010.10.04 23:36:14 | 000,014,336 | ---- | M] () -- C:\Users\Maya\AppData\Roaming\LimeWire\browser\xulrunner\xpt_link.exe
[2010.10.04 23:36:15 | 000,073,728 | ---- | M] (Mozilla Foundation) -- C:\Users\Maya\AppData\Roaming\LimeWire\browser\xulrunner\xulrunner-stub.exe
[2010.10.04 23:36:15 | 000,102,400 | ---- | M] (Mozilla Foundation) -- C:\Users\Maya\AppData\Roaming\LimeWire\browser\xulrunner\xulrunner.exe
[2010.07.29 11:48:46 | 000,009,662 | R--- | M] () -- C:\Users\Maya\AppData\Roaming\Microsoft\Installer\{20AB57C7-FED7-4394-8166-A409DEA20253}\_6FEFF9B68218417F98F549.exe
[2010.12.06 00:55:37 | 000,034,494 | R--- | M] () -- C:\Users\Maya\AppData\Roaming\Microsoft\Installer\{8DB77BE4-629D-458D-BD68-9F36667C2177}\_6FEFF9B68218417F98F549.exe
[2011.05.22 02:07:56 | 000,010,134 | R--- | M] () -- C:\Users\Maya\AppData\Roaming\Microsoft\Installer\{EAE8F6AB-68E8-4AA9-9518-F677090690B2}\_6514C169A30B32C1D9071C.exe
[2011.05.22 02:07:56 | 000,034,494 | R--- | M] () -- C:\Users\Maya\AppData\Roaming\Microsoft\Installer\{EAE8F6AB-68E8-4AA9-9518-F677090690B2}\_6FEFF9B68218417F98F549.exe
[2011.05.22 02:07:56 | 000,355,574 | R--- | M] () -- C:\Users\Maya\AppData\Roaming\Microsoft\Installer\{EAE8F6AB-68E8-4AA9-9518-F677090690B2}\_A284EAE41E055547217DE7.exe
[2011.05.22 02:07:56 | 000,080,992 | R--- | M] () -- C:\Users\Maya\AppData\Roaming\Microsoft\Installer\{EAE8F6AB-68E8-4AA9-9518-F677090690B2}\_BEA59818F40318269C802B.exe
[2011.05.22 02:07:56 | 000,355,574 | R--- | M] () -- C:\Users\Maya\AppData\Roaming\Microsoft\Installer\{EAE8F6AB-68E8-4AA9-9518-F677090690B2}\_E3DBAAA0CAF950FA4295EE.exe
[2011.02.26 05:03:00 | 000,188,272 | ---- | M] (kikin) -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}\platform\WINNT\components\KikinCrashReporter.exe
[2008.12.15 21:56:04 | 000,065,536 | ---- | M] () -- C:\Users\Maya\AppData\Roaming\Three Rings Design\Puzzle Pirates\runyohoho.exe
[2010.02.21 21:13:55 | 000,037,973 | ---- | M] (Three Rings Design, Inc.) -- C:\Users\Maya\AppData\Roaming\Three Rings Design\Puzzle Pirates\Uninstall-yohoho.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.03.17 01:26:25 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2009.03.17 01:26:25 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009.03.17 01:26:25 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.01.12 22:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\Cyberlink\PowerDirector\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
<          >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:9E22BBE8
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:FB914833
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:95B8F7F6
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:A3B8F70C
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:580E04D8
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:8173A019
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:D61F920D
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:2B99FE60
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:193426B4
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:57B4E612
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:FC420CE6
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:588B60C7
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:225C4FFC
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:8140CB50
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:793F316E
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:CF61CE5A
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:131C0EE9

< End of report >
--- --- ---

cosinus 27.05.2011 16:41
Hm, ich seh da aber noch die Ask, SweetIM und ICQ-Toolbar! :confused:

Benya08 27.05.2011 20:32
Ja, da ist er beim deinstallieren jedes Mal runtergefahren.. habs mehrere Male versucht.. :/

Benya08 27.05.2011 20:39
Achja, hab gestern mal Avira durchlaufen lassen, der hat 6 Viren gefunden, danach nochmal Malwarebytes, der hat dann auch nochmal 5 entfernt.. der Pc scheint im Moment sehr anfällig zu sein, obwohl ich Firewall wie immer an hab und so.. liegt das auch an dem Trojaner?

cosinus 27.05.2011 21:05
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
:OTL
SRV - File not found [Auto | Stopped] --  -- (SearchAnonymizer)
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://home.sweetim.com"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2269050&SearchSource=13"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.1&q="
[2010.11.10 22:21:33 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2010.05.12 20:37:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.06 18:39:33 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.06.16 21:54:30 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.11.10 22:21:22 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2011.04.03 23:00:51 | 000,000,000 | ---D | M] (kikin plugin) -- C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
[2010.06.30 23:26:17 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2010.02.17 22:26:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.05.06 18:39:28 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009.07.20 15:23:14 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2011.02.07 00:31:52 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2010.11.10 22:21:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\staged-xpis
[2009.03.16 17:42:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\toolbar_extras@de.yahoo.com
[2009.10.11 00:10:00 | 000,002,299 | ---- | M] () -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\bing.xml
[2010.10.09 22:00:47 | 000,000,873 | ---- | M] () -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\conduit.xml
[2011.05.20 17:23:34 | 000,000,950 | ---- | M] () -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\icqplugin-1.xml
[2011.05.26 11:50:34 | 000,000,950 | ---- | M] () -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\icqplugin-10.xml
[2009.11.04 00:19:07 | 000,000,950 | ---- | M] () -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\icqplugin-2.xml
[2010.06.14 18:57:22 | 000,000,950 | ---- | M] () -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\icqplugin-3.xml
[2010.06.19 21:44:49 | 000,000,950 | ---- | M] () -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\icqplugin-4.xml
[2010.07.07 16:28:43 | 000,000,950 | ---- | M] () -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\icqplugin-5.xml
[2010.07.08 16:05:14 | 000,000,950 | ---- | M] () -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\icqplugin-6.xml
[2010.07.09 19:53:11 | 000,000,950 | ---- | M] () -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\icqplugin-7.xml
[2010.07.15 23:06:34 | 000,000,950 | ---- | M] () -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\icqplugin-8.xml
[2011.05.20 17:44:10 | 000,000,950 | ---- | M] () -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\icqplugin-9.xml
[2010.06.16 21:54:30 | 000,000,168 | ---- | M] () -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\icqplugin.gif
[2010.06.16 21:54:30 | 000,000,618 | ---- | M] () -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\icqplugin.src
[2010.05.12 18:40:06 | 000,001,042 | ---- | M] () -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\icqplugin.xml
[2011.01.02 11:39:36 | 000,001,218 | ---- | M] () -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\kikin-search.xml
[2011.02.07 00:31:40 | 000,003,915 | ---- | M] () -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\sweetim.xml
[2009.10.11 00:10:01 | 000,001,651 | ---- | M] () -- C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\winamp-search.xml
[2010.03.11 01:15:22 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.03.16 17:39:16 | 000,000,000 | ---D | M] (Yahoo! Deutschland Toolbar und Extras) -- C:\Program Files\Mozilla Firefox\extensions\toolbar_extras@de.yahoo.com
[2009.08.16 23:08:10 | 000,000,000 | ---D | M] (DVDVideoSoft YouTube Download Firefox Integration) -- C:\PROGRAM FILES\COMMON FILES\DVDVIDEOSOFT\DLL\FFCONTEXTMENUY
[2011.02.07 00:52:31 | 000,000,000 | ---D | M] (PriceGong) -- C:\PROGRAM FILES\PRICEGONG\2.1.0\FF
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (PriceGongBHO Class) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll (PriceGong)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (wellgames Toolbar) - {8e41e543-e069-4197-8608-e8b4c2f75747} -  File not found
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files\kikin\ie_kikin.dll (kikin)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (wellgames Toolbar) - {8e41e543-e069-4197-8608-e8b4c2f75747} -  File not found
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKCU..\Run: [{8CEF2A68-1813-FB99-71EC-974C6400131E}]  File not found
O4 - HKCU..\Run: [DW6]  File not found
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1ae05757-6dc3-11df-9a5a-001d72d3e6c5}\Shell - "" = AutoRun
O33 - MountPoints2\{1ae05757-6dc3-11df-9a5a-001d72d3e6c5}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
[2011.05.26 11:42:42 | 000,000,000 | ---D | C] -- C:\Users\Maya\AppData\Roaming\Hiti
[2011.05.26 11:42:42 | 000,000,000 | ---D | C] -- C:\Users\Maya\AppData\Roaming\Dubog
[2011.05.22 13:33:52 | 006,161,848 | ---- | M] (Symantec Corporation) -- C:\Users\Maya\Desktop\NPE.exe
[2011.05.22 13:10:46 | 000,000,000 | ---- | M] () -- C:\Users\Maya\AppData\Roaming\SMRBackup162.dat
[2011.05.22 12:10:34 | 000,000,144 | ---- | M] () -- C:\ProgramData\~45080312r
[2011.05.22 12:10:34 | 000,000,120 | ---- | M] () -- C:\ProgramData\~45080312
[2011.05.22 12:10:25 | 000,000,336 | ---- | M] () -- C:\ProgramData\45080312
[2009.06.15 00:00:30 | 000,101,263 | ---- | C] () -- C:\Windows\System32\8e5b993f-dec8-addd-530b-73b476200d78.exe
[2009.07.19 18:57:00 | 000,000,000 | -HSD | M] -- C:\Users\Maya\AppData\Roaming\.#
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:9E22BBE8
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:FB914833
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:95B8F7F6
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:861A898F
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:E36F5B57
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:A3B8F70C
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:9F683177
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:580E04D8
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:8173A019
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:D61F920D
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:B623B5B8
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:2B99FE60
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:193426B4
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:57B4E612
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:FC420CE6
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:588B60C7
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:225C4FFC
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:8140CB50
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:4CF61E54
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:793F316E
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:CF61CE5A
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:131C0EE9
:Commands
[purity]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Benya08 27.05.2011 21:43
Okay, hab die Toolbars doch noch gelöscht bekommen.. Zwischendurch ist er allerdings einige Male abgestürzt und hat dann erst einen Blauen Bildschirm voller Text angezeigt, den ich mir leider nicht merken konnte, aber ein Ausschnitt ganz am Anfang war, dass es irgendein Problem gibt und dass der Pc neugestartet wird um das Problem zu beseitigen dann stand da: "KERNEL_DATA_IN...._ERROR" (beim ... weiß ich nicht mehr genau was da stand.. sowas wie "PAGE" oder "BASE" oder so?)
Aber hier erstmal die LogFile:

========== OTL ==========
Service SearchAnonymizer stopped successfully!
Service SearchAnonymizer deleted successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
C:\Program Files\ICQ6Toolbar\ICQToolBar.dll moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\ not found.
File C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll not found.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "Search" removed from browser.search.defaultthis.engineName
Prefs.js: "" removed from browser.search.defaulturl
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://home.sweetim.com" removed from browser.startup.homepage
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=" removed from keyword.URL
Prefs.js: "ICQ Search" removed from sweetim.toolbar.previous.browser.search.defaultenginename
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from sweetim.toolbar.previous.browser.search.defaulturl
Prefs.js: "ICQ Search" removed from sweetim.toolbar.previous.browser.search.selectedEngine
Prefs.js: "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13" removed from browser.startup.homepage
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.1&q=" removed from sweetim.toolbar.previous.keyword.URL
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\META-INF folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\chrome folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults\preferences folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\defaults folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\chrome folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\META-INF folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\lib folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\defaults folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\chrome folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}\settings folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}\plugins folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}\platform\WINNT\plugins folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}\platform\WINNT\components folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}\platform\WINNT folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}\platform folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}\defaults\preferences folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}\defaults folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}\components folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}\chrome folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED} folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\locale\zh-TW folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\locale\zh-CN folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\locale\vi-VN folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\locale\vi folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\locale\uk-UA folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\locale\tr-TR folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\locale\sv-SE folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\locale\sr-RS folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\locale\sl-SI folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\locale\sk-SK folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\locale\ru-RU folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\locale\ro-RO folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\locale\pt-PT folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\locale\pt-BR folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\locale\pl-PL folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\locale\nl-NL folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\locale\nl folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\locale\ko-KR folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\locale\ja-JP folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\locale\it-IT folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\locale\id-ID folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\locale\hu-HU folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\locale\hr-HR folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\locale\he-IL folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\locale\he folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\locale\gl-ES folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\locale\fr-FR folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\locale\fr folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\locale\fi-FI folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\locale\fa-IR folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\locale\eu-ES folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\locale\es-ES folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\locale\en-US folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\locale\de-DE folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\locale\da-DK folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\locale\cs-CZ folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\locale\cs folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\locale\ca-ES folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\locale\ca-AD folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\locale\bn-IN folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\locale\ar-SA folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\locale\ar folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\locale folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\defaults\preferences folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\defaults folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\content folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}\components folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} folder moved successfully.
Folder C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}\ not found.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\META-INF folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\components folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}\chrome folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\staged-xpis\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\staged-xpis folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\toolbar_extras@de.yahoo.com\cache folder moved successfully.
C:\Users\Maya\AppData\Roaming\mozilla\Firefox\Profiles\e1pomfab.default\extensions\toolbar_extras@de.yahoo.com folder moved successfully.
C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\bing.xml moved successfully.
C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\conduit.xml moved successfully.
C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\icqplugin-10.xml moved successfully.
C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\icqplugin-8.xml moved successfully.
C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\icqplugin-9.xml moved successfully.
C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\icqplugin.gif moved successfully.
C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\icqplugin.src moved successfully.
C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\icqplugin.xml moved successfully.
C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\kikin-search.xml moved successfully.
C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\sweetim.xml moved successfully.
C:\Users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\searchplugins\winamp-search.xml moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\toolbar_extras@de.yahoo.com\searchplugins folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\toolbar_extras@de.yahoo.com\locale\de folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\toolbar_extras@de.yahoo.com\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\toolbar_extras@de.yahoo.com\defaults\preferences folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\toolbar_extras@de.yahoo.com\defaults folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\toolbar_extras@de.yahoo.com\components folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\toolbar_extras@de.yahoo.com\chrome\skin folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\toolbar_extras@de.yahoo.com\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\toolbar_extras@de.yahoo.com\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\toolbar_extras@de.yahoo.com folder moved successfully.
C:\PROGRAM FILES\COMMON FILES\DVDVIDEOSOFT\DLL\FFCONTEXTMENUY\components folder moved successfully.
C:\PROGRAM FILES\COMMON FILES\DVDVIDEOSOFT\DLL\FFCONTEXTMENUY\chrome\content folder moved successfully.
C:\PROGRAM FILES\COMMON FILES\DVDVIDEOSOFT\DLL\FFCONTEXTMENUY\chrome folder moved successfully.
C:\PROGRAM FILES\COMMON FILES\DVDVIDEOSOFT\DLL\FFCONTEXTMENUY folder moved successfully.
Folder C:\PROGRAM FILES\PRICEGONG\2.1.0\FF\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1631550F-191D-4826-B069-D9439253D926}\ not found.
C:\Program Files\PriceGong\2.1.0\PriceGongIE.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{201f27d4-3704-41d6-89c1-aa35e39143ed}\ not found.
File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8e41e543-e069-4197-8608-e8b4c2f75747}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8e41e543-e069-4197-8608-e8b4c2f75747}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E601996F-E400-41CA-804B-CD6373A7EEE2}\ deleted successfully.
C:\Program Files\kikin\ie_kikin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}\ not found.
File C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ not found.
File C:\Program Files\AskBarDis\bar\bin\askBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Program Files\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8e41e543-e069-4197-8608-e8b4c2f75747} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8e41e543-e069-4197-8608-e8b4c2f75747}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EEE6C35B-6118-11DC-9C72-001320C79847} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
File C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
File C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{8CEF2A68-1813-FB99-71EC-974C6400131E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8CEF2A68-1813-FB99-71EC-974C6400131E}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DW6 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65}\ not found.
File C:\Program Files\kikin\ie_kikin.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}\ not found.
C:\Program Files\ICQ7.2\ICQ.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ae05757-6dc3-11df-9a5a-001d72d3e6c5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ae05757-6dc3-11df-9a5a-001d72d3e6c5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1ae05757-6dc3-11df-9a5a-001d72d3e6c5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1ae05757-6dc3-11df-9a5a-001d72d3e6c5}\ not found.
File F:\LaunchU3.exe -a not found.
C:\Users\Maya\AppData\Roaming\Hiti folder moved successfully.
C:\Users\Maya\AppData\Roaming\Dubog folder moved successfully.
C:\Users\Maya\Desktop\NPE.exe moved successfully.
C:\Users\Maya\AppData\Roaming\SMRBackup162.dat moved successfully.
C:\ProgramData\~45080312r moved successfully.
C:\ProgramData\~45080312 moved successfully.
C:\ProgramData\45080312 moved successfully.
C:\Windows\System32\8e5b993f-dec8-addd-530b-73b476200d78.exe moved successfully.
C:\Users\Maya\AppData\Roaming\.# folder moved successfully.
ADS C:\ProgramData\TEMP:9E22BBE8 deleted successfully.
ADS C:\ProgramData\TEMP:FB914833 deleted successfully.
ADS C:\ProgramData\TEMP:95B8F7F6 deleted successfully.
ADS C:\ProgramData\TEMP:861A898F deleted successfully.
ADS C:\ProgramData\TEMP:E36F5B57 deleted successfully.
ADS C:\ProgramData\TEMP:A3B8F70C deleted successfully.
ADS C:\ProgramData\TEMP:9F683177 deleted successfully.
ADS C:\ProgramData\TEMP:580E04D8 deleted successfully.
ADS C:\ProgramData\TEMP:8AB6C1D7 deleted successfully.
ADS C:\ProgramData\TEMP:8173A019 deleted successfully.
ADS C:\ProgramData\TEMP:D61F920D deleted successfully.
ADS C:\ProgramData\TEMP:B623B5B8 deleted successfully.
ADS C:\ProgramData\TEMP:2B99FE60 deleted successfully.
ADS C:\ProgramData\TEMP:193426B4 deleted successfully.
ADS C:\ProgramData\TEMP:57B4E612 deleted successfully.
ADS C:\ProgramData\TEMP:FC420CE6 deleted successfully.
ADS C:\ProgramData\TEMP:588B60C7 deleted successfully.
ADS C:\ProgramData\TEMP:225C4FFC deleted successfully.
ADS C:\ProgramData\TEMP:8140CB50 deleted successfully.
ADS C:\ProgramData\TEMP:4F636E25 deleted successfully.
ADS C:\ProgramData\TEMP:4CF61E54 deleted successfully.
ADS C:\ProgramData\TEMP:793F316E deleted successfully.
ADS C:\ProgramData\TEMP:CF61CE5A deleted successfully.
ADS C:\ProgramData\TEMP:131C0EE9 deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.23.0 log created on 05272011_223831

cosinus 27.05.2011 21:56
Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://www.trojaner-board.de/attachm...rnen-start.png


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Benya08 27.05.2011 22:18
Hm, irgendwie startet er das Programm nicht, wenn ichs öffnen will geht er nur bis zu ""Zur Fortsetzung des Programms ist ihre Zustimmung erforderlich" wenn ich dann auf "fortsetzen" klicke passiert gar nichts mehr, hab schon mit Neustart versucht, aber das bringt auch nichts.
Achso, apropos Neustart, immer wenn der PC neugestartet ist kommt unten rechts die Meldung "Einige Autostartprogramme wurde geblockt", wobei ja ein Schreibfehler dadrin ist ("wurde").. Fehler von Windows, oder Fehlmeldung?

cosinus 27.05.2011 22:35
Dann bitte jetzt CF ausführen. Den TDSS-Killer probieren wir später nochmal, wenn er dann nötig ist.

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Benya08 28.05.2011 00:12
So, nach einer halben Ewigkeit ist es fertig.. Statt den angezeigten 10 Minuten hat es zwar ca. ne Stunde gedauert, aber wenn es zur lösung des Problems führt ist das kein problem...
Combofix Logfile:
Code:
ComboFix 11-05-27.01 - Maya 27.05.2011  23:58:21.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3000.2082 [GMT 2:00]
ausgeführt von:: c:\users\Maya\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\pi.exe
c:\windows\system32\muzapp.exe
c:\windows\Temp\log.txt
.
Infizierte Kopie von c:\windows\system32\drivers\volsnap.sys wurde gefunden und desinfiziert
Kopie von - Kitty had a snack :p wurde wiederhergestellt
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Boonty Games
.
.
(((((((((((((((((((((((  Dateien erstellt von 2011-04-27 bis 2011-05-27  ))))))))))))))))))))))))))))))
.
.
2011-05-27 22:51 . 2011-05-27 22:58        --------        d-----w-        c:\users\Maya\AppData\Local\temp
2011-05-27 22:51 . 2011-05-27 22:51        --------        d-----w-        c:\users\Default\AppData\Local\temp
2011-05-27 21:37 . 2011-05-27 21:50        --------        d-----w-        C:\32788R22FWJFW
2011-05-27 20:38 . 2011-05-27 20:38        --------        d-----w-        C:\_OTL
2011-05-27 08:45 . 2011-05-09 20:46        6962000        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{40CBDF90-C80D-453F-91F0-7FD4B35B47AD}\mpengine.dll
2011-05-27 05:27 . 2011-05-27 05:27        0        ---ha-w-        c:\users\Maya\AppData\Local\BIT9300.tmp
2011-05-22 11:54 . 2011-05-22 11:54        --------        d-----w-        c:\users\Maya\AppData\Roaming\Malwarebytes
2011-05-22 11:54 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-22 11:53 . 2011-05-22 11:53        --------        d-----w-        c:\programdata\Malwarebytes
2011-05-22 11:53 . 2011-05-22 11:54        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2011-05-16 12:37 . 2011-05-16 12:37        --------        d-----w-        c:\users\Maya\AppData\Local\WinZip
2011-05-14 13:24 . 2011-05-14 13:24        0        ----a-w-        c:\users\Maya\AppData\Local\BITBF55.tmp
2011-05-12 08:02 . 2011-04-07 12:01        2409784        ----a-w-        c:\program files\Windows Mail\OESpamFilter.dat
2011-05-12 08:01 . 2011-03-03 15:40        28672        ----a-w-        c:\windows\system32\Apphlpdm.dll
2011-05-12 08:01 . 2011-03-03 13:35        4240384        ----a-w-        c:\windows\system32\GameUXLegacyGDFs.dll
2011-05-12 08:01 . 2011-03-12 21:55        876032        ----a-w-        c:\windows\system32\XpsPrint.dll
2011-05-12 07:58 . 2011-02-16 14:02        292864        ----a-w-        c:\windows\system32\atmfd.dll
2011-05-12 07:58 . 2011-02-16 16:16        34304        ----a-w-        c:\windows\system32\atmlib.dll
2011-05-12 07:52 . 2011-03-03 13:25        2041856        ----a-w-        c:\windows\system32\win32k.sys
2011-05-12 07:52 . 2011-03-03 15:42        739328        ----a-w-        c:\windows\system32\inetcomm.dll
2011-05-12 07:52 . 2011-02-17 06:23        420864        ----a-w-        c:\windows\system32\vbscript.dll
2011-04-28 21:10 . 2011-04-28 21:13        --------        d-----w-        c:\program files\Submarine Titans
2011-04-28 21:05 . 2011-04-28 21:05        --------        d-----w-        C:\CHAOS
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-13 22:40 . 2011-04-13 22:40        4284416        ----a-w-        c:\windows\system32\GPhotos.scr
2011-03-16 13:42 . 2009-05-26 19:04        137656        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2011-03-03 15:40 . 2011-05-12 08:01        173056        ----a-w-        c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-05-12 08:01        458752        ----a-w-        c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-05-12 08:01        542720        ----a-w-        c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-05-12 08:01        2159616        ----a-w-        c:\windows\apppatch\AcGenral.dll
2010-08-23 14:08 . 2009-11-02 12:45        119808        ----a-w-        c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2008-05-14 16:05        121392        ----a-w-        c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Logitech Vid"="c:\program files\Logitech\Logitech Vid\vid.exe" [2009-06-02 5451536]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2010-11-20 3365176]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-01-06 3046808]
"T-Online_Software_6\WLAN-Access Finder"="c:\program files\T-Online\WLAN-Access Finder\ToWLaAcF.exe" [2009-08-18 671796]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
"BkupTray"="c:\program files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe" [2008-04-06 34040]
"ArcadeDeluxeAgent"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2008-04-10 147456]
"CLMLServer"="c:\program files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe" [2008-04-10 167936]
"PlayMovie"="c:\program files\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2008-04-18 167936]
"LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2008-09-10 809480]
"eDataSecurity Loader"="c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-05-14 526896]
"ePower_DMC"="c:\program files\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2008-06-11 409600]
"WarReg_PopUp"="c:\program files\Acer\WR_PopUp\WarReg_PopUp.exe" [2008-01-29 303104]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-08-23 30192]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-05-08 2780432]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-11 7739936]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 170520]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2010-12-20 111928]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\users\Maya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2010-4-5 494920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-18 135664]
R2 NTIPPKernel;NTIPPKernel;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys [2008-01-16 122368]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2008-04-04 131072]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\MAGIX\Common\Database\bin\fbserver.exe [2005-11-17 1527900]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-08-23 30192]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-18 135664]
R3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;c:\progra~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [2010-08-27 19200]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2010-08-27 96488]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2010-08-27 12776]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2010-08-27 121576]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796};{49DE1C67-83F8-4102-99E0-C16DCC7EEC796};c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl [2008-04-18 61424]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-05-12 136360]
S2 BUNAgentSvc;NTI Backup Now 5 Agent Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe [2008-03-03 16384]
S2 CLHNService;CLHNService;c:\program files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe [2008-01-16 81504]
S2 dgdersvc;Device Error Recovery Service;c:\windows\system32\dgdersvc.exe [2010-10-25 95568]
S2 ETService;Empowering Technology Service;c:\program files\Acer\Empowering Technology\Service\ETService.exe [2008-03-21 24576]
S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2010-10-25 217088]
S2 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2008-04-06 50424]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2010-10-25 18120]
S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2010-10-25 36640]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - FSUSBEXDISK
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2011-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-18 23:16]
.
2011-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-18 23:16]
.
2010-12-17 c:\windows\Tasks\User_Feed_Synchronization-{9E1969E7-8A4A-496F-8B42-09C11E4AE0D2}.job
- c:\windows\system32\msfeedssync.exe [2011-05-12 04:43]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0309&m=aspire_5735
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube Download - c:\users\Maya\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\Maya\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Save YouTube Video - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP4.htm
IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
TCP: DhcpNameServer = 192.168.2.1
DPF: {A21769F8-CEC5-4AFA-A6A4-CC921A15DF40} - hxxp://www.n2030.com/coreXplayer.dll
FF - ProfilePath - c:\users\Maya\AppData\Roaming\Mozilla\Firefox\Profiles\e1pomfab.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKCU-Run-msnmsgr - ~c:\program files\Windows Live\Messenger\msnmsgr.exe
HKLM-Run-eRecoveryService - (no file)
AddRemove-8e5b993f-dec8-addd-530b-73b476200d78 - c:\windows\system32\8e5b993f-dec8-addd-530b-73b476200d78.exe
AddRemove-Around the World in 80 Days_is1 - f:\around the world in 80 days\unins000.exe
AddRemove-Infant Puzzles_is1 - c:\program files\MyPlayCity.com\Infant Puzzles\unins000.exe
AddRemove-SAMSUNG Mobile Composite Device - c:\windows\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe
AddRemove-SearchAnonymizer - c:\users\Maya\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
AddRemove-wellgames Toolbar - c:\progra~1\WELLGA~1\UNWISE.EXE
AddRemove-{8A06714C-F24B-4144-9BA2-788B5DD4F270}_is1 - c:\program files\ICQ Ignore Checker\unins000.exe
AddRemove-{9C244239-ED8E-40f1-937F-51C706CD2160} - d:\eigene dateien\Spiele\EAUninstall.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\Samsung\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
AddRemove-{DEC41CA8-C30F-4F70-9AEE-1B3EEB4A3B62}_is1 - c:\programme\ICQLite\services\icqApp\ver1\resources\de-DE\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-05-28 00:57
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  msnmsgr = ~"c:\program files\Windows Live\Messenger\msnmsgr.exe" /background??s
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}]
"ImagePath"="\??\c:\program files\Acer Arcade Deluxe\PlayMovie\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3176)
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\sysenv.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\acer\Mobility Center\MobilityService.exe
d:\eigene dateien\Programme\CDBurnerXP\NMSAccessU.exe
c:\program files\Cyberlink\Shared files\RichVideo.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-05-28  01:10:34 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-05-27 23:10
.
Vor Suchlauf: 24 Verzeichnis(se), 34.549.260.288 Bytes frei
Nach Suchlauf: 30 Verzeichnis(se), 42.085.498.880 Bytes frei
.
- - End Of File - - 97674DE282837EEA8DAC5AB3BF06BBB0
--- --- ---

cosinus 28.05.2011 22:40
So, sieht aus, als hätte CF da einen TDSS plattgemacht. Probier den TDSS-Killer bitte nochmal aus, jetzt sollte erst starten

Benya08 29.05.2011 01:06
Hm, er hat aber angezeigt, dass nix gefunden wurde.. hier der Report:
2011/05/29 00:52:54.0985 4120 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/05/29 00:52:55.0321 4120 ================================================================================
2011/05/29 00:52:55.0321 4120 SystemInfo:
2011/05/29 00:52:55.0322 4120
2011/05/29 00:52:55.0322 4120 OS Version: 6.0.6002 ServicePack: 2.0
2011/05/29 00:52:55.0322 4120 Product type: Workstation
2011/05/29 00:52:55.0322 4120 ComputerName: MAYA-PC
2011/05/29 00:52:55.0322 4120 UserName: Maya
2011/05/29 00:52:55.0322 4120 Windows directory: C:\Windows
2011/05/29 00:52:55.0322 4120 System windows directory: C:\Windows
2011/05/29 00:52:55.0323 4120 Processor architecture: Intel x86
2011/05/29 00:52:55.0323 4120 Number of processors: 2
2011/05/29 00:52:55.0323 4120 Page size: 0x1000
2011/05/29 00:52:55.0323 4120 Boot type: Normal boot
2011/05/29 00:52:55.0323 4120 ================================================================================
2011/05/29 00:52:56.0817 4120 Initialize success
2011/05/29 00:52:59.0015 5884 ================================================================================
2011/05/29 00:52:59.0015 5884 Scan started
2011/05/29 00:52:59.0015 5884 Mode: Manual;
2011/05/29 00:52:59.0015 5884 ================================================================================
2011/05/29 00:53:02.0864 5884 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/05/29 00:53:03.0029 5884 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/05/29 00:53:03.0230 5884 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/05/29 00:53:03.0394 5884 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/05/29 00:53:03.0598 5884 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/05/29 00:53:03.0858 5884 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/05/29 00:53:04.0143 5884 AgereSoftModem (38325c6aa8eae011897d61ce48ec6435) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/05/29 00:53:04.0362 5884 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/05/29 00:53:04.0556 5884 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/29 00:53:04.0801 5884 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/05/29 00:53:04.0979 5884 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/05/29 00:53:05.0094 5884 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/05/29 00:53:05.0329 5884 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/05/29 00:53:05.0508 5884 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/05/29 00:53:05.0758 5884 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/05/29 00:53:05.0973 5884 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/05/29 00:53:06.0161 5884 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/29 00:53:06.0286 5884 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/05/29 00:53:06.0481 5884 athr (600efe56f37adbd65a0fb076b50d1b8d) C:\Windows\system32\DRIVERS\athr.sys
2011/05/29 00:53:06.0653 5884 atksgt (6e996cf8459a2594e0e9609d0e34d41f) C:\Windows\system32\DRIVERS\atksgt.sys
2011/05/29 00:53:06.0797 5884 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/05/29 00:53:06.0935 5884 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/05/29 00:53:07.0101 5884 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/05/29 00:53:07.0302 5884 b57nd60x (502f1c30bd50b32d00ce4dcaecc3d3c7) C:\Windows\system32\DRIVERS\b57nd60x.sys
2011/05/29 00:53:07.0522 5884 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/29 00:53:07.0722 5884 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/05/29 00:53:07.0939 5884 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/29 00:53:08.0148 5884 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/29 00:53:08.0350 5884 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/29 00:53:08.0520 5884 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/29 00:53:08.0687 5884 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/29 00:53:08.0930 5884 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/29 00:53:09.0157 5884 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/29 00:53:09.0369 5884 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/29 00:53:09.0600 5884 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/29 00:53:09.0801 5884 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/29 00:53:10.0067 5884 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/05/29 00:53:10.0219 5884 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/05/29 00:53:10.0491 5884 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/29 00:53:10.0727 5884 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/05/29 00:53:10.0909 5884 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/29 00:53:11.0167 5884 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/05/29 00:53:11.0327 5884 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/05/29 00:53:11.0613 5884 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/05/29 00:53:11.0843 5884 dgderdrv (3be1651c63954067940e7f473498ad70) C:\Windows\system32\drivers\dgderdrv.sys
2011/05/29 00:53:12.0112 5884 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/05/29 00:53:12.0293 5884 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys
2011/05/29 00:53:12.0442 5884 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/29 00:53:12.0647 5884 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/29 00:53:12.0914 5884 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/29 00:53:13.0154 5884 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/05/29 00:53:13.0520 5884 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/05/29 00:53:13.0875 5884 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/05/29 00:53:14.0210 5884 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/05/29 00:53:14.0502 5884 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/05/29 00:53:14.0796 5884 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/29 00:53:15.0053 5884 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/29 00:53:15.0194 5884 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/29 00:53:15.0391 5884 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/29 00:53:15.0717 5884 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/05/29 00:53:16.0210 5884 fssfltr (b74b0578fd1d3f897e95f2a2b69ea051) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/05/29 00:53:16.0514 5884 FsUsbExDisk (b07663a810e861eebfd0eac7e82ca62d) C:\Windows\system32\FsUsbExDisk.SYS
2011/05/29 00:53:17.0029 5884 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/29 00:53:17.0211 5884 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/29 00:53:17.0813 5884 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/05/29 00:53:18.0340 5884 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/29 00:53:18.0748 5884 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/29 00:53:19.0148 5884 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/29 00:53:19.0582 5884 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/29 00:53:20.0090 5884 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/05/29 00:53:20.0657 5884 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
2011/05/29 00:53:21.0175 5884 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/05/29 00:53:21.0864 5884 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/05/29 00:53:22.0188 5884 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/05/29 00:53:22.0587 5884 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/29 00:53:23.0171 5884 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/05/29 00:53:24.0903 5884 igfx (8266ae06df974e5ba047b3e9e9e70b3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/05/29 00:53:25.0623 5884 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/29 00:53:25.0881 5884 int15 (c6e5276c00ebdeb096bb5ef4b797d1b6) C:\Windows\system32\drivers\int15.sys
2011/05/29 00:53:26.0583 5884 IntcAzAudAddService (94b1ff5d243d34b31380a2f79fc48959) C:\Windows\system32\drivers\RTKVHDA.sys
2011/05/29 00:53:27.0070 5884 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/05/29 00:53:27.0342 5884 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/29 00:53:28.0065 5884 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/29 00:53:28.0412 5884 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/29 00:53:28.0844 5884 irda (e50a95179211b12946f7e035d60af560) C:\Windows\system32\DRIVERS\irda.sys
2011/05/29 00:53:29.0155 5884 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/29 00:53:29.0434 5884 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/05/29 00:53:29.0799 5884 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/29 00:53:30.0155 5884 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/29 00:53:30.0548 5884 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/29 00:53:30.0801 5884 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/29 00:53:31.0178 5884 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/29 00:53:31.0609 5884 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/29 00:53:32.0195 5884 lirsgt (975b6cf65f44e95883f3855bae8cecaf) C:\Windows\system32\DRIVERS\lirsgt.sys
2011/05/29 00:53:32.0559 5884 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/29 00:53:33.0202 5884 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/29 00:53:33.0689 5884 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/29 00:53:34.0068 5884 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/29 00:53:34.0502 5884 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/29 00:53:34.0719 5884 LVPr2Mon (c57c48fb9ae3efb9848af594e3123a63) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
2011/05/29 00:53:35.0074 5884 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/05/29 00:53:35.0464 5884 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/05/29 00:53:35.0864 5884 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/29 00:53:36.0062 5884 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/29 00:53:36.0205 5884 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/29 00:53:36.0313 5884 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/29 00:53:36.0422 5884 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/29 00:53:36.0679 5884 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/05/29 00:53:36.0887 5884 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/29 00:53:37.0104 5884 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/29 00:53:37.0308 5884 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/29 00:53:37.0488 5884 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/29 00:53:37.0638 5884 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/29 00:53:37.0803 5884 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/29 00:53:37.0928 5884 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
2011/05/29 00:53:38.0056 5884 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/05/29 00:53:38.0349 5884 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/29 00:53:38.0508 5884 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/29 00:53:38.0720 5884 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/29 00:53:38.0941 5884 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/29 00:53:39.0134 5884 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/29 00:53:39.0338 5884 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/05/29 00:53:39.0498 5884 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/29 00:53:39.0685 5884 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/29 00:53:39.0810 5884 MTOnlPktAlyX (036300114255b3c78bfb616ce8bc7ad9) C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS
2011/05/29 00:53:39.0988 5884 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/05/29 00:53:40.0163 5884 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/29 00:53:40.0401 5884 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/05/29 00:53:40.0607 5884 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/29 00:53:40.0765 5884 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/29 00:53:41.0101 5884 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/29 00:53:41.0321 5884 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/29 00:53:41.0531 5884 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/29 00:53:41.0828 5884 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/29 00:53:42.0155 5884 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/29 00:53:42.0353 5884 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/05/29 00:53:42.0521 5884 NSCIRDA (6d8d2e5652fc2442c810c5d8be784148) C:\Windows\system32\DRIVERS\nscirda.sys
2011/05/29 00:53:42.0912 5884 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/29 00:53:43.0321 5884 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/05/29 00:53:43.0604 5884 NTIDrvr (2757d2ba59aee155209e24942ab127c9) C:\Windows\system32\DRIVERS\NTIDrvr.sys
2011/05/29 00:53:43.0779 5884 NTIPPKernel (547bfa3591c70674b0bfc99354ab78b3) C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
2011/05/29 00:53:44.0062 5884 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/29 00:53:44.0298 5884 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/29 00:53:44.0609 5884 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/05/29 00:53:44.0784 5884 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/05/29 00:53:44.0905 5884 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/05/29 00:53:45.0443 5884 ohci1394 (790e27c3db53410b40ff9ef2fd10a1d9) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/29 00:53:45.0647 5884 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/05/29 00:53:45.0811 5884 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/05/29 00:53:46.0229 5884 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/05/29 00:53:46.0456 5884 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/05/29 00:53:46.0778 5884 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
2011/05/29 00:53:47.0076 5884 pcmcia (b7c5a8769541900f6dfa6fe0c5e4d513) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/05/29 00:53:47.0344 5884 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/29 00:53:47.0881 5884 PID_PEPI (dd184d9adfe2a8a21741dbdfe9e22f5c) C:\Windows\system32\DRIVERS\LV302V32.SYS
2011/05/29 00:53:48.0307 5884 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/29 00:53:48.0472 5884 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/05/29 00:53:48.0777 5884 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/29 00:53:49.0070 5884 PSDFilter (1dcbb35090cc4b2bd3d661e6089523c6) C:\Windows\system32\DRIVERS\psdfilter.sys
2011/05/29 00:53:49.0327 5884 PSDNServ (e26e46d619469964ac3609620f443867) C:\Windows\system32\DRIVERS\PSDNServ.sys
2011/05/29 00:53:49.0565 5884 psdvdisk (3e1d134af2806867d06047c4cc33cc65) C:\Windows\system32\DRIVERS\PSDVdisk.sys
2011/05/29 00:53:50.0030 5884 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/05/29 00:53:50.0462 5884 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/29 00:53:50.0892 5884 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/29 00:53:51.0089 5884 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/29 00:53:51.0323 5884 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/29 00:53:51.0475 5884 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/29 00:53:51.0620 5884 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/29 00:53:51.0964 5884 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/29 00:53:52.0165 5884 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/29 00:53:52.0360 5884 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/05/29 00:53:52.0622 5884 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/29 00:53:52.0784 5884 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/05/29 00:53:53.0124 5884 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/29 00:53:53.0345 5884 RTSTOR (9ea88492b1dab90dce43a6f2c0e133bd) C:\Windows\system32\drivers\RTSTOR.SYS
2011/05/29 00:53:53.0434 5884 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/29 00:53:53.0672 5884 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
2011/05/29 00:53:53.0973 5884 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/29 00:53:54.0126 5884 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/05/29 00:53:54.0234 5884 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/05/29 00:53:54.0289 5884 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/29 00:53:54.0466 5884 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/05/29 00:53:54.0735 5884 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/29 00:53:55.0066 5884 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/29 00:53:55.0252 5884 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/05/29 00:53:55.0344 5884 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/05/29 00:53:55.0600 5884 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/05/29 00:53:55.0860 5884 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/05/29 00:53:56.0141 5884 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/05/29 00:53:56.0318 5884 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/29 00:53:56.0581 5884 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/05/29 00:53:56.0864 5884 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/29 00:53:57.0181 5884 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/29 00:53:57.0463 5884 ssadbus (6d83ff6722baf7e82a4521dbec363e5a) C:\Windows\system32\DRIVERS\ssadbus.sys
2011/05/29 00:53:57.0648 5884 ssadmdfl (5ae42e90f99749e0e35b9989a2d0275c) C:\Windows\system32\DRIVERS\ssadmdfl.sys
2011/05/29 00:53:57.0775 5884 ssadmdm (9285d8aba50a4d6482b1574448f9eb76) C:\Windows\system32\DRIVERS\ssadmdm.sys
2011/05/29 00:53:57.0980 5884 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/05/29 00:53:58.0239 5884 StarOpen (306521935042fc0a6988d528643619b3) C:\Windows\system32\drivers\StarOpen.sys
2011/05/29 00:53:58.0549 5884 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/29 00:53:58.0910 5884 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/29 00:53:59.0144 5884 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/29 00:53:59.0336 5884 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/29 00:53:59.0516 5884 SynTP (4c9bb4b3b9eac26211484c30b914c6dc) C:\Windows\system32\DRIVERS\SynTP.sys
2011/05/29 00:53:59.0976 5884 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/05/29 00:54:00.0292 5884 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/29 00:54:00.0490 5884 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/29 00:54:00.0725 5884 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/29 00:54:00.0838 5884 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/29 00:54:01.0002 5884 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/29 00:54:01.0259 5884 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/29 00:54:01.0490 5884 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/29 00:54:01.0750 5884 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/29 00:54:02.0011 5884 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/29 00:54:02.0188 5884 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/05/29 00:54:02.0430 5884 UBHelper (f763e070843ee2803de1395002b42938) C:\Windows\system32\drivers\UBHelper.sys
2011/05/29 00:54:02.0636 5884 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/29 00:54:03.0000 5884 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/29 00:54:03.0281 5884 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/05/29 00:54:03.0489 5884 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/29 00:54:03.0940 5884 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/29 00:54:04.0240 5884 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/29 00:54:04.0496 5884 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/05/29 00:54:04.0796 5884 usbbus (9419faac6552a51542dbba02971c841c) C:\Windows\system32\DRIVERS\lgusbbus.sys
2011/05/29 00:54:05.0201 5884 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/29 00:54:05.0452 5884 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/29 00:54:05.0911 5884 UsbDiag (c0a466fa4ffec464320e159bc1bbdc0c) C:\Windows\system32\DRIVERS\lgusbdiag.sys
2011/05/29 00:54:06.0266 5884 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/29 00:54:06.0520 5884 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/29 00:54:06.0857 5884 USBModem (f74a54774a9b0afeb3c40adec68aa600) C:\Windows\system32\DRIVERS\lgusbmodem.sys
2011/05/29 00:54:07.0289 5884 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/05/29 00:54:07.0534 5884 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
2011/05/29 00:54:07.0781 5884 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/29 00:54:08.0187 5884 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/29 00:54:08.0502 5884 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
2011/05/29 00:54:08.0986 5884 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/29 00:54:09.0211 5884 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/29 00:54:09.0462 5884 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/05/29 00:54:09.0846 5884 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/05/29 00:54:10.0184 5884 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/05/29 00:54:10.0442 5884 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/29 00:54:10.0969 5884 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/05/29 00:54:11.0392 5884 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/05/29 00:54:11.0887 5884 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/05/29 00:54:12.0113 5884 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/29 00:54:12.0438 5884 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/29 00:54:12.0514 5884 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/29 00:54:13.0063 5884 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/05/29 00:54:13.0452 5884 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/29 00:54:14.0162 5884 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/05/29 00:54:14.0596 5884 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/29 00:54:15.0205 5884 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/05/29 00:54:15.0525 5884 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/29 00:54:15.0927 5884 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/29 00:54:16.0243 5884 yukonwlh (3e1c915c6291ab5d1cfca680e1bd6bad) C:\Windows\system32\DRIVERS\yk60x86.sys
2011/05/29 00:54:16.0411 5884 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} (4d840c6af3c020ed3a35efba9025cf4a) C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
2011/05/29 00:54:16.0499 5884 MBR (0x1B8) (a863475757cc50891aa8458c415e4b25) \Device\Harddisk0\DR0
2011/05/29 00:54:16.0676 5884 ================================================================================
2011/05/29 00:54:16.0676 5884 Scan finished
2011/05/29 00:54:16.0676 5884 ================================================================================
2011/05/29 00:54:16.0703 4536 Detected object count: 0
2011/05/29 00:54:16.0703 4536 Actual detected object count: 0

cosinus 29.05.2011 09:59
Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes

Benya08 29.05.2011 16:18
OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 17:07:50 on 29.05.2011

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Opera Software Opera Internet Browser 11.11

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLCFG32.CPL
"Pando" - "Pando Networks" - C:\Program Files\Pando Networks\Media Booster\PMB.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"atksgt" (atksgt) - ? - C:\Windows\System32\DRIVERS\atksgt.sys  (File found, but it contains no detailed information)
"avgio" (avgio) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avgio.sys
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"dgderdrv" (dgderdrv) - "Devguru Co., Ltd" - C:\Windows\System32\drivers\dgderdrv.sys
"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\fssfltr.sys
"FsUsbExDisk" (FsUsbExDisk) - ? - C:\Windows\system32\FsUsbExDisk.SYS  (File found, but it contains no detailed information)
"int15" (int15) - "Acer, Inc." - C:\Windows\system32\drivers\int15.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"kgldypow" (kgldypow) - ? - C:\Users\Maya\AppData\Local\Temp\kgldypow.sys  (Hidden registry entry, rootkit activity | File not found)
"lirsgt" (lirsgt) - ? - C:\Windows\System32\DRIVERS\lirsgt.sys  (File found, but it contains no detailed information)
"MTOnlPktAlyX NDIS Protocol Driver" (MTOnlPktAlyX) - "Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH" - C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS
"NTIPPKernel" (NTIPPKernel) - "Cyberlink Corp." - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
"PSDFilter" (PSDFilter) - "Egis Incorporated" - C:\Windows\System32\DRIVERS\psdfilter.sys
"PSDNServ" (PSDNServ) - "Egis Incorporated" - C:\Windows\System32\DRIVERS\PSDNServ.sys
"PSDVdisk" (psdvdisk) - "Egis Incorporated" - C:\Windows\System32\DRIVERS\PSDVdisk.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
"StarOpen" (StarOpen) - ? - C:\Windows\system32\drivers\StarOpen.sys  (File found, but it contains no detailed information)
"UBHelper" (UBHelper) - "NewTech Infosystems Corporation" - C:\Windows\system32\drivers\UBHelper.sys
"Upper Class Filter Driver" (NTIDrvr) - "NewTech Infosystems, Inc." - C:\Windows\System32\DRIVERS\NTIDrvr.sys
"{49DE1C67-83F8-4102-99E0-C16DCC7EEC796}" ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) - "Cyberlink Corp." - C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - ? - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL  (File not found)
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
{3050F406-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML About Pluggable Protocol" - "Microsoft Corporation" - C:\Windows\system32\mshtml.dll  (Data mismatch, rootkit activity)
{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Javascript Pluggable Protocol" - "Microsoft Corporation" - C:\Windows\system32\mshtml.dll  (Data mismatch, rootkit activity)
{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Javascript Pluggable Protocol" - "Microsoft Corporation" - C:\Windows\system32\mshtml.dll  (Data mismatch, rootkit activity)
{3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Mailto Pluggable Protocol" - "Microsoft Corporation" - C:\Windows\system32\mshtml.dll  (Data mismatch, rootkit activity)
{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} "Microsoft HTML Resource Pluggable Protocol" - "Microsoft Corporation" - C:\Windows\system32\mshtml.dll  (Data mismatch, rootkit activity)
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - c:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - ? - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL  (File not found)
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} "DragDropProtect Class" - "Egis Inc." - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll
{2b45bd21-71f8-4c8c-a87a-7eeb25a1a3e0} "EPM-PO Shell Extensions" - ? - epm-po.dll  (File not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{25336920-03f9-11cf-8fd0-00aa00686f13} "HTML Document" - "Microsoft Corporation" - C:\Windows\system32\mshtml.dll  (Data mismatch, rootkit activity)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{3050f3d9-98b5-11cf-bb82-00aa00bdce0b} "MHTML Document" - "Microsoft Corporation" - C:\Windows\system32\mshtml.dll  (Data mismatch, rootkit activity)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL
{4CF20B46-D006-4B90-A64B-DBAA9470EFBE} "PhotoToysClone" - "Brice Lambson" - C:\Program Files\Brice Lambson\PhotoToysClone\PhotoToysClone.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll
{E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll
{E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll
{E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll
{E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{855F3B16-6D32-4fe6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
 "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{A21769F8-CEC5-4AFA-A6A4-CC921A15DF40} "ActiveXControl Object" - "L39 Studios" - C:\Windows\Downloaded Program Files\coreXplayer.dll / hxxp://www.n2030.com/coreXplayer.dll
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_21" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_21.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10i.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{855F3B16-6D32-4FE6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
"ICQ7.5" - "ICQ, LLC." - C:\Program Files\ICQ7.5\ICQ.exe
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Acer eDataSecurity Management" - "Egis Incorporated." - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll
{855F3B16-6D32-4FE6-8A56-BBB695989046} "ICQToolBar" - "ICQ" - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} "Adobe PDF Reader Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} "ShowBarObj Class" - "Egis" - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"OpenOffice.org 3.1.lnk" - ? - C:\Program Files\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"WinZip Quick Pick.lnk" - "WinZip Computing, S.L." - C:\Program Files\WinZip\WZQKPICK.EXE  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"ICQ" - "ICQ, LLC." - "C:\Program Files\ICQ7.5\ICQ.exe" silent loginmode=4
"KiesTrayAgent" - "Samsung Electronics Co., Ltd." - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
"Logitech Vid" - "Logitech Inc." - "C:\Program Files\Logitech\Logitech Vid\vid.exe" -bootmode
"Pando Media Booster" - ? - C:\Program Files\Pando Networks\Media Booster\PMB.exe
"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"T-Online_Software_6\WLAN-Access Finder" - "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" - C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe /StartMinimized
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"ArcadeDeluxeAgent" - "CyberLink Corp." - "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"BkupTray" - ? - "C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe"
"CLMLServer" - "CyberLink" - "C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe"
"eDataSecurity Loader" - "Egis Incorporated" - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe
"ePower_DMC" - "Acer Inc." - C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
"Google Desktop Search" - "Google" - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"LManager" - "Dritek System Inc." - C:\PROGRA~1\LAUNCH~1\LManager.exe
"LogitechQuickCamRibbon" - "Logitech Inc." - "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
"Malwarebytes' Anti-Malware (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"NeroFilterCheck" - "Ahead Software Gmbh" - C:\Windows\system32\NeroCheck.exe
"PlayMovie" - "Acer Corp." - "C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
"QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"SweetIM" - "SweetIM Technologies Ltd." - C:\Program Files\SweetIM\Messenger\SweetIM.exe
"WarReg_PopUp" - "Acer Incorporated" - C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
"WinampAgent" - ? - "C:\Program Files\Winamp\winampa.exe"  (File found, but it contains no detailed information)

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"CLHNService" (CLHNService) - ? - C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
"Device Error Recovery Service" (dgdersvc) - "Devguru Co., Ltd." - C:\Windows\system32\dgdersvc.exe
"eDataSecurity Service" (eDataSecurity Service) - "Egis Incorporated" - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
"Empowering Technology Service" (ETService) - ? - C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
"FsUsbExService" (FsUsbExService) - "Teruten" - C:\Windows\system32\FsUsbExService.Exe
"Google Desktop Manager 5.9.1005.12335" (GoogleDesktopManager-051210-111108) - "Google" - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"ICQ Service" (ICQ Service) - ? - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"MobilityService" (MobilityService) - ? - C:\Acer\Mobility Center\MobilityService.exe
"NMSAccessU" (NMSAccessU) - ? - D:\Eigene Dateien\Programme\CDBurnerXP\NMSAccessU.exe  (File found, but it contains no detailed information)
"NTI Backup Now 5 Agent Service" (BUNAgentSvc) - "NewTech Infosystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
"NTI Backup Now 5 Backup Service" (NTIBackupSvc) - "NewTech InfoSystems, Inc." - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
"NTI Backup Now 5 Scheduler Service" (NTISchedulerSvc) - ? - C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe  (File found, but it contains no detailed information)
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Process Monitor" (LVPrcSrv) - "Logitech Inc." - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
"Windows Live Family Safety-Dienst" (fsssvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\Family Safety\fsssvc.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

cosinus 29.05.2011 16:19
GMER ging nicht?

Benya08 29.05.2011 16:26
nee leider nicht

cosinus 29.05.2011 17:12
Code:
      Size  Device Name          MBR Status
  --------------------------------------------
    298 GB  \\.\PhysicalDrive0  Unknown MBR code
            SHA1: 75374D27B77E61C9316E27BACDEE41C1E2C9874E
Wir sollten den MBR manuell fixen. Sichere für den Fall der Fälle alle wichtigen Daten.

Hast Du noch andere Betriebssysteme außer Vista installiert?
Wenn nicht: Schau mal hier => Vista Notfall/Recovery-CD 32-Bit - Dr. Windows

Lad das iso runter, brenn es zB mit ImgBurn per Imagebrennfunktion auf eine CD und starte damit den Rechner (von dieser CD booten).

Falls Du eine normale Vista-Installations-DVD hast, brauchst Du das o.g. Image nicht sondern kannst einfach von der Vista-DVD booten.

Klick auf Computerreparaturoptionen, weiter, Eingabeaufforderung - die Konsole öffnet sich. Da bitte bootrec.exe /fixboot eintippen (mit enter bestätigen), dann bootrec.exe /fixmbr eintippen (mit enter bestätigen) - Rechner neustarten, CD vorher rausnehmen. Erstell danach wieder neue Logs mit MBRCheck und wenn es geht GMER.

Benya08 31.05.2011 14:04
hm da steht als überschrift 32-Bit-VErsion, runterladen kann man da aber nur die 64-Bit-Version, ist das richtig?

Benya08 31.05.2011 14:28
ah okay sorry hab schon gefunden

Daten sichern, indem ich sie einfach auf einen Stick ziehe,. oder mit dem Link in deiner Signatur?

Benya08 31.05.2011 14:49
hm, bin grad etwas verwirrt, wollte gerade das Vista Recover auf ne CD brennen mit IMGburn, mitten im brennvorgang hat er die CD ausgeschmissen, und wollte dann, dass ich ne leere cd einlege... müssen das 2 cds sein?

cosinus 31.05.2011 16:00
Nein, Fehlermeldung?
Die eine ISO ist für genau einen CD-Rohling.

Benya08 31.05.2011 17:34
Oh, nee, hab herausgefunden, dass er erst angefangen hat zu brennen als er den rohling haben wollte.. der andere rohling war noch leer..
also jetzt die Datensicherung.. über ubuntu, oder kann ichs auch einfach alles auf nen stick ziehen?

cosinus 31.05.2011 18:30
Zitat:
Oh, nee, hab herausgefunden, dass er erst angefangen hat zu brennen als er den rohling haben wollte.. der andere rohling war noch leer..
Das bitte mal anders erklären, das ergibt so nämlich keinen Sinn. Er kann nicht einfach anfangen zu brennen, brennen geht nur, wenn eine beschreibbare CD im Brenner liegt.
Und die vorherige Datensicherung muss nicht über Ubuntu passieren, kann man aber machen.

Benya08 01.06.2011 20:37
Ja ich hatte da einen leeren Rohling eingelegt und wollte das dann brennen, Dann hat er da irgendwas geladen und ich dachte, er brennt schon.. nach ner Zeit hat er dann das Laufwerk ausgeschmissen und mir dann angezeigt, dass er einen leeren Rohling braucht, dann hab ich da nochmal einen eingelegt - weil ich dachte er brauche 2 CDs - dann hat er gebrannt.. auf dem ersten Rohling den ich eingelegt hatte war aber nichts drauf...

Edit: Wenn ich die CD einlege, und den Pc dann starte, öffnet er das, wo ich Computerreparaturoptionen anklicken muss alleine? Oder muss ich da noch vorher ins Bootmenu oder so?

Sorry, hab in solchen Sachen leider null ahnung...

cosinus 01.06.2011 21:42
Zitat:
Edit: Wenn ich die CD einlege, und den Pc dann starte, öffnet er das, wo ich Computerreparaturoptionen anklicken muss alleine? Oder muss ich da noch vorher ins Bootmenu oder so?
Erstmal musst du erfolgreich die CD brennen. Das ist Schritt 1 - wenn du diesen Schritt geschafft hast kannst du an Schritt 2 denken - aber ja, du musst bei erfolgtem Schritt 1 erstmal die Sprache auswählen (sofern du erfolgreich von dieser Cd booten konntest) und hast dann die Möglichkeit die Computerreparaturoptionen zu starten.

Siehe auch meine Screenshots (wunder dich nicht über den Rand, hab die in einer virtuellen Maschine über VMWare gemacht)

Hier Sprache auswählen:
http://saved.im/mtgymzazzhc1/newvm-v...2_10-06-47.png

Dann Computerreparaturoptionen anklicken:
http://saved.im/mtgymza0awi3/newvm-v...2_10-16-45.png

Benya08 03.06.2011 11:45
Man glaubt es kaum, aber ich hab es hinbekommen glaube ich...
Als ich die beiden Codes eingegeben habe kam dann einfach nur dass es erfolgreich war, sonst nix, das ist doch richtig oder?
Hier die Logs:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Acer
BIOS Manufacturer: Phoenix Technologies LTD
System Manufacturer: Acer
System Product Name: Aspire 5735
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 152):
0x82214000 \SystemRoot\system32\ntkrnlpa.exe
0x825CE000 \SystemRoot\system32\hal.dll
0x8040E000 \SystemRoot\system32\kdcom.dll
0x80415000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x80485000 \SystemRoot\system32\PSHED.dll
0x80496000 \SystemRoot\system32\BOOTVID.dll
0x8049E000 \SystemRoot\system32\CLFS.SYS
0x804DF000 \SystemRoot\system32\CI.dll
0x80603000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8067F000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8068C000 \SystemRoot\system32\drivers\acpi.sys
0x806D2000 \SystemRoot\system32\drivers\WMILIB.SYS
0x806DB000 \SystemRoot\system32\drivers\msisadrv.sys
0x806E3000 \SystemRoot\system32\drivers\pci.sys
0x8070A000 \SystemRoot\System32\drivers\partmgr.sys
0x80719000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8071C000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x80726000 \SystemRoot\system32\drivers\volmgr.sys
0x80735000 \SystemRoot\System32\drivers\volmgrx.sys
0x8077F000 \SystemRoot\System32\drivers\mountmgr.sys
0x8078F000 \SystemRoot\System32\Drivers\UBHelper.sys
0x80797000 \SystemRoot\system32\drivers\atapi.sys
0x8079F000 \SystemRoot\system32\drivers\ataport.SYS
0x807BD000 \SystemRoot\system32\drivers\msahci.sys
0x807C7000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x805BF000 \SystemRoot\system32\drivers\fltmgr.sys
0x807D5000 \SystemRoot\system32\drivers\fileinfo.sys
0x807E5000 \SystemRoot\system32\DRIVERS\psdfilter.sys
0x89E0B000 \SystemRoot\System32\Drivers\ksecdd.sys
0x89E7C000 \SystemRoot\system32\drivers\ndis.sys
0x89F87000 \SystemRoot\system32\drivers\msrpc.sys
0x89FB2000 \SystemRoot\system32\drivers\NETIO.SYS
0x8A00B000 \SystemRoot\System32\drivers\tcpip.sys
0x8A0F5000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8A208000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8A318000 \SystemRoot\system32\drivers\volsnap.sys
0x8A351000 \SystemRoot\System32\Drivers\spldr.sys
0x8A359000 \SystemRoot\System32\Drivers\mup.sys
0x8A368000 \SystemRoot\System32\drivers\ecache.sys
0x8A38F000 \SystemRoot\system32\drivers\disk.sys
0x8A3A0000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x8A3C1000 \SystemRoot\system32\drivers\crcdisk.sys
0x8A3EC000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x8A3F7000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x8D60B000 \SystemRoot\system32\DRIVERS\igdkmd32.sys
0x8DF28000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8DFC8000 \SystemRoot\System32\drivers\watchdog.sys
0x8DFD4000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x8A110000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x8DFDF000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8A14E000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8E20C000 \SystemRoot\system32\DRIVERS\yk60x86.sys
0x8E258000 \SystemRoot\system32\DRIVERS\athr.sys
0x8E33C000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x8E340000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8E353000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0x8E35D000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8E368000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8E398000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8E39A000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8E3A5000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8E3BD000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0x8E3C5000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x8E3CE000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x8E60E000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8E63D000 \SystemRoot\system32\DRIVERS\storport.sys
0x8E67E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8E689000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8E6A0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8E6AB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8E6CE000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x8E6DD000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x8E6F1000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8E706000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8E716000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8E718000 \SystemRoot\system32\DRIVERS\ks.sys
0x8E742000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8E74C000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8E759000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8E78E000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8E80C000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x8EAAF000 \SystemRoot\system32\drivers\portcls.sys
0x8EADC000 \SystemRoot\system32\drivers\drmk.sys
0x8EC0F000 \SystemRoot\system32\DRIVERS\AGRSM.sys
0x8ED35000 \SystemRoot\system32\drivers\modem.sys
0x8ED42000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8ED4B000 \SystemRoot\System32\Drivers\Null.SYS
0x8ED52000 \SystemRoot\System32\Drivers\Beep.SYS
0x8ED62000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x8ED69000 \SystemRoot\System32\drivers\vga.sys
0x8ED75000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8ED96000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8ED9E000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8EDA6000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8EDB1000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8EDBF000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8EDC8000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8EDDE000 \SystemRoot\system32\DRIVERS\smb.sys
0x8EB01000 \SystemRoot\system32\drivers\afd.sys
0x8EB49000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8EB7B000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8EDF2000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8EC00000 \SystemRoot\System32\Drivers\StarOpen.SYS
0x8EB91000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8EC06000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8EBA4000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8EBE0000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8E79F000 \SystemRoot\System32\Drivers\dfsc.sys
0x8E7B6000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8EC0C000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x8EBEA000 \SystemRoot\system32\drivers\RTSTOR.SYS
0x8F808000 \SystemRoot\System32\Drivers\fastfat.SYS
0x8F830000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8F83D000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8F848000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x97EE0000 \SystemRoot\System32\win32k.sys
0x8F852000 \SystemRoot\System32\drivers\Dxapi.sys
0x8F85C000 \SystemRoot\system32\DRIVERS\monitor.sys
0x98100000 \SystemRoot\System32\TSDDD.dll
0x98120000 \SystemRoot\System32\cdd.dll
0x8F86B000 \SystemRoot\system32\drivers\luafv.sys
0x8F886000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x8F89B000 \SystemRoot\system32\drivers\spsys.sys
0x8F94B000 \SystemRoot\system32\DRIVERS\irda.sys
0x8F969000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8F979000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x8F9A3000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x8F9AD000 \SystemRoot\system32\DRIVERS\rspndr.sys
0xAB00C000 \SystemRoot\system32\drivers\HTTP.sys
0xAB079000 \SystemRoot\System32\DRIVERS\srvnet.sys
0xAB096000 \SystemRoot\system32\DRIVERS\bowser.sys
0xAB0AF000 \SystemRoot\System32\drivers\mpsdrv.sys
0xAB0C4000 \SystemRoot\system32\drivers\mrxdav.sys
0xAB0E5000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAB104000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0xAB13D000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0xAB155000 \SystemRoot\System32\DRIVERS\srv2.sys
0xAB17D000 \SystemRoot\System32\DRIVERS\srv.sys
0xABE07000 \SystemRoot\system32\DRIVERS\atksgt.sys
0xABE4A000 \??\C:\Windows\system32\drivers\int15.sys
0xABE51000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0xABE56000 \SystemRoot\system32\drivers\peauth.sys
0xABF34000 \SystemRoot\system32\DRIVERS\PSDNServ.sys
0xABF3D000 \SystemRoot\system32\DRIVERS\PSDVdisk.sys
0xABF4F000 \SystemRoot\System32\Drivers\secdrv.SYS
0xABF59000 \SystemRoot\System32\drivers\tcpipreg.sys
0xABF65000 \??\C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
0xABF86000 \SystemRoot\system32\DRIVERS\LVPr2Mon.sys
0xABF8B000 \SystemRoot\System32\drivers\dgderdrv.sys
0xABF8E000 \??\C:\Windows\system32\FsUsbExDisk.SYS
0xABF97000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77C70000 \Windows\System32\ntdll.dll

Processes (total 81):
0 System Idle Process
4 SYSTEM
412 C:\Windows\System32\smss.exe
488 csrss.exe
532 C:\Windows\System32\wininit.exe
544 csrss.exe
576 C:\Windows\System32\services.exe
588 C:\Windows\System32\lsass.exe
600 C:\Windows\System32\lsm.exe
712 C:\Windows\System32\winlogon.exe
792 C:\Windows\System32\svchost.exe
872 C:\Windows\System32\svchost.exe
928 C:\Windows\System32\svchost.exe
1008 C:\Windows\System32\svchost.exe
1076 C:\Windows\System32\svchost.exe
1112 C:\Windows\System32\svchost.exe
1168 C:\Windows\System32\audiodg.exe
1188 C:\Windows\System32\svchost.exe
1208 C:\Windows\System32\SLsvc.exe
1236 C:\Windows\System32\svchost.exe
1392 C:\Windows\System32\svchost.exe
1624 C:\Windows\System32\spoolsv.exe
1656 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1684 C:\Windows\System32\svchost.exe
1940 C:\Windows\System32\agrsmsvc.exe
1972 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1988 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
2008 C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
2024 C:\Windows\System32\dgdersvc.exe
200 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
228 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
352 C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
784 C:\Windows\System32\FsUsbExService.Exe
856 C:\Program Files\ICQ6Toolbar\ICQ Service.exe
1336 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
1752 C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
1736 C:\Acer\Mobility Center\MobilityService.exe
2140 D:\Eigene Dateien\Programme\CDBurnerXP\NMSAccessU.exe
2152 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
2196 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
2228 C:\Windows\System32\svchost.exe
2300 C:\Windows\System32\taskeng.exe
2352 C:\Program Files\Cyberlink\Shared files\RichVideo.exe
2376 C:\Windows\System32\svchost.exe
2408 C:\Windows\System32\svchost.exe
2424 C:\Windows\System32\dwm.exe
2452 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2472 C:\Windows\explorer.exe
2496 C:\Windows\System32\SearchIndexer.exe
2992 C:\Windows\System32\taskeng.exe
3104 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3116 C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BkupTray.exe
3124 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
3140 C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe
3152 C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe
3276 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3484 C:\Windows\System32\igfxsrvc.exe
3660 unsecapp.exe
3668 WmiPrvSE.exe
2976 C:\Program Files\Launch Manager\LManager.exe
3048 C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe
1184 WmiPrvSE.exe
2004 C:\Users\Maya\Desktop\MBRCheck.exe
3224 C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
3256 C:\Program Files\Acer\WR_PopUp\WarReg_PopUp.exe
3392 C:\Windows\System32\conime.exe
3348 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
2932 C:\Windows\System32\igfxext.exe
3024 C:\Program Files\Common Files\Java\Java Update\jusched.exe
2848 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
3188 C:\Windows\System32\igfxsrvc.exe
1248 C:\Program Files\Winamp\winampa.exe
3596 C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
3980 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
3988 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
1908 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
2116 C:\Windows\System32\igfxtray.exe
2984 C:\Windows\System32\hkcmd.exe
748 C:\Windows\System32\igfxpers.exe
984 C:\Windows\System32\dllhost.exe
4020 C:\Program Files\SweetIM\Messenger\SweetIM.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`71100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000026`7bf00000 (NTFS)

PhysicalDrive0 Model Number: HitachiHTS543232L9A300, Rev: FB4OC40C

Size Device Name MBR Status
--------------------------------------------
298 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!




GMER Logfile:
Code:
GMER 1.0.15.15640 - hxxp://www.gmer.net
Rootkit scan 2011-06-03 01:28:16
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543232L9A300 rev.FB4OC40C
Running: cy3nyxue.exe; Driver: C:\Users\Maya\AppData\Local\Temp\kgldypow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text          C:\Windows\system32\DRIVERS\atksgt.sys                                                                                                section is writeable [0xABE07300, 0x3ACC8, 0xE8000020]
.text          C:\Windows\system32\DRIVERS\lirsgt.sys                                                                                                section is writeable [0xABE51300, 0x1B7E, 0xE8000020]
                C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl                                                                                  entry point in "" section [0xABF8441C]
.clc            C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl                                                                                  unknown last code section [0xABF85000, 0x1000, 0xE0000020]

---- User code sections - GMER 1.0.15 ----

.text          C:\Program Files\ICQ7.5\ICQ.exe[3064] kernel32.dll!LoadLibraryExW                                                                      76939109 6 Bytes  JMP 5F070F5A
.text          C:\Program Files\ICQ7.5\ICQ.exe[3064] kernel32.dll!ReadFile                                                                            7694F02B 6 Bytes  JMP 5F160F5A
.text          C:\Program Files\ICQ7.5\ICQ.exe[3064] kernel32.dll!GetFileSize                                                                        76957148 6 Bytes  JMP 5F190F5A
.text          C:\Program Files\ICQ7.5\ICQ.exe[3064] kernel32.dll!CloseHandle                                                                        7695AE8D 6 Bytes  JMP 5F130F5A
.text          C:\Program Files\ICQ7.5\ICQ.exe[3064] kernel32.dll!CreateFileW                                                                        7695AECB 6 Bytes  JMP 5F100F5A
.text          C:\Program Files\ICQ7.5\ICQ.exe[3064] USER32.dll!SetParent                                                                            76A8A2AA 3 Bytes  [FF, 25, 1E]
.text          C:\Program Files\ICQ7.5\ICQ.exe[3064] USER32.dll!SetParent + 4                                                                        76A8A2AE 2 Bytes  [1D, 5F]
.text          C:\Program Files\ICQ7.5\ICQ.exe[3064] USER32.dll!CreateWindowExW                                                                      76A91305 6 Bytes  JMP 5F0A0F5A
.text          C:\Program Files\ICQ7.5\ICQ.exe[3064] USER32.dll!DispatchMessageW                                                                      76AA021C 6 Bytes  JMP 5F040F5A
.text          C:\Program Files\ICQ7.5\ICQ.exe[3064] ole32.dll!CoCreateInstance                                                                      77A89F3E 6 Bytes  JMP 5F0D0F5A

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Program Files\Skype\Phone\Skype.exe[756] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile]                                [001F2F20] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT            C:\Program Files\Skype\Phone\Skype.exe[756] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose]                                    [001F2CF0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT            C:\Program Files\Skype\Phone\Skype.exe[756] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]                      [001F2C90] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT            C:\Program Files\Skype\Phone\Skype.exe[756] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]                          [001F2CC0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT            C:\Windows\Explorer.EXE[2472] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                                  [74B27817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2472] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                                  [74B7A86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2472] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                                              [74B2BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2472] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                                        [74B1F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2472] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                                  [74B275E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2472] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                                                [74B1E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2472] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]                                    [74B58395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2472] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]                                      [74B2DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2472] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                                              [74B1FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2472] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                                                [74B1FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2472] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                                                [74B171CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2472] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]                                        [74BACAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2472] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]                                            [74B4C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2472] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                                              [74B1D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2472] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                                        [74B16853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2472] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                                        [74B1687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2472] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                                          [74B22AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT            C:\Windows\Explorer.EXE[2472] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread]                                            [100027E0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT            C:\Windows\Explorer.EXE[2472] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibraryAndExitThread]                                [10001D90] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT            C:\Windows\Explorer.EXE[2472] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress]                                          [10002B30] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT            C:\Windows\Explorer.EXE[2472] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]                                            [100011D0] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll (Egis Inc. PSD DragDrop Protection/Egis Inc.)
IAT            C:\Program Files\Logitech\Logitech Vid\Vid.exe[3032] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile]                      [02C02F20] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT            C:\Program Files\Logitech\Logitech Vid\Vid.exe[3032] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose]                            [02C02CF0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT            C:\Program Files\Logitech\Logitech Vid\Vid.exe[3032] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]              [02C02C90] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT            C:\Program Files\Logitech\Logitech Vid\Vid.exe[3032] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]                  [02C02CC0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT            C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3596] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile]          [003C2F20] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT            C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3596] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose]                [003C2CF0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT            C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3596] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile]  [003C2C90] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)
IAT            C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe[3596] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject]      [003C2CC0] C:\Windows\TEMP\logishrd\LVPrcInj01.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                                Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                                Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                              fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
--- --- ---

cosinus 03.06.2011 14:26
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Benya08 04.06.2011 16:23
Boah, Malwarebytes ist durchgelaufen und hat nix angezeigt, SuperAntispyware läuft jetzt schon seit 4 stunden und hat schon 175 Bedrohungen gefunden...
Woran liegt das, dass die so unterschiedliche Ergebnisse haben?
Die Logs stell ich rein, sobald SUPERAntispyware durch ist

Benya08 04.06.2011 17:12
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Datenbank Version: 6766

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

04.06.2011 01:58:07
mbam-log-2011-06-04 (01-58-07).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 528451
Laufzeit: 2 Stunde(n), 18 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 06/04/2011 at 05:58 PM

Application Version : 4.53.1000

Core Rules Database Version : 7200
Trace Rules Database Version: 5012

Scan type : Complete Scan
Total Scan Time : 04:30:31

Memory items scanned : 920
Memory threats detected : 0
Registry items scanned : 11023
Registry threats detected : 5
File items scanned : 354666
File threats detected : 170

Adware.Tracking Cookie
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@statcounter[2].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@emo-porn[2].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@apmebf[6].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@naked[1].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@adult-empire[2].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@xxxcounter[1].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@toplist[3].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@ero-advertising[3].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@click.payserve[1].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@ad3.adfarm1.adition[3].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@adserver.hardsextube[2].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@eas.apm.emediate[6].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@smartadserver[4].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@mediaplex[6].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@ad.extr1[1].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@ads.creative-serving[1].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@revsci[4].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@ad4.adfarm1.adition[2].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@clicksor[2].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@zanox-affiliate[7].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@traffictrack[8].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@lucidmedia[1].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@112.2o7[1].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@adxpose[2].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@stats.paypal[3].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@studivz.adfarm1.adition[1].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@de.sitestat[6].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@ads.thewonder[1].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@ad.adc-serv[3].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@freeanimalsextube[1].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@content.yieldmanager[10].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@serving-sys[4].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@ads.youporn[2].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@adnetxchange[1].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@alphaporno[3].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@adfarm1.adition[8].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@ad.adc-serv[4].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@pornmovieswatch[2].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@zanox[6].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@fastclick[5].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@de.sitestat[7].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@specificclick[5].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@www.youporn[2].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@ad1.adfarm1.adition[3].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@xiti[2].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@tracking.quisma[2].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@www.usenext[2].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@advertstream[2].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@trafficmp[2].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@yadro[1].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@imrworldwide[3].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@sevenoneintermedia.112.2o7[3].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@zbox.zanox[1].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@webmasterplan[7].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@ads.witz-des-tages[2].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@parispornmovies[1].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@f.blogads[2].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@ads.whaleads[2].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@ads.carocean.co[1].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@tribalfusion[1].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@advertise[2].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@ad.zanox[2].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@statse.webtrendslive[3].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@content.yieldmanager[11].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@eu.gomeotrack[1].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@weborama[1].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@paypal.112.2o7[2].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@www.etracker[1].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@youporn[4].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@animal-sex-stories[1].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@de.youporn[1].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@ru4[1].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@atdmt[3].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@ad2.adfarm1.adition[4].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@pornotube[1].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@ads.watchmygf[1].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@lfstmedia[3].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@ad.dyntracker[2].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@server.cpmstar[2].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@invitemedia[3].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@myroitracking[1].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@wildanimalporn[2].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@g.blogads[1].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@profilbanner[1].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@ad.ad-srv[2].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@unitymedia[4].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@ads.crakmedia[3].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@adtech[5].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@porntube562[1].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@adxpansion[3].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@ad.yieldmanager[8].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@tracking.mlsat02[2].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@tradedoubler[5].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@doubleclick[1].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@fucktapes[1].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@adx.chip[4].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@ads.quartermedia[1].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@adviva[7].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@ads.yoggrt[2].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@burstnet[3].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@www.googleadservices[3].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@www.googleadservices[1].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@eyewonder[3].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@mediacontactses.solution.weborama[2].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@adultfriendfinder[2].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@da-tracking[2].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@ad.adserver01[1].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@cogaccounts.codemasters[1].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@www.animal-sex-stories[2].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@youporn[2].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@overture[2].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@adserver.ignitad[2].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@advertising[1].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@ww251.smartadserver[3].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@adserver.adtechus[2].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@de.sitestat[9].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@cdn.jemamedia[2].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@bobiporn[1].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@www.oldguysandteens[2].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@directporntube[2].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@eas4.emediate[1].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@www.burstnet[1].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@ads.pointroll[3].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@yieldmanager[1].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@bs.serving-sys[4].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@de.sitestat[8].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@upvalue1.easymedia-adserver[2].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@media.gan-online[3].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@adform[1].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@mediabrandsww[1].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@clicks.thespecialsearch[1].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@pointroll[3].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@collective-media[4].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@track.adform[4].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@www.alphaporno[1].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@harpo.122.2o7[1].txt
C:\Users\Maya\AppData\Roaming\Microsoft\Windows\Cookies\maya@ad.adition[5].txt
46.memecounter.com [ C:\Users\Maya\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\F6Z34LJN ]
banners.securedataimages.com [ C:\Users\Maya\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\F6Z34LJN ]
bc.youporn.com [ C:\Users\Maya\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\F6Z34LJN ]
cdn5.specificclick.net [ C:\Users\Maya\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\F6Z34LJN ]
click.kink.com [ C:\Users\Maya\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\F6Z34LJN ]
files.youporn.com [ C:\Users\Maya\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\F6Z34LJN ]
hzmedia.heyzap.com [ C:\Users\Maya\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\F6Z34LJN ]
icq.oberon-media.com [ C:\Users\Maya\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\F6Z34LJN ]
imagesrv.adition.com [ C:\Users\Maya\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\F6Z34LJN ]
img1.zoosextv.com [ C:\Users\Maya\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\F6Z34LJN ]
media.ign.com [ C:\Users\Maya\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\F6Z34LJN ]
media.liv.ac.uk [ C:\Users\Maya\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\F6Z34LJN ]
media.mtvnservices.com [ C:\Users\Maya\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\F6Z34LJN ]
media.oprah.com [ C:\Users\Maya\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\F6Z34LJN ]
media.resulthost.org [ C:\Users\Maya\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\F6Z34LJN ]
media.rockstargames.com [ C:\Users\Maya\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\F6Z34LJN ]
media.stage-entertainment.de [ C:\Users\Maya\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\F6Z34LJN ]
media.tattomedia.com [ C:\Users\Maya\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\F6Z34LJN ]
media01.kyte.tv [ C:\Users\Maya\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\F6Z34LJN ]
media1.shufuni.com [ C:\Users\Maya\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\F6Z34LJN ]
oddcast.com [ C:\Users\Maya\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\F6Z34LJN ]
pornotube.com [ C:\Users\Maya\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\F6Z34LJN ]
s0.2mdn.net [ C:\Users\Maya\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\F6Z34LJN ]
static.youporn.com [ C:\Users\Maya\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\F6Z34LJN ]
vidii.hardsextube.com [ C:\Users\Maya\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\F6Z34LJN ]
www.8teenxxx.com [ C:\Users\Maya\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\F6Z34LJN ]
www.adservercentral.info [ C:\Users\Maya\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\F6Z34LJN ]
www.alphaporno.com [ C:\Users\Maya\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\F6Z34LJN ]
www.euros4click.de [ C:\Users\Maya\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\F6Z34LJN ]
www.naiadsystems.com [ C:\Users\Maya\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\F6Z34LJN ]
www.pornmovieswatch.com [ C:\Users\Maya\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\F6Z34LJN ]
www.secmedia.de [ C:\Users\Maya\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\F6Z34LJN ]

Registry Cleaner Trial
HKCR\Install.Install
HKCR\Install.Install\CLSID
HKCR\Install.Install\CurVer
HKCR\Install.Install.1
HKCR\Install.Install.1\CLSID

Trojan.Agent/Gen-FakeAV
C:\PROGRAM FILES\WINRAR\DEFAULT.SFX


Eset reich ich nach ;)

Benya08 05.06.2011 10:07
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=bb53c1e3a9b05d41b8254b96ae70da7e
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-06-05 03:14:44
# local_time=2011-06-05 05:14:44 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 100 388148 82120141 294414 0
# compatibility_mode=5892 16776573 100 100 122229 144752705 0 0
# compatibility_mode=8192 67108863 100 0 15939 15939 0 0
# scanned=374869
# found=5
# cleaned=0
# scan_time=23706
C:\Users\Maya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UYVRNKY2\Firefox_Setup[1].exe probably a variant of Win32/TrojanDownloader.Banload.HSGFPBY trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Maya\Documents\SweetImSetup.exe a variant of Win32/SweetIM.B application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Maya\Documents\LimeWire\Incomplete\Preview-T-835676-gothic gotterdammerung.zip a variant of Win32/Kryptik.BIR trojan (unable to clean) 00000000000000000000000000000000 I
D:\Maya\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UYVRNKY2\Firefox_Setup[1].exe probably a variant of Win32/TrojanDownloader.Banload.HSGFPBY trojan (unable to clean) 00000000000000000000000000000000 I
D:\MAYA-PC\Backup Set 2011-05-31 184156\Backup Files 2011-05-31 184156\Backup files 157.zip a variant of Win32/Kryptik.BIR trojan (unable to clean) 00000000000000000000000000000000 I

cosinus 05.06.2011 13:25
Zitat:
C:\Users\Maya\Documents\LimeWire\Incomplete\Preview-T-835676-gothic gotterdammerung.zip a variant of Win32/Kryptik
Was soll das sein?

Beachte, dass man sich über Tauschbörsenprgramme/P2P-Clients schnell Malware laden kann, das ist idR eine nicht vertrauenswürdige Quelle. Außerdem verstößt man bei vielen Dateien gegen das Urheberrecht, womit du dir sehr schnell massiven Ärger einhandeln kannst.

Ansonsten jede Menge Cookies und ein paar Überreste. Der eine Fund bei WinRAR in SASW ist ein Fehlalarm.

Benya08 05.06.2011 16:38
Okay, ich werde Limewire deinstallieren... und was heißt das sonst jetzt für mich? Muss ich jetzt noch irgendwas machen?

cosinus 05.06.2011 16:45
Hast du die Überreste entfernt?
Tauchen noch weitere Meldungen auf oder ist der Rechner nun ok?

Benya08 05.06.2011 17:16
Nee meldungen tauchen momentan keine mehr auf.. und alles was in Quarantäne war hab ich gelöscht

cosinus 05.06.2011 18:16
Dann wären wir durch! :abklatsch:

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update



PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink:

Mozilla und andere Browser => http://filepony.de/?q=Flash+Player
Internet Explorer => http://fpdownload.adobe.com/get/flas..._player_ax.exe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Benya08 06.06.2011 16:47
Zitat:
Zitat von Benya08 (Beitrag 664579)
Zwischendurch ist er allerdings einige Male abgestürzt und hat dann erst einen Blauen Bildschirm voller Text angezeigt, den ich mir leider nicht merken konnte, aber ein Ausschnitt ganz am Anfang war, dass es irgendein Problem gibt und dass der Pc neugestartet wird um das Problem zu beseitigen dann stand da: "KERNEL_DATA_IN...._ERROR" (beim ... weiß ich nicht mehr genau was da stand.. sowas wie "PAGE" oder "BASE" oder so?)
Das gleiche Problem hatte ich eben wieder, als ich versucht habe, über Systemsteuerung was zu deinstallieren.. und der Pc braucht auch immer sehr sehr lange, um die Programme überhaupt erstmal zu laden... das dauert meistens ca. 10 Minuten.. ist das normal? :headbang:

Aber vorerst erstmal VIELEN VIELEN DANK!!!! :) werde demnächst, wenn ich mal wieder etwas mehr geld habe, auch etwas Spenden ;) :dankeschoen:

cosinus 06.06.2011 18:45
Zitat:
Das gleiche Problem hatte ich eben wieder, als ich versucht habe, über Systemsteuerung was zu deinstallieren..
Ich würde erstmal versuchen rauszufinden, ob das nur unter Windows so ist, oder auch mit anderen Betriebssystemen.
Lad dir mal sowas wie Knoppix oder Ubuntu herunter, brenn die iso Datei per Imagebrennfunktion auf eine CD und boote den Rechner davon.
Teste dann mal ausgiebig das System unter Linux und berichte ob es dort stabil läuft.


Alle Zeitangaben in WEZ +1. Es ist jetzt 19:44 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55