Link über ICQ geschickt bekommen und natürlich angeklickt und an alle verschickt

Kumpelblase · 16.04.2010, 13:57

Hallo, ich habe genau das selbe Problem: Gestern habe ich über ICQ den selben Link geschickt bekommen und natürlich angeklickt und an alle versendet usw.
Dann habe ich den CCleaner laufen lassen, danach Malwarebytes (habe alles schlechte gelöscht). Heute habe ich nochmal den CCleaner benutzt, sowie Malewarebytes. Malwarebytes hat heute nichts gefunden, deswegen poste ich jetzt nur mal die Ergebnisse von OTL. Ich hoffe, jemand kann mir helfen, ich bin schon am Verzweifeln...
Übrigens: Gestern, als ich zum Beispiel den CCleaner dowgeloadet habe und das Setup geöffnet habe, wurde der Bildschirm blau mit weißem Text und nach 2 Sekunden startete der PC neu. Danach konnte ich das Setup normal öffnen.

Extras.Txt

Zitat:

OTL Extras logfile created on: 16.04.2010 14:19:19 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\to\Documents\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18241)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 47,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55,89 Gb Total Space | 6,05 Gb Free Space | 10,82% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 54,43 Gb Total Space | 52,41 Gb Free Space | 96,30% Space Free | Partition Type: NTFS
Drive F: | 727,56 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TO-PC
Current User Name: to
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe (Deutsche Telekom AG, T-Com)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\to\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" (Deutsche Telekom AG, T-Com)
htmlfile [opennew] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" (Deutsche Telekom AG, T-Com)
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" (Deutsche Telekom AG, T-Com)
https [open] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" (Deutsche Telekom AG, T-Com)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1AAD574A-D477-43AB-8AE7-1751A3A24534}" = lport=138 | protocol=17 | dir=in | app=system |
"{1B42454F-D29C-43C8-828F-DADEC9C0AFA3}" = lport=139 | protocol=6 | dir=in | app=system |
"{312970B1-9E9B-40A5-9989-8E4F5BBEAC85}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{34F84FA6-4162-4C78-99A9-3F1FB2046634}" = rport=139 | protocol=6 | dir=out | app=system |
"{4483078C-BDD7-48C2-9007-947B2C9EFBA0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{47B2417E-CC79-4A09-BCDB-3B9DCEAD076E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6FEFE727-E2F1-4504-8D09-5BD2787B2F61}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{792B9C02-BEC7-4C04-B517-F2CAB6742C00}" = lport=445 | protocol=6 | dir=in | app=system |
"{7B89EEF7-ADFA-431D-B26C-2DFA91B158F0}" = rport=445 | protocol=6 | dir=out | app=system |
"{8C716A2B-9496-4C5A-9A6E-216ABC88B9B8}" = rport=138 | protocol=17 | dir=out | app=system |
"{914609EB-D60B-4729-8E2C-25B8220FDE4A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{92697B24-00C9-4064-AB58-187FBE52F757}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{95D516F9-B985-4F6D-8A72-97C671974435}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9D5F7FC0-24AA-4135-975D-1E6AD4C7D0E7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A2B8D35D-CD18-4B39-8F43-53AEC604E83E}" = lport=137 | protocol=17 | dir=in | app=system |
"{AAA51540-6CEF-4C6B-A52D-9B276C1EB177}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{C5986ED7-9F1C-429A-827F-CE663431C595}" = rport=137 | protocol=17 | dir=out | app=system |
"{CBCDBB84-FDC5-4957-9EF4-987BCE4ACC28}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D5A524AF-7CD2-46FA-9F06-D1D0D88E4263}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FB402803-FCD0-48D4-BFD0-1DA9913F0B5A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0936E8B3-DBCC-463C-B052-EEF97CBE1627}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{191BCC65-4850-4537-BB2C-F67866ED44ED}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1FF0D43F-8B7B-4A24-AA73-8C3648495E40}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{26081358-9B47-4FE2-AE95-F859E52AD8C2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2F671253-EAD8-46DB-906A-E1DCF199FE4C}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{3BA8EADD-FD05-44E7-B0E8-29481F741225}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{4AE8EF44-BADE-4D2F-AC50-35FF8E3A2EFC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{53B08A10-5F2C-4BE4-B1D9-134A5AC9666C}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{68DDAF20-420C-487F-8E62-ED1ABAAAF633}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{72A0B323-EC99-4A4B-A840-BD03FEF2F02A}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{93B4532E-F545-4182-91BC-1E59EA14BD69}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B4C4BB52-2F67-4440-8F7D-3007F2A290C4}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{C15BDE96-F8CD-4745-A1E6-CF8FC2E03670}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C8ED4047-64DA-4D2F-8FDD-5997BFB09E30}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{D25C7730-CD4C-4664-8AC3-057E2E3DFDE9}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"TCP Query User{256FDBC9-EC8D-4C1D-A339-4E334B6432A6}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{FBFFA895-7124-48A6-B5FC-931813AA568B}C:\program files\kodak\kodak software updater\7288971\program\kodak software updater.exe" = protocol=6 | dir=in | app=c:\program files\kodak\kodak software updater\7288971\program\kodak software updater.exe |
"UDP Query User{59437837-F6F1-4144-B43C-E6486E42C176}C:\program files\kodak\kodak software updater\7288971\program\kodak software updater.exe" = protocol=17 | dir=in | app=c:\program files\kodak\kodak software updater\7288971\program\kodak software updater.exe |
"UDP Query User{F19C3AC0-F1FD-4627-BE64-FD6CFEE01B21}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003B5184-F3DF-AF76-CB17-D35B7BB46B81}" = CCC Help Japanese
"{00D0200F-3B4D-4A2F-869E-533ED835A943}" = Hervorhebe-Funktion (Windows Live Toolbar)
"{01521746-02A6-4A72-00BD-A285DF6B80C6}" = Die Sims 2: Wilde Campus-Jahre
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{0AC49543-9CE2-4434-AD42-5AA6E2967FA5}" = Windows Live Toolbar
"{0F6932CF-E642-5A7A-8194-3F7443188287}" = CCC Help Turkish
"{103A43D9-9ED8-E78D-7BF1-E536DFE6FC9F}" = Catalyst Control Center Localization Greek
"{10798AE3-DCBB-43C3-9C93-C23512427E25}" = Die Sims Deluxe
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4300" = Canon iP4300
"{12688FD7-CB92-4A5B-BEE4-5C8E0574434F}" = Utility Common Driver
"{12887AF2-AE16-34CC-E85C-637DF6911C8C}" = Catalyst Control Center Localization Turkish
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{13614186-B0A0-AA21-F75A-2097F9167DB8}" = CCC Help Portuguese
"{177B615E-47B1-C1C4-6F3B-7D6FEB8D4564}" = CCC Help Thai
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1B14B0C3-2D60-477C-A1FE-B88E60948854}" = OpenOffice.org 2.4
"{218761F6-CBF6-4973-B910-A33E6563A1EA}" = Windows Live Toolbar-Erweiterung (Windows Live Toolbar)
"{2290A680-4083-410A-ADCC-7092C67FC052}" = Toshiba Online Product Information
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26210745-925C-8AE4-F3B9-5FA737A1F6F2}" = CCC Help Russian
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java(TM) 6 Update 12
"{2768CDA5-57DA-59D4-884F-A0F8A5B36D3E}" = CCC Help Finnish
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{29DC966A-DA3E-3ED4-68E7-6D3D9A055B42}" = Catalyst Control Center Localization Korean
"{2DD6C198-FA9A-40B4-8DE5-CE5206E3EB34}" = Smart Menus (Windows Live Toolbar)
"{2DFB5485-A3EF-4298-9280-4AF80C9F4BE9}" = Microsoft SQL Server VSS Writer
"{2E7A9DDC-E062-0074-08AB-DE7D1B431F75}" = Catalyst Control Center Localization Chinese Traditional
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2FAE3800-CC47-C556-C57F-A91851BF7854}" = CCC Help French
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{33824DAC-3F98-0BB6-56D5-7DE1A3CCC068}" = Catalyst Control Center Localization German
"{3621A2DF-0870-FE7E-674F-1DBCB18C5D22}" = ccc-utility
"{3F11CE8A-388B-0D3A-DF6F-061F23A13D26}" = CCC Help Korean
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{41DD15BE-811D-7DEF-19A9-30AF18F75EFF}" = Catalyst Control Center Localization Thai
"{45FCADDB-0B29-457E-83A1-D245C62A716C}" = OLYMPUS Master 2
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisor Password
"{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"{52F368DE-06BD-E116-9233-D1DE207BDFE6}" = CCC Help Dutch
"{53BABC75-1DC1-479B-224B-1EB9E18A799B}" = CCC Help German
"{547DCEC7-DD2A-47E9-82C7-5CF1EAB526DA}" = Microsoft SQL Server Native Client
"{56797214-1A4C-052E-1ECE-B00308BF3362}" = CCC Help Chinese Standard
"{56995235-B76E-44A6-BA17-8FF13D3F907A}" = TOSHIBA Benutzerhandbücher
"{572D71E9-5102-74B3-5D22-DEDF911F7FE5}" = CCC Help Italian
"{5BA0C9F0-3B01-91A3-6922-4DCF943D9CBE}" = CCC Help English
"{5C648FDB-0138-4619-B66E-230EF53E8E2C}" = Die Sims™ 2 Teen Style-Accessoires
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{6080CE3C-2CB3-2FA3-1CE2-3350B06664BC}" = CCC Help Swedish
"{611E35B8-7F46-DDBB-CC4F-FAAED6C054FF}" = Catalyst Control Center Localization Spanish
"{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"{6522C636-B04C-4333-9BEB-9E0C0B6350D6}" = Die Sims™ 2 Küchen- und Bad-Einrichtungs-Accessoires
"{678F1F2D-F214-08D4-67FB-AC04316C4940}" = ccc-core-static
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A0B868C-89BE-ACF1-8C0A-CC88878A9E46}" = Catalyst Control Center Localization Russian
"{6BDD9CE6-D0A6-478A-BAD3-BA6945E89EB0}" = Die Sims 2: Family Fun - Accessoires
"{6C4734CF-A10C-DFF4-5565-457F33849862}" = Catalyst Control Center Localization Swedish
"{6C5F3BDC-0A1B-4436-A696-5939629D5C31}" = TOSHIBA DVD PLAYER
"{6DECCD60-782D-7B14-22DE-FB8D6EA46433}" = CCC Help Polish
"{6E17F9751-F056-4335-B718-8AF1B1092AFB}" = Die Sims™ 2 IKEA® Home-Accessoires
"{715044AC-B95E-4CD0-9B0C-CEDDB422F93B}" = CCC Help Czech
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{724A8BEC-B350-1C76-C580-959AEA487108}" = Catalyst Control Center Localization Japanese
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites für Windows Live Toolbar
"{78C6A78A-8B03-48C8-A47C-78BA1FCA2307}" = TOSHIBA ConfigFree
"{7994AA46-4BA6-4349-1606-1DF4148CE05B}" = CCC Help Hungarian
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{7AFBAC39-F6A8-9F8D-6A6D-F134F7E34B6E}" = Catalyst Control Center Localization Danish
"{7B3577F5-1D82-4C9B-008B-69D026FD8BCA}" = Die Sims 2: Open For Business
"{7D9B77E1-0078-0001-4447-ADD4C0A93D1D}" = Sansa Media Converter
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114323150}" = Jojo’s Fashion Show
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115310837}" = Jojos Fashion Show 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115424157}" = Club der Ermittlerinnen
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-118116283}" = Jojo’s Fashion Show World Tour 3
"{82F2B38B-1426-443D-874C-AC25675E7BEB}" = Windows Live Mail
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{845D19A7-0BBF-12DF-87CF-F5D468930EA6}" = Catalyst Control Center Localization Czech
"{84DDE556-43EF-43ed-B2DF-37AF9E5DDD75}" = Die Sims™ 2 H&M®-Fashion-Accessoires
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{886F91D5-4B45-45DC-938E-6B0276C6B015}" = Solid Edge V20
"{8AF3E926-ED59-11D4-A44B-0000E86D2305}" = Ulead GIF Animator 5 Test
"{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}" = Kaspersky Internet Security 2009
"{90BF970B-3335-CFD5-711C-9FE0310A97C0}" = CCC Help Greek
"{926593ED-3962-4630-7CE3-34FF1B4ACCF3}" = Catalyst Control Center Localization Finnish
"{9C244239-ED8E-40f1-937F-51C706CD2160}" = Die Sims™ 2 Deluxe
"{9CDBC303-3EED-40b0-8E41-A7C65AA96C26}" = Die Sims™ 2: Glamour-Accessoires
"{9EB0D4D4-87A5-52F5-C59C-159F81BED0E6}" = Catalyst Control Center Graphics Previews Vista
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A1D08B90-AE1A-4885-AC29-731496FD397E}" = Windows Live Fotogalerie
"{A333EE46-58F3-4DF6-9C7C-6C5131D5F510}" = Windows Live OneCare Family Safety
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6D4234C-CB02-4048-AC3E-AD09404FA35A}" = Emdedded IR Driver
"{A91383E9-0311-DB40-6AF6-3F9E80F83E84}" = Catalyst Control Center Localization Portuguese
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{B1211E68-4DA2-7942-BE75-14272A8C1EA9}" = Catalyst Control Center Localization Dutch
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B1F8FA80-EFA5-EC12-AD36-F5266EF90B61}" = CCC Help Danish
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B4369E44-8703-E769-A711-40EE5000AC2C}" = Catalyst Control Center Core Implementation
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B7DE7B5E-4A2B-B709-E133-EC74C81E654A}" = Catalyst Control Center Graphics Full New
"{B87A3B9F-7632-E053-2148-8EDD1A787B78}" = Catalyst Control Center Localization Chinese Standard
"{B8D42C3A-3CFF-4A8A-A7DA-4F44474D12C5}" = Windows Live Writer
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{C7EA6173-A2B8-D45E-A0EE-74F8D2C58D30}" = Catalyst Control Center Localization Hungarian
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D1C3920F-1DC3-A2FA-BF5E-7497B5EF072E}" = Catalyst Control Center Localization Norwegian
"{D95AAA04-9BEF-54B3-CD70-348AC1155DAB}" = Catalyst Control Center Graphics Full Existing
"{D9C7C58C-AC51-EDBF-CF22-E4E1B93ED50D}" = Skins
"{DB780B85-B4B5-4864-A49C-9B706B169C93}" = TIPCI
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{DDC4619D-1DC8-C2A7-4968-45586F237131}" = CCC Help Norwegian
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = Die Sims™ 2 Vier Jahreszeiten
"{E015B7D9-01AD-FE29-052A-489F4F29ED7F}" = Catalyst Control Center Graphics Light
"{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D}" = Bonjour
"{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9-Reihe
"{E7511B20-2857-3F50-1B84-F0F32C519FE1}" = CCC Help Chinese Traditional
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EAA38532-7AD0-4f78-918A-4F4F02096ECE}" = Die Sims™ 2 Party-Accessoires
"{EADAA6F7-991F-4CE9-B5CE-FCF3D81F7C7D}" = USB PC Camera (SN9C103)
"{EB5BE9DE-6025-6227-0C25-AE5C852EC479}" = Catalyst Control Center Localization Polish
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EC28331A-FF2B-6D66-D8A0-32C706AEA120}" = CCC Help Spanish
"{F07B861C-72B9-40A4-8B1A-AAED4C06A7E8}" = QuickTime
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F214EAA4-A069-4BAF-9DA4-4DB8BEEDE485}" = DVD MovieFactory for TOSHIBA
"{F2B27034-6059-0549-F01A-4BD9865521B1}" = Catalyst Control Center Localization French
"{FBE6B550-A93E-AA46-1DBB-421EC319E2DA}" = Catalyst Control Center Localization Italian
"{FC053571-8507-44E4-8B6D-AACEAB8CA57C}" = Sansa Media Converter
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AlphaTast 1.4_is1" = AlphaTast 1.4
"ATI Uninstaller" = ATI Uninstaller
"Canon iP4300 Benutzerregistrierung" = Canon iP4300 Benutzerregistrierung
"Canon Setup Utility 2.3" = Canon Setup Utility 2.3
"CCleaner" = CCleaner
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition 2.0.0.1 (D)
"Free Studio_is1" = Free Studio version 4.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"GamesBar" = GamesBar 1.1.0.5
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}" = TOSHIBA Supervisorkennwort
"InstallShield_{5279374D-87FE-4879-9385-F17278EBB9D3}" = TOSHIBA Hardware Setup
"InstallShield_{617C36FD-0CBE-4600-84B2-441CEB12FADF}" = TOSHIBA Extended Tiles for Windows Mobility Center
"InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}" = TOSHIBA Flash Cards Support Utility
"InstallShield_{A6D4234C-CB02-4048-AC3E-AD09404FA35A}" = Emdedded IR Driver
"InstallShield_{DB780B85-B4B5-4864-A49C-9B706B169C93}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{E0A96F36-D546-4A2A-BDAA-2A2A578B2C0D}" = Bonjour
"InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package
"InstallWIX_{8CB14A64-CEF4-4C8F-B1C8-1C3B8752CB55}" = Kaspersky Internet Security 2009
"InterActual Player" = InterActual Player
"jetztspielenob.de Toolbar" = jetztspielenob.de Toolbar
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"MAGIX Digital Foto Maker SE D" = MAGIX Digital Foto Maker SE 4.1.0.835 (D)
"MAGIX Foto Suite D" = MAGIX Foto Suite 1.12.0.89 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service 2.3.2.0 (D)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaNavigation.CDLabelPrint" = CD-LabelPrint
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"myphotobook" = myphotobook 3.1
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"Sims2Pack Clean Installer " = Sims2Pack Clean Installer
"Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar
"T-Online-Toolbar-2_is1" = T-Online Toolbar 2.0
"TOSHIBA Software Modem" = TOSHIBA Software Modem
"Uninstall_is1" = Uninstall 1.0.0.1
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Encoder 9" = Windows Media Encoder 9-Reihe
"Yahoo! Companion" = Yahoo! Toolbar
"Zylom Games Player Plugin" = Zylom Games Player Plugin

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus
"Zeal Deluxe" = Zeal Deluxe

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 15.04.2010 09:53:58 | Computer Name = to-PC | Source = Application Hang | ID = 1002
Description = Programm ICQ.exe, Version 6.5.0.2024 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: df8 Anfangszeit: 01cadca2cce4f119 Zeitpunkt der Beendigung:
172

Error - 15.04.2010 10:16:26 | Computer Name = to-PC | Source = WerSvc | ID = 5007
Description =

Error - 15.04.2010 10:20:44 | Computer Name = to-PC | Source = Application Hang | ID = 1002
Description = Programm ICQ.exe, Version 6.5.0.2024 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: c1c Anfangszeit: 01cadca68fa7b549 Zeitpunkt der Beendigung:
570

Error - 15.04.2010 10:23:23 | Computer Name = to-PC | Source = Application Hang | ID = 1002
Description = Programm ICQ.exe, Version 6.5.0.2024 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: 110c Anfangszeit: 01cadca7103e1aa9 Zeitpunkt der Beendigung:
242

Error - 15.04.2010 11:01:39 | Computer Name = to-PC | Source = WerSvc | ID = 5007
Description =

Error - 15.04.2010 11:05:56 | Computer Name = to-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.0.6000.16771 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 16c Anfangszeit: 01cadcac84f50dbf Zeitpunkt
der Beendigung: 0

Error - 15.04.2010 12:20:37 | Computer Name = to-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Jojos3.exe, Version 1.0.0.46, Zeitstempel 0x4ace216c,
fehlerhaftes Modul ntdll.dll, Version 6.0.6000.16386, Zeitstempel 0x4549bdc9, Ausnahmecode
0xc0000005, Fehleroffset 0x0002294f, Prozess-ID 0xd80, Anwendungsstartzeit 01cadcb7937295b8.

Error - 15.04.2010 13:19:36 | Computer Name = to-PC | Source = WerSvc | ID = 5007
Description =

Error - 16.04.2010 07:50:20 | Computer Name = to-PC | Source = WerSvc | ID = 5007
Description =

Error - 16.04.2010 08:17:34 | Computer Name = to-PC | Source = Application Hang | ID = 1002
Description = Programm RSIT.exe, Version 3.2.12.1 arbeitet nicht mehr mit Windows
zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
zu suchen. Prozess-ID: da4 Anfangszeit: 01cadd5d5d3223ca Zeitpunkt der Beendigung:
10

[ System Events ]
Error - 15.04.2010 12:20:41 | Computer Name = to-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 15.04.2010 12:20:41 | Computer Name = to-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 15.04.2010 12:21:57 | Computer Name = to-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 16.04.2010 07:33:37 | Computer Name = to-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
6, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.

Error - 16.04.2010 07:33:37 | Computer Name = to-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
7, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.

Error - 16.04.2010 07:33:37 | Computer Name = to-PC | Source = ACPI | ID = 327686
Description = IRQARB: ACPI-BIOS enthält keinen IRQ für das Gerät im PCI-Steckplatz
5, Funktion 0. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
zu erhalten.

Error - 16.04.2010 07:33:51 | Computer Name = to-PC | Source = Microsoft-Windows-Kernel-WHEA | ID = 6
Description =

Error - 16.04.2010 07:35:36 | Computer Name = to-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 16.04.2010 07:35:36 | Computer Name = to-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 16.04.2010 07:36:23 | Computer Name = to-PC | Source = Service Control Manager | ID = 7022
Description =

< End of report >

Kumpelblase · 16.04.2010, 13:58

OTL.Txt

Zitat:

OTL logfile created on: 16.04.2010 14:19:19 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\to\Documents\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18241)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 47,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55,89 Gb Total Space | 6,05 Gb Free Space | 10,82% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 54,43 Gb Total Space | 52,41 Gb Free Space | 96,30% Space Free | Partition Type: NTFS
Drive F: | 727,56 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TO-PC
Current User Name: to
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\to\Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\Public\dlll.exe ()
PRC - C:\Users\to\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 2.4\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Family Safety\fssui.exe (Microsoft Corporation)
PRC - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Marmiko Shared\MWLaMaS.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
PRC - C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
PRC - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\PAStiSvc.exe ()

========== Modules (SafeList) ==========

MOD - C:\Users\to\Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky Lab)
MOD - C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll (Kaspersky Lab)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.20533_none_4634c4a0218d65c1\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (TOSHIBA Bluetooth Service) -- File not found
SRV - (LiveUpdate Notice Ex) -- File not found
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab)
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (LiveUpdate) -- C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (Symantec Corporation)
SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (TNaviSrv) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (STI Simulator) -- C:\Windows\System32\PAStiSvc.exe ()

========== Driver Services (SafeList) ==========

DRV - (SCREAMINGBDRIVER) -- C:\Windows\System32\drivers\ScreamingBAudio.sys (Screaming Bee LLC)
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (klbg) -- C:\Windows\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab)
DRV - (KLFLTDEV) -- C:\Windows\System32\drivers\klfltdev.sys (Kaspersky Lab)
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)
DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (MTOnlPktAlyX) -- C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (LPCFilter) -- C:\Windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV - (k510mgmt) Sony Ericsson K510 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\k510mgmt.sys (MCCI)
DRV - (k510bus) Sony Ericsson K510 Driver driver (WDM) -- C:\Windows\System32\drivers\k510bus.sys (MCCI)
DRV - (PAC7311) -- C:\Windows\System32\drivers\PA707UCM.SYS (PixArt Imaging Inc.)
DRV - (Iviaspi) -- C:\Windows\System32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://www.t-online.de/service/redir/ie7_start.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://www.explorerstartpage.com/wspage.php
IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {fc01c2be-850b-4115-9b6b-9a427ddecc34} - C:\Program Files\jetztspielenob.de\tbjetz.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://www.t-online.de/service/redir/ie7_start.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = h**p://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://search.conduit.com?SearchSource=10&ctid=CT2528046
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = h**p://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = h**p://www.google.com/ie
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {fc01c2be-850b-4115-9b6b-9a427ddecc34} - C:\Program Files\jetztspielenob.de\tbjetz.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2008.03.08 23:15:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\THBExt [2009.05.14 15:33:53 | 000,000,000 | ---D | M]

[2010.04.08 19:24:09 | 000,000,000 | ---D | M] -- C:\Users\to\AppData\Roaming\mozilla\Extensions
[2010.04.08 19:24:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\to\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.02.08 18:18:36 | 000,000,000 | ---D | M] -- C:\Users\to\AppData\Roaming\mozilla\Firefox\Profiles\sfhzp948.default\extensions
[2010.01.04 20:02:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\to\AppData\Roaming\mozilla\Firefox\Profiles\sfhzp948.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2007.12.19 14:57:38 | 000,310,272 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2009.03.24 11:10:44 | 000,114,688 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live OneCare Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (jZip Webmail plugin) - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files\jZip\WebmailPlugin.dll (Discordia Limited)
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Germany GmbH)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (jetztspielenob.de Toolbar) - {fc01c2be-850b-4115-9b6b-9a427ddecc34} - C:\Program Files\jetztspielenob.de\tbjetz.dll (Conduit Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Germany GmbH)
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (jetztspielenob.de Toolbar) - {fc01c2be-850b-4115-9b6b-9a427ddecc34} - C:\Program Files\jetztspielenob.de\tbjetz.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Germany GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (jetztspielenob.de Toolbar) - {FC01C2BE-850B-4115-9B6B-9A427DDECC34} - C:\Program Files\jetztspielenob.de\tbjetz.dll (Conduit Ltd.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [fssui] C:\Program Files\Windows Live\Family Safety\fssui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] File not found
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [TrustInstaller] F:\Setup.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
O4 - HKCU..\Run: [TOSCDSPD] File not found
O4 - HKCU..\Run: [Windows System Guard] C:\Users\Public\dlll.exe ()
O4 - Startup: C:\Users\to\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe ()
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Computer, Inc.)
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - DefaultPrefix: h**p://www.myhottersearchbox.com/not_found_de/?url=
O13 - gopher Prefix: missing
O13 - www Prefix: h**p://www.myhottersearchbox.com/not_found_de/?url=
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} h**p://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} h**p://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} h**p://game04.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} h**p://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll) - C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Users\to\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\to\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.01.26 10:41:23 | 000,000,000 | R--D | M] - F:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2007.01.26 10:36:30 | 000,700,416 | R--- | M] (Electronic Arts Inc.) - F:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2007.01.26 10:40:58 | 000,000,149 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2007.01.26 09:06:20 | 000,651,264 | R--- | M] (Electronic Arts Inc.) - F:\AutoRunGUI.dll -- [ UDF ]
O33 - MountPoints2\{6d0e919a-767a-11dc-9b6e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6d0e919a-767a-11dc-9b6e-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007.01.26 10:36:30 | 000,700,416 | R--- | M] (Electronic Arts Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.04.16 14:07:24 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.04.16 14:07:23 | 000,000,000 | ---D | C] -- C:\rsit
[2010.04.15 17:07:22 | 000,000,000 | ---D | C] -- C:\Users\to\AppData\Roaming\Malwarebytes
[2010.04.15 17:07:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.15 17:07:05 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.15 17:07:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.04.15 17:07:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.04.15 16:44:19 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.04.14 13:51:57 | 003,502,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.04.14 13:51:57 | 003,468,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.04.14 13:51:20 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.04.14 13:51:02 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010.04.14 13:51:02 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010.04.14 13:50:56 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2010.04.14 13:50:56 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2010.04.13 18:12:53 | 000,000,000 | ---D | C] -- C:\Program Files\Pogo DE
[2010.04.10 18:46:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\oberon
[2010.04.10 18:44:42 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Games
[2010.04.08 19:24:05 | 000,000,000 | ---D | C] -- C:\Users\to\AppData\Roaming\Thunderbird
[2010.04.08 19:24:05 | 000,000,000 | ---D | C] -- C:\Users\to\AppData\Local\Thunderbird
[2010.03.28 23:00:53 | 000,000,000 | ---D | C] -- C:\Users\to\AppData\Roaming\Screaming Bee
[2010.03.28 22:58:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Screaming Bee
[2010.03.28 22:58:43 | 000,000,000 | ---D | C] -- C:\Program Files\Screaming Bee
[2010.03.28 18:59:23 | 000,000,000 | ---D | C] -- C:\Users\to\AppData\Roaming\Skype
[2010.03.24 21:14:06 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010.03.17 20:21:22 | 000,000,000 | ---D | C] -- C:\ProgramData\HipSoft
[2009.04.23 18:22:36 | 000,057,344 | ---- | C] ( ) -- C:\Windows\System32\rsnpstd2.dll
[2009.04.23 18:22:36 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd2.dll
[2009.04.23 18:22:36 | 000,036,864 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd2.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.04.16 14:22:17 | 003,932,160 | -HS- | M] () -- C:\Users\to\ntuser.dat
[2010.04.16 14:20:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{27858872-55CC-4814-BE2F-26142212BA87}.job
[2010.04.16 14:09:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3378121828-3667255940-265597927-1000UA.job
[2010.04.16 14:06:01 | 000,015,408 | ---- | M] () -- C:\Users\to\Desktop\sonstiges.odt
[2010.04.16 13:38:37 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.04.16 13:38:00 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{971795F1-E289-4B03-9D5E-93D27018AF41}.job
[2010.04.16 13:34:43 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.04.16 13:34:43 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.04.16 13:34:32 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.04.16 13:34:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.04.16 13:33:56 | 2011,217,920 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.15 19:24:43 | 007,010,336 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.dat
[2010.04.15 19:24:43 | 000,745,504 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox2.dat
[2010.04.15 19:24:43 | 000,056,896 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.idx
[2010.04.15 19:24:43 | 000,003,628 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox2.idx
[2010.04.15 19:23:54 | 004,490,455 | -H-- | M] () -- C:\Users\to\AppData\Local\IconCache.db
[2010.04.15 18:09:00 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3378121828-3667255940-265597927-1000Core.job
[2010.04.15 17:07:12 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.15 17:01:58 | 000,136,432 | ---- | M] () -- C:\Users\to\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.04.15 17:00:29 | 000,459,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.04.15 16:44:21 | 000,001,675 | ---- | M] () -- C:\Users\to\Desktop\CCleaner.lnk
[2010.04.15 16:16:26 | 000,000,848 | ---- | M] () -- C:\Windows\System32\%LocalXml%
[2010.04.14 19:26:59 | 000,618,730 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.04.14 19:26:58 | 000,651,644 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.04.14 19:26:58 | 000,121,424 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.04.14 19:26:58 | 000,107,874 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.04.14 19:26:57 | 001,488,910 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.04.11 00:49:18 | 000,053,248 | -H-- | M] () -- C:\Users\to\Desktop\photothumb.db
[2010.04.09 15:41:19 | 000,001,037 | ---- | M] () -- C:\Users\to\Desktop\DVDVideoSoft Free Studio.lnk
[2010.03.31 23:10:04 | 000,002,032 | ---- | M] () -- C:\Users\to\Desktop\Google Chrome.lnk
[2010.03.29 15:51:38 | 000,011,776 | ---- | M] () -- C:\Users\to\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.29 15:48:31 | 000,002,339 | ---- | M] () -- C:\Users\to\Desktop\Windows Movie Maker 2.6.lnk
[2010.03.29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.03.29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.03.28 19:02:15 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.04.15 17:07:12 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.15 16:44:21 | 000,001,675 | ---- | C] () -- C:\Users\to\Desktop\CCleaner.lnk
[2010.04.11 00:49:17 | 000,053,248 | -H-- | C] () -- C:\Users\to\Desktop\photothumb.db
[2010.03.31 23:24:50 | 000,015,408 | ---- | C] () -- C:\Users\to\Desktop\sonstiges.odt
[2010.03.28 19:02:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.11.29 19:05:56 | 000,014,049 | ---- | C] () -- C:\Users\to\AppData\Roaming\***.xml
[2009.11.29 19:03:30 | 000,000,789 | ---- | C] () -- C:\Users\to\AppData\Roaming\users.xml
[2009.04.23 18:22:40 | 000,015,532 | ---- | C] () -- C:\Windows\snpstd2.ini
[2009.04.23 18:22:37 | 000,343,680 | ---- | C] () -- C:\Windows\System32\drivers\snpstd2.sys
[2009.04.02 14:31:17 | 000,009,057 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2009.03.13 16:34:16 | 000,000,074 | ---- | C] () -- C:\Users\to\AppData\Local\adv.ini
[2008.11.24 21:33:32 | 000,000,088 | RHS- | C] () -- C:\ProgramData\3C209F2962.sys
[2008.11.24 21:33:31 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2008.08.19 21:26:39 | 000,000,009 | ---- | C] () -- C:\Windows\ulead32.ini
[2008.03.26 23:26:24 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008.01.09 20:45:17 | 000,000,016 | -H-- | C] () -- C:\ProgramData\mxfilerelatedcache.mxc2
[2007.12.28 16:48:20 | 000,000,680 | ---- | C] () -- C:\Users\to\AppData\Local\d3d9caps.dat
[2007.12.14 16:20:39 | 000,000,090 | ---- | C] () -- C:\Users\to\AppData\Local\fusioncache.dat
[2007.10.17 18:33:05 | 000,011,776 | ---- | C] () -- C:\Users\to\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.10.17 14:16:27 | 000,000,016 | -H-- | C] () -- C:\Users\to\AppData\Roaming\mxfilerelatedcache.mxc2
[2007.10.17 14:16:27 | 000,000,016 | -H-- | C] () -- C:\Users\to\AppData\Local\mxfilerelatedcache.mxc2
[2007.10.17 14:16:25 | 000,000,016 | -H-- | C] () -- C:\Users\to\mxfilerelatedcache.mxc2
[2007.10.10 08:26:42 | 000,000,020 | -HS- | C] () -- C:\Users\to\ntuser.ini
[2007.10.10 08:26:41 | 000,524,288 | -HS- | C] () -- C:\Users\to\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2007.10.10 08:26:41 | 000,524,288 | -HS- | C] () -- C:\Users\to\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2007.10.10 08:26:41 | 000,262,144 | -H-- | C] () -- C:\Users\to\ntuser.dat.LOG1
[2007.10.10 08:26:41 | 000,065,536 | -HS- | C] () -- C:\Users\to\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2007.10.10 08:26:41 | 000,000,000 | -H-- | C] () -- C:\Users\to\ntuser.dat.LOG2
[2007.10.10 08:26:40 | 003,932,160 | -HS- | C] () -- C:\Users\to\ntuser.dat
[2007.10.09 17:21:16 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007.10.09 17:21:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007.10.09 17:21:16 | 000,010,146 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007.10.09 17:21:16 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007.05.31 16:05:10 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007.05.31 15:41:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007.05.31 15:41:48 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007.05.31 15:41:48 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007.05.31 15:41:48 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007.05.31 15:41:48 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007.05.31 15:41:48 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007.05.31 15:32:33 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007.05.31 15:20:33 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2007.05.31 14:49:39 | 000,000,291 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2007.05.31 14:47:52 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.12.05 13:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 10:31:23 | 000,589,824 | ---- | C] () -- C:\Windows\System32\ole4fs9y.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.11.23 13:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2005.07.22 21:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2002.03.17 02:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000096.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:EB603FE4
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:9E3E060F
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:50631D57
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:9AB338B9
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:67BA17B9
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:E945C214
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:31F2397C
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:A18D1A5B
@Alternate Data Stream - 192 bytes -> C:\ProgramData\TEMP:403264CC
@Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:F50F1555
@Alternate Data Stream - 164 bytes -> C:\ProgramData\TEMP:D88D995C
@Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:18AE7C5A
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:8EEE3BBB
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:5E3FBF9D
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:A696643D
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:158CC5FF
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:E1982A23
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:5EBA4934
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:5345C8F6
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:CEE4A457
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:89C28CF6
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:89123481
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:3D186293
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:F42CF153
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:E0A3E0DB
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:3AE22B1A
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:273A8657
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:588B60C7
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:F84B8DB5
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:BAC2F271
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:A08FFD4D
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:EDC744FB
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:8FBE0E9C
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:5F538558
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:1D6686D8
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:E80802C7
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:912389B7
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:551BED5F
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:FDDD8917
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:EC7C9796
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:C0D722EB
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:B845F669
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:FA8B212D
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:C928F3BE
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:7972CF54
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:101708D3
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:0D31DA45
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:0B61DB9F
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:90865A6D
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:3B812EE0
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:053BAE56
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:D8A7F3FF
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:55F44B88
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E4FCDFD9
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D66B5EAE
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:567AC0A6
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:3A6BC948
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:38B32B54
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:CD9109D4
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:7E95B6FD
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:7CEDF9F3
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:177313FB
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:05E0618E
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:ABE89FFE
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:EF0D9BBA
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:BB48E5A3
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:74699137
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:598E0FFA
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:41099CE9
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:38E2864F
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:E855BDCF
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A3B8F70C
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:753B0F80
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:700CD00E
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:52B72A7C
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:4363DE71
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:42228396
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:2871B698
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:FB97DB91
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:F951183D
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:7B52659E
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:E71141D2
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:C9FD258B
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:C8E82994
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:B4980368
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:A58B27C9
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:9ACB70D7
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:EC2381A4
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:91486201
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:6A97C459
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:57EE48CA
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:48FEA089
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:3E06C78F
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:375FC7E7
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:0F0A5896
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:81ED9272
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:4A1628E5
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:3CD562B4
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A6346EE9
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:3FD496E1
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:22313216
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:D055FC10
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:CF5C4195
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:9C56C790
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:B268A25C
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:9398DBB4
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:81653DC8
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:3CF23EC3
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:CC7738DB
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:B12D1A7D
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:6BD1DCDD
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:61E5F0F7
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:4FE30352
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:2B1EA607
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:DA3C6C07
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:70E897B5
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:6C5EC3CD
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:39C7B7C6
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:EE3A2438
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:A4F0E644
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:5E1404CE
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:4E6B8D68
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:EF794BCD
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:C4A1F01E
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:2F141B68
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:2E49FF93
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:D0668210
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:943D6A82
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:5466F106
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:43301D1D
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:E5AFE07D
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:561B1D2B
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:523B97A0
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:24FECE50
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:08D8BB20
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:FDCAE7B5
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:2ABEB9EB
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:05816AFA
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:FC4EA67C
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:D8DB81DC
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:D507B5A8
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:92A815D8
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:80B291A7
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:225CD7D5
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:EA2FBCA1
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:9B52F176
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:569CEE83
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:2B99FE60
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:126591AF
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:D2D4B33E
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:CE7C61DF
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:53DF59D1
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:331B76C7
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:DF2EA4BB
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:D48500F8
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:C0A9D0E7
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:5BC73C48
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:E32966C0
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:F14D1F80
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:DAAE6F43
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:BDF08FAF
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:4E903DEB
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:1CB8D545
< End of report >

:dankeschoen: für eure Bemühungen!

Yoshi- · 16.04.2010, 15:46

Log von Malware Bytes?

Kumpelblase · 17.04.2010, 08:47

Gestern hat Malwarebytes nichts gefunden, heute 1 infiziertes Objekt, dass ich dann entfernen lassen habe. Hier mal die Logfile:

Malwarebytes' Anti-Malware 1.45
w*w.malwarebytes.org

Datenbank Version: 4000

Windows 6.0.6000
Internet Explorer 8.0.6001.18241

17.04.2010 09:37:36
mbam-log-2010-04-17 (09-37-36).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 123378
Laufzeit: 13 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\to\AppData\Local\Temp\dwk.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

Yoshi- · 17.04.2010, 11:38

Ich beziehe mich darauf:

Zitat:

danach Malwarebytes (habe alles schlechte gelöscht).

Kumpelblase · 17.04.2010, 12:36

Malwarebytes' Anti-Malware 1.45
w*w.malwarebytes.org

Datenbank Version: 3991

Windows 6.0.6000
Internet Explorer 8.0.6001.18241

15.04.2010 17:25:52
mbam-log-2010-04-15 (17-25-52).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 123567
Laufzeit: 15 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 2
Infizierte Registrierungsschlüssel: 14
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 5

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\Users\to\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.
C:\Windows\System32\adlaunch32.dll (IM.Worm) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{25f97eb4-1c02-45ba-ba0c-e67aace64d4a} (Adware.ToolBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25f97eb4-1c02-45ba-ba0c-e67aace64d4a} (Adware.ToolBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{6f282b65-56bf-4bd1-a8b2-a4449a05863d} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{25f97eb4-1c02-45ba-ba0c-e67aace64d4a} (Adware.ToolBar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1a93c934-025b-4c3a-b38e-9654a7003239} (Adware.Gamesbar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{055fd26d-3a88-4e15-963d-dc8493744b1d} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7914d9f0-dd27-4260-9bc1-ae01834b77ca} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7914d9f0-dd27-4260-9bc1-ae01834b77ca} (Trojan.BHO) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{25f97eb4-1c02-45ba-ba0c-e67aace64d4a} (Adware.ToolBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{25f97eb4-1c02-45ba-ba0c-e67aace64d4a} (Adware.ToolBar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\canaveral (Trojan.Downloader) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (IM.Worm) -> Data: c:\windows\system32\adlaunch32.dll -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (IM.Worm) -> Data: system32\adlaunch32.dll -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Program Files\T-Online\T-Online_Toolbar_2\T-Online_Toolbar_2.0.dll (Adware.ToolBar) -> Quarantined and deleted successfully.
C:\Users\to\AppData\Local\Temp\sshnas21.dll (Trojan.Downloader) -> Delete on reboot.
C:\Windows\System32\adlaunch32.dll (IM.Worm) -> Delete on reboot.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\ICQToolbar\toolbaru.dll (Trojan.BHO) -> Quarantined and deleted successfully.

Yoshi- · 17.04.2010, 12:45

Gut diese fehlten im OTL Log.

Starte nun OTL und füge den unten stehenden Code komplett in die Box
"Custom Scan/Fixes"
drücke dann auf Run Fixes.

Code:

ATTFilter

:OTL
PRC - C:\Users\Public\dlll.exe ()
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
O4 - HKCU..\Run: [Windows System Guard] C:\Users\Public\dlll.exe ()
[2010.04.16 13:34:32 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
:Commands
[emptytemp]
[resethosts]

Kumpelblase · 17.04.2010, 13:12

OTL logfile created on: 17.04.2010 13:57:23 - Run 2
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\to\Documents\Downloads
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18241)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 53,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55,89 Gb Total Space | 6,55 Gb Free Space | 11,72% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 54,43 Gb Total Space | 51,83 Gb Free Space | 95,22% Space Free | Partition Type: NTFS
Drive F: | 727,56 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TO-PC
Current User Name: to
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\to\Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\to\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 2.4\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
PRC - C:\Program Files\Windows Live\Family Safety\fssui.exe (Microsoft Corporation)
PRC - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Marmiko Shared\MWLaMaS.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
PRC - C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
PRC - C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe (TOSHIBA)
PRC - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
PRC - C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\Sandisk\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
PRC - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\PAStiSvc.exe ()

========== Modules (SafeList) ==========

MOD - C:\Users\to\Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky Lab)
MOD - C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll (Kaspersky Lab)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.20533_none_4634c4a0218d65c1\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (TOSHIBA Bluetooth Service) -- File not found
SRV - (LiveUpdate Notice Ex) -- File not found
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe (Kaspersky Lab)
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (LiveUpdate) -- C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (Symantec Corporation)
SRV - (Automatisches LiveUpdate - Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (TNaviSrv) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe (TOSHIBA Corporation)
SRV - (TosCoSrv) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe (TOSHIBA Corporation)
SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (UleadBurningHelper) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (TODDSrv) -- C:\Windows\System32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (SQLWriter) -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe (MAGIX®)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (STI Simulator) -- C:\Windows\System32\PAStiSvc.exe ()

========== Driver Services (SafeList) ==========

DRV - (SCREAMINGBDRIVER) -- C:\Windows\System32\drivers\ScreamingBAudio.sys (Screaming Bee LLC)
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (klbg) -- C:\Windows\system32\drivers\klbg.sys (Kaspersky Lab)
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab)
DRV - (KLFLTDEV) -- C:\Windows\System32\drivers\klfltdev.sys (Kaspersky Lab)
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (tos_sps32) -- C:\Windows\system32\DRIVERS\tos_sps32.sys (TOSHIBA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (tifm21) -- C:\Windows\System32\drivers\tifm21.sys (Texas Instruments)
DRV - (KR10N) -- C:\Windows\system32\drivers\kr10n.sys (TOSHIBA CORPORATION)
DRV - (KR10I) -- C:\Windows\system32\drivers\kr10i.sys (TOSHIBA CORPORATION)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (tdcmdpst) -- C:\Windows\System32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (MTOnlPktAlyX) -- C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (LPCFilter) -- C:\Windows\system32\DRIVERS\LPCFilter.sys (COMPAL ELECTRONIC INC.)
DRV - (k510mgmt) Sony Ericsson K510 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\k510mgmt.sys (MCCI)
DRV - (k510bus) Sony Ericsson K510 Driver driver (WDM) -- C:\Windows\System32\drivers\k510bus.sys (MCCI)
DRV - (PAC7311) -- C:\Windows\System32\drivers\PA707UCM.SYS (PixArt Imaging Inc.)
DRV - (Iviaspi) -- C:\Windows\System32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://www.t-online.de/service/redir/ie7_start.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://www.explorerstartpage.com/wspage.php
IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {fc01c2be-850b-4115-9b6b-9a427ddecc34} - C:\Program Files\jetztspielenob.de\tbjetz.dll (Conduit Ltd.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://www.t-online.de/service/redir/ie7_start.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = h**p://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://search.conduit.com?SearchSource=10&ctid=CT2528046
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = h**p://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = h**p://www.google.com/ie
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\..\URLSearchHook: {fc01c2be-850b-4115-9b6b-9a427ddecc34} - C:\Program Files\jetztspielenob.de\tbjetz.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Mozilla\Firefox Extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2008.03.08 23:15:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\THBExt [2009.05.14 15:33:53 | 000,000,000 | ---D | M]

[2010.04.08 19:24:09 | 000,000,000 | ---D | M] -- C:\Users\to\AppData\Roaming\mozilla\Extensions
[2010.04.08 19:24:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\to\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.02.08 18:18:36 | 000,000,000 | ---D | M] -- C:\Users\to\AppData\Roaming\mozilla\Firefox\Profiles\sfhzp948.default\extensions
[2010.01.04 20:02:35 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\to\AppData\Roaming\mozilla\Firefox\Profiles\sfhzp948.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live OneCare Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (jZip Webmail plugin) - {647FD14A-C4F1-46F4-8FC3-0B40F54226F7} - C:\Program Files\jZip\WebmailPlugin.dll (Discordia Limited)
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll (Google Germany GmbH)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (jetztspielenob.de Toolbar) - {fc01c2be-850b-4115-9b6b-9a427ddecc34} - C:\Program Files\jetztspielenob.de\tbjetz.dll (Conduit Ltd.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Germany GmbH)
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (jetztspielenob.de Toolbar) - {fc01c2be-850b-4115-9b6b-9a427ddecc34} - C:\Program Files\jetztspielenob.de\tbjetz.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Germany GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (jetztspielenob.de Toolbar) - {FC01C2BE-850B-4115-9B6B-9A427DDECC34} - C:\Program Files\jetztspielenob.de\tbjetz.dll (Conduit Ltd.)
O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [fssui] C:\Program Files\Windows Live\Family Safety\fssui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [HSON] C:\Program Files\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [HWSetup] File not found
O4 - HKLM..\Run: [KeNotify] C:\Program Files\TOSHIBA\Utilities\KeNotify.exe ()
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [topi] C:\Program Files\TOSHIBA\Toshiba Online Product Information\topi.exe (TOSHIBA)
O4 - HKLM..\Run: [Toshiba Registration] C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe (Toshiba)
O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [TrustInstaller] F:\Setup.exe File not found
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
O4 - HKCU..\Run: [TOSCDSPD] File not found
O4 - Startup: C:\Users\to\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe ()
O8 - Extra context menu item: &Windows Live Search - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm ()
O9 - Extra Button: Statistik für den Schutz des Web-Datenverkehrs - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll (Kaspersky Lab)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online Marktplatz - {76577871-04EC-495E-A12B-91F7C3600AFA} - File not found
O9 - Extra Button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll (Apple Computer, Inc.)
O9 - Extra Button: Amazon.de - {8A918C1D-E123-4E36-B562-5C1519E434CE} - File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - DefaultPrefix: h**p://www.myhottersearchbox.com/not_found_de/?url=
O13 - gopher Prefix: missing
O13 - www Prefix: h**p://www.myhottersearchbox.com/not_found_de/?url=
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Monopoly/Images/stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} h**p://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} h**p://www.lokalisten.de/iup/ImageUploader4.cab (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} h**p://game04.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Monopoly/Images/armhelper.ocx (ArmHelper Control)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} h**p://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll) - C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O24 - Desktop WallPaper: C:\Users\to\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\to\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.01.26 10:41:23 | 000,000,000 | R--D | M] - F:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2007.01.26 10:36:30 | 000,700,416 | R--- | M] (Electronic Arts Inc.) - F:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2007.01.26 10:40:58 | 000,000,149 | R--- | M] () - F:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2007.01.26 09:06:20 | 000,651,264 | R--- | M] (Electronic Arts Inc.) - F:\AutoRunGUI.dll -- [ UDF ]
O33 - MountPoints2\{6d0e919a-767a-11dc-9b6e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{6d0e919a-767a-11dc-9b6e-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2007.01.26 10:36:30 | 000,700,416 | R--- | M] (Electronic Arts Inc.)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.04.17 09:21:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.17 09:21:52 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.16 14:07:24 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.04.16 14:07:23 | 000,000,000 | ---D | C] -- C:\rsit
[2010.04.15 17:07:22 | 000,000,000 | ---D | C] -- C:\Users\to\AppData\Roaming\Malwarebytes
[2010.04.15 17:07:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.04.15 17:07:04 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.04.14 13:51:57 | 003,502,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.04.14 13:51:57 | 003,468,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.04.14 13:51:20 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.04.14 13:51:02 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010.04.14 13:51:02 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010.04.14 13:50:56 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tcpipcfg.dll
[2010.04.14 13:50:56 | 000,022,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiougc.exe
[2010.04.13 18:12:53 | 000,000,000 | ---D | C] -- C:\Program Files\Pogo DE
[2010.04.10 18:46:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\oberon
[2010.04.10 18:44:42 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Games
[2010.04.08 19:24:05 | 000,000,000 | ---D | C] -- C:\Users\to\AppData\Roaming\Thunderbird
[2010.04.08 19:24:05 | 000,000,000 | ---D | C] -- C:\Users\to\AppData\Local\Thunderbird
[2010.03.28 23:00:53 | 000,000,000 | ---D | C] -- C:\Users\to\AppData\Roaming\Screaming Bee
[2010.03.28 22:58:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Screaming Bee
[2010.03.28 22:58:43 | 000,000,000 | ---D | C] -- C:\Program Files\Screaming Bee
[2010.03.28 18:59:23 | 000,000,000 | ---D | C] -- C:\Users\to\AppData\Roaming\Skype
[2010.03.24 21:14:06 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2009.04.23 18:22:36 | 000,057,344 | ---- | C] ( ) -- C:\Windows\System32\rsnpstd2.dll
[2009.04.23 18:22:36 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd2.dll
[2009.04.23 18:22:36 | 000,036,864 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd2.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.04.17 14:00:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{27858872-55CC-4814-BE2F-26142212BA87}.job
[2010.04.17 13:58:26 | 000,835,616 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox2.dat
[2010.04.17 13:56:53 | 003,932,160 | -HS- | M] () -- C:\Users\to\ntuser.dat
[2010.04.17 13:56:32 | 000,003,936 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox2.idx
[2010.04.17 13:49:11 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.04.17 13:39:59 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.04.17 13:39:59 | 000,003,456 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.04.17 13:09:07 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3378121828-3667255940-265597927-1000UA.job
[2010.04.17 12:25:35 | 007,218,208 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.dat
[2010.04.17 12:20:44 | 000,058,520 | -HS- | M] () -- C:\Windows\System32\drivers\fidbox.idx
[2010.04.17 09:39:59 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.04.17 09:39:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.04.17 09:39:30 | 2011,217,920 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.17 09:38:14 | 006,291,456 | -H-- | M] () -- C:\Users\to\AppData\Local\IconCache.db
[2010.04.17 09:21:58 | 000,000,823 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.16 19:28:19 | 000,000,412 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{971795F1-E289-4B03-9D5E-93D27018AF41}.job
[2010.04.16 18:09:00 | 000,001,054 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3378121828-3667255940-265597927-1000Core.job
[2010.04.16 17:11:34 | 000,001,804 | ---- | M] () -- C:\Windows\System32\%LocalXml%
[2010.04.16 16:21:00 | 000,012,135 | ---- | M] () -- C:\Users\to\Desktop\sonstiges.odt
[2010.04.15 17:01:58 | 000,136,432 | ---- | M] () -- C:\Users\to\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.04.15 17:00:29 | 000,459,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.04.14 19:26:59 | 000,618,730 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.04.14 19:26:58 | 000,651,644 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.04.14 19:26:58 | 000,121,424 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.04.14 19:26:58 | 000,107,874 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.04.14 19:26:57 | 001,488,910 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.04.11 00:49:18 | 000,053,248 | -H-- | M] () -- C:\Users\to\Desktop\photothumb.db
[2010.04.09 15:41:19 | 000,001,037 | ---- | M] () -- C:\Users\to\Desktop\DVDVideoSoft Free Studio.lnk
[2010.03.31 23:10:04 | 000,002,032 | ---- | M] () -- C:\Users\to\Desktop\Google Chrome.lnk
[2010.03.29 15:51:38 | 000,011,776 | ---- | M] () -- C:\Users\to\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.29 15:48:31 | 000,002,339 | ---- | M] () -- C:\Users\to\Desktop\Windows Movie Maker 2.6.lnk
[2010.03.29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.03.29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.03.28 19:02:15 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.04.17 10:37:31 | 000,002,001 | ---- | C] () -- C:\Users\to\Desktop\Solid Edge V20.lnk
[2010.04.17 09:21:58 | 000,000,823 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.11 00:49:17 | 000,053,248 | -H-- | C] () -- C:\Users\to\Desktop\photothumb.db
[2010.03.31 23:24:50 | 000,012,135 | ---- | C] () -- C:\Users\to\Desktop\sonstiges.odt
[2010.03.28 19:02:15 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.11.29 19:05:56 | 000,014,049 | ---- | C] () -- C:\Users\to\AppData\Roaming\***.xml
[2009.11.29 19:03:30 | 000,000,789 | ---- | C] () -- C:\Users\to\AppData\Roaming\users.xml
[2009.04.23 18:22:40 | 000,015,532 | ---- | C] () -- C:\Windows\snpstd2.ini
[2009.04.23 18:22:37 | 000,343,680 | ---- | C] () -- C:\Windows\System32\drivers\snpstd2.sys
[2009.04.02 14:31:17 | 000,009,057 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2009.03.13 16:34:16 | 000,000,074 | ---- | C] () -- C:\Users\to\AppData\Local\adv.ini
[2008.11.24 21:33:32 | 000,000,088 | RHS- | C] () -- C:\ProgramData\3C209F2962.sys
[2008.11.24 21:33:31 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2008.08.19 21:26:39 | 000,000,009 | ---- | C] () -- C:\Windows\ulead32.ini
[2008.03.26 23:26:24 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2008.01.09 20:45:17 | 000,000,016 | -H-- | C] () -- C:\ProgramData\mxfilerelatedcache.mxc2
[2007.12.28 16:48:20 | 000,000,680 | ---- | C] () -- C:\Users\to\AppData\Local\d3d9caps.dat
[2007.12.14 16:20:39 | 000,000,090 | ---- | C] () -- C:\Users\to\AppData\Local\fusioncache.dat
[2007.10.17 18:33:05 | 000,011,776 | ---- | C] () -- C:\Users\to\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.10.17 14:16:27 | 000,000,016 | -H-- | C] () -- C:\Users\to\AppData\Roaming\mxfilerelatedcache.mxc2
[2007.10.17 14:16:27 | 000,000,016 | -H-- | C] () -- C:\Users\to\AppData\Local\mxfilerelatedcache.mxc2
[2007.10.17 14:16:25 | 000,000,016 | -H-- | C] () -- C:\Users\to\mxfilerelatedcache.mxc2
[2007.10.10 08:26:42 | 000,000,020 | -HS- | C] () -- C:\Users\to\ntuser.ini
[2007.10.10 08:26:41 | 000,524,288 | -HS- | C] () -- C:\Users\to\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2007.10.10 08:26:41 | 000,524,288 | -HS- | C] () -- C:\Users\to\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2007.10.10 08:26:41 | 000,262,144 | -H-- | C] () -- C:\Users\to\ntuser.dat.LOG1
[2007.10.10 08:26:41 | 000,065,536 | -HS- | C] () -- C:\Users\to\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2007.10.10 08:26:41 | 000,000,000 | -H-- | C] () -- C:\Users\to\ntuser.dat.LOG2
[2007.10.10 08:26:40 | 003,932,160 | -HS- | C] () -- C:\Users\to\ntuser.dat
[2007.10.09 17:21:16 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2007.10.09 17:21:16 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2007.10.09 17:21:16 | 000,010,146 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2007.10.09 17:21:16 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2007.05.31 16:05:10 | 000,006,642 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2007.05.31 15:41:48 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2007.05.31 15:41:48 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2007.05.31 15:41:48 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2007.05.31 15:41:48 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2007.05.31 15:41:48 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2007.05.31 15:41:48 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2007.05.31 15:32:33 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2007.05.31 15:20:33 | 000,036,864 | ---- | C] () -- C:\Windows\System32\HWS_Ctrl.dll
[2007.05.31 14:49:39 | 000,000,291 | ---- | C] () -- C:\Windows\RtDefLvl.ini
[2007.05.31 14:47:52 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.12.05 13:05:06 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 10:31:23 | 000,589,824 | ---- | C] () -- C:\Windows\System32\jayr3tp1.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.11.23 13:55:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\SPCtl.dll
[2005.07.22 21:30:20 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2002.03.17 02:00:00 | 000,007,420 | ---- | C] () -- C:\Windows\UA000096.DLL

========== Custom Scans ==========

< :OTL >

< PRC - C:\Users\Public\dlll.exe () >

< IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found >

< O4 - HKCU..\Run: [Windows System Guard] C:\Users\Public\dlll.exe () >

< [2010.04.16 13:34:32 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT >

< :Commands >

< [emptytemp] >

< [resethosts] >

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:EB603FE4
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:9E3E060F
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:50631D57
@Alternate Data Stream - 98 bytes -> C:\ProgramData\TEMP:9AB338B9
@Alternate Data Stream - 97 bytes -> C:\ProgramData\TEMP:67BA17B9
@Alternate Data Stream - 96 bytes -> C:\ProgramData\TEMP:E945C214
@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:31F2397C
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:A18D1A5B
@Alternate Data Stream - 192 bytes -> C:\ProgramData\TEMP:403264CC
@Alternate Data Stream - 176 bytes -> C:\ProgramData\TEMP:F50F1555
@Alternate Data Stream - 164 bytes -> C:\ProgramData\TEMP:D88D995C
@Alternate Data Stream - 163 bytes -> C:\ProgramData\TEMP:18AE7C5A
@Alternate Data Stream - 153 bytes -> C:\ProgramData\TEMP:8EEE3BBB
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:5E3FBF9D
@Alternate Data Stream - 151 bytes -> C:\ProgramData\TEMP:A696643D
@Alternate Data Stream - 150 bytes -> C:\ProgramData\TEMP:158CC5FF
@Alternate Data Stream - 149 bytes -> C:\ProgramData\TEMP:E1982A23
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:5EBA4934
@Alternate Data Stream - 148 bytes -> C:\ProgramData\TEMP:5345C8F6
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:CEE4A457
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:89C28CF6
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:89123481
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:3D186293
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:F42CF153
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:E0A3E0DB
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:3AE22B1A
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:273A8657
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:588B60C7
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:F84B8DB5
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:BAC2F271
@Alternate Data Stream - 135 bytes -> C:\ProgramData\TEMP:A08FFD4D
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:EDC744FB
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:8FBE0E9C
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:5F538558
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:1D6686D8
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:E80802C7
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:912389B7
@Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:551BED5F
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:FDDD8917
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:EC7C9796
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:C0D722EB
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:B845F669
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:FA8B212D
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:C928F3BE
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:7972CF54
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:101708D3
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:0D31DA45
@Alternate Data Stream - 129 bytes -> C:\ProgramData\TEMP:0B61DB9F
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:90865A6D
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:3B812EE0
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:053BAE56
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:D8A7F3FF
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:55F44B88
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:E4FCDFD9
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D66B5EAE
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:567AC0A6
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:3A6BC948
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:38B32B54
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:CD9109D4
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:7E95B6FD
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:7CEDF9F3
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:177313FB
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:05E0618E
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:ABE89FFE
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:EF0D9BBA
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:BB48E5A3
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:74699137
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:598E0FFA
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:41099CE9
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:38E2864F
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:E855BDCF
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:A3B8F70C
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:753B0F80
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:700CD00E
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:52B72A7C
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:4363DE71
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:42228396
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:2871B698
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:FB97DB91
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:F951183D
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:7B52659E
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:E71141D2
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:C9FD258B
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:C8E82994
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:B4980368
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:A58B27C9
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:9ACB70D7
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:8AB6C1D7
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:EC2381A4
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:91486201
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:6A97C459
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:57EE48CA
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:48FEA089
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:3E06C78F
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:375FC7E7
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:0F0A5896
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:81ED9272
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:4A1628E5
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:3CD562B4
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A6346EE9
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:3FD496E1
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:22313216
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:D055FC10
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:CF5C4195
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:9C56C790
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:B268A25C
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:9398DBB4
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:81653DC8
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:3CF23EC3
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:CC7738DB
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:B12D1A7D
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:6BD1DCDD
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:61E5F0F7
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:4FE30352
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:2B1EA607
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:DA3C6C07
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:70E897B5
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:6C5EC3CD
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:39C7B7C6
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:EE3A2438
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:A4F0E644
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:5E1404CE
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:4E6B8D68
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:EF794BCD
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:C4A1F01E
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:4D066AD2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:2F141B68
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:2E49FF93
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:D0668210
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:943D6A82
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:5466F106
@Alternate Data Stream - 108 bytes -> C:\ProgramData\TEMP:43301D1D
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:E5AFE07D
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:561B1D2B
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:523B97A0
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:24FECE50
@Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:08D8BB20
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:FDCAE7B5
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:2ABEB9EB
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:05816AFA
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:FC4EA67C
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:D8DB81DC
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:D507B5A8
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:92A815D8
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:80B291A7
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:225CD7D5
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:EA2FBCA1
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:9B52F176
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:569CEE83
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:2B99FE60
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:126591AF
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:D2D4B33E
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:CE7C61DF
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:53DF59D1
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:331B76C7
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:DF2EA4BB
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:D48500F8
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:C0A9D0E7
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:5BC73C48
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:E32966C0
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:F14D1F80
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:DAAE6F43
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:BDF08FAF
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:4E903DEB
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:1CB8D545
< End of report >

Danke für deine Hilfe!

Yoshi- · 17.04.2010, 13:14

Du hast nicht auf Run Fixes geklickt sondern auf Run Scan.

Kumpelblase · 17.04.2010, 13:36

All processes killed
========== OTL ==========
No active process named dlll.exe was found!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Windows System Guard not found.
File C:\Users\Public\dlll.exe not found.
C:\Windows\Tasks\SA.DAT moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 84 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Gast
->Temp folder emptied: 558746 bytes
->Temporary Internet Files folder emptied: 32800 bytes
->FireFox cache emptied: 15355293 bytes
->Flash cache emptied: 15933 bytes

User: Gast.to-PC
->Temp folder emptied: 50135 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Public

User: to
->Temp folder emptied: 1588963 bytes
->Temporary Internet Files folder emptied: 2286691 bytes
->Java cache emptied: 45187922 bytes
->FireFox cache emptied: 75434532 bytes
->Google Chrome cache emptied: 95624471 bytes
->Flash cache emptied: 13355 bytes

%systemdrive% .tmp files removed: 14664 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 6349700 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 231,00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.1.1 log created on 04172010_141815

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Yoshi- · 17.04.2010, 13:54

Besteht das Problem noch immer?
Und scanne nochmal mit Malwarebytes Anti-Malware und SuperAntiSpyware

Hanna-Laura · 17.04.2010, 16:54

Hey Hallo, ich hab das selbe Problem.
Hab mit OTL einen Logfile erstellt, der folgendermaßen aussieht:
OTL logfile created on: 16.04.2010 19:04:07 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Dokumente und Einstellungen\user\Eigene Dateien\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

511,00 Mb Total Physical Memory | 175,00 Mb Available Physical Memory | 34,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 232,88 Gb Total Space | 207,85 Gb Free Space | 89,25% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: RECHNER
Current User Name: user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Dokumente und Einstellungen\user\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Dokumente und Einstellungen\user\Anwendungsdaten\winsvcn.exe ()
PRC - C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\HPZipm12.exe (HP)
PRC - C:\Programme\D-Link\AirPlus G\AirGCFG.exe (D-Link)
PRC - C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
PRC - C:\WINDOWS\system32\umonit.exe (General)
PRC - C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
PRC - C:\Programme\Logitech\Video\LogiTray.exe (Labtec Inc.)
PRC - C:\Programme\Logitech\Video\FxSvr2.exe (Labtec Inc.)
PRC - C:\WINDOWS\system32\LVCOMSX.EXE (Labtec Inc.)
PRC - C:\Programme\Logitech\iTouch\iTouch.exe (Logitech Inc. )
PRC - C:\Programme\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc. )
PRC - C:\t-online\BSW4\ISDN SpeedManager\TOMCAT.EXE (T-Systems Nova GmbH)
PRC - C:\WINDOWS\system32\drivers\CDANTSRV.EXE (C-Dilla Ltd)

========== Modules (SafeList) ==========

MOD - C:\Dokumente und Einstellungen\user\Eigene Dateien\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - C:\Programme\Logitech\MouseWare\system\LGMOUSHK.DLL (Logitech Inc. )

========== Win32 Services (SafeList) ==========

SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple, Inc.)
SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (ANIWZCSdService) -- C:\Programme\ANI\ANIWZCS2 Service\ANIWZCSdS.exe (Alpha Networks Inc.)
SRV - (C-DillaSrv) -- C:\WINDOWS\system32\drivers\CDANTSRV.EXE (C-Dilla Ltd)

========== Driver Services (SafeList) ==========

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (ANIO) -- C:\WINDOWS\system32\ANIO.sys (Alpha Networks Inc.)
DRV - (RT73) -- C:\WINDOWS\system32\drivers\Dr71WU.sys (Ralink Technology, Corp.)
DRV - (fixustor) -- C:\WINDOWS\system32\drivers\fixustor.sys (Genesys Logic)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (PID_0928) Labtec WebCam(PID_0928) -- C:\WINDOWS\system32\drivers\LV561AV.SYS (Labtec Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Labtec Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (nvatabus) -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys (NVIDIA Corporation)
DRV - (EIO) -- C:\WINDOWS\system32\drivers\EIO.sys (ASUSTeK Computer Inc.)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (nv_agp) -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys (NVIDIA Corporation)
DRV - (WDMCAPI) -- C:\WINDOWS\system32\DRIVERS\WDMCAPI.sys (ISDN Company)
DRV - (WDMWANMP) -- C:\WINDOWS\system32\drivers\wdmwanmp.sys (ISDN Company)
DRV - (itchfltr) -- C:\WINDOWS\system32\drivers\itchfltr.sys (Logitech, Inc.)
DRV - (LMouFlt2) -- C:\WINDOWS\system32\drivers\LMouFlt2.sys (Logitech, Inc.)
DRV - (l8042pr2) -- C:\WINDOWS\system32\drivers\L8042Pr2.sys (Logitech, Inc.)
DRV - (LHidUsb) -- C:\WINDOWS\system32\drivers\Lhidusb.sys (Logitech, Inc.)
DRV - (LHidFlt2) -- C:\WINDOWS\system32\drivers\LHIDFLT2.SYS (Logitech, Inc.)
DRV - (LCcfltr) -- C:\WINDOWS\system32\drivers\LCCFLTR.SYS (Logitech, Inc.)
DRV - (LKbdFlt2) -- C:\WINDOWS\system32\drivers\LKbdFlt2.sys (Logitech, Inc.)
DRV - (TOMCATWAN) T-Online DynamicISDN (WDM) -- C:\WINDOWS\system32\drivers\WTOMCAT.sys (T-Nova Deutsche Telekom Innovationsgesellschaft mbH)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://go.web.de/tab2 [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/home
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.web.de/tab2 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = hxxp://google.icq.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://google.icq.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.de/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:de-DE&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/icqskins/"
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.01.03 22:11:33 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.01.23 22:54:42 | 000,000,000 | ---D | M]

[2008.07.28 11:49:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Extensions
[2010.04.16 18:33:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\cbvufbzi.default\extensions
[2010.01.16 19:33:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\cbvufbzi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.01.07 16:44:40 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\cbvufbzi.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010.04.16 18:33:18 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\cbvufbzi.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2007.11.19 06:45:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\cbvufbzi.default\extensions\de-AT@dictionaries.addons.mozilla.org
[2007.09.28 10:17:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\cbvufbzi.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2009.08.11 21:01:55 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\cbvufbzi.default\searchplugins\icqplugin-1.xml
[2009.04.30 15:06:14 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\cbvufbzi.default\searchplugins\icqplugin-2.xml
[2009.06.04 17:01:30 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\cbvufbzi.default\searchplugins\icqplugin-3.xml
[2009.06.15 17:23:32 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\cbvufbzi.default\searchplugins\icqplugin-4.xml
[2010.01.16 19:17:35 | 000,000,947 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\cbvufbzi.default\searchplugins\icqplugin-5.xml
[2010.01.16 19:33:12 | 000,000,947 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\cbvufbzi.default\searchplugins\icqplugin-6.xml
[2010.01.27 21:18:44 | 000,000,947 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\cbvufbzi.default\searchplugins\icqplugin-7.xml
[2010.02.26 18:56:24 | 000,000,947 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\cbvufbzi.default\searchplugins\icqplugin-8.xml
[2010.03.06 15:02:23 | 000,000,947 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\cbvufbzi.default\searchplugins\icqplugin-9.xml
[2008.03.31 15:52:00 | 000,000,168 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\cbvufbzi.default\searchplugins\icqplugin.gif
[2009.11.19 16:35:02 | 000,000,615 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\cbvufbzi.default\searchplugins\icqplugin.src
[2010.02.03 14:37:50 | 000,000,947 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\cbvufbzi.default\searchplugins\icqplugin.xml
[2009.05.03 19:45:49 | 000,001,632 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\Mozilla\Firefox\Profiles\cbvufbzi.default\searchplugins\live-search.xml
[2010.01.23 22:54:45 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.01.03 22:47:30 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.04.30 14:28:08 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.04.30 14:28:08 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.04.30 14:28:08 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.04.30 14:28:09 | 000,000,986 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.04.30 14:28:09 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.02.20 10:44:55 | 000,000,847 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: (metaspinner media GmbH) - {12FC9A49-CFE0-49AA-BE9E-8F4EEAFC9443} - C:\PROGRA~1\klickTel\EBAYST~1\IEBUTT~2.DLL File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: () - {5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e} - C:\Programme\Starware369\bin\Starware369.dll File not found
O2 - BHO: (metaspinner media GmbH) - {74A0AC27-3753-4080-B94E-557CC43E9E8B} - C:\PROGRA~1\klickTel\KLICKT~2\IEBUTT~2.DLL File not found
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Starware Musik Toolbar) - {1962c5bc-e475-465b-823b-133e711bceb9} - C:\Programme\Starware369\bin\Starware369.dll File not found
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: [ANIWZCS2Service] C:\Programme\ANI\ANIWZCS2 Service\WZCSLDR2.exe (Alpha Networks Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [D-Link AirPlus G] C:\Programme\D-Link\AirPlus G\AirGCFG.exe (D-Link)
O4 - HKLM..\Run: [EM_EXEC] C:\Programme\Logitech\MouseWare\system\EM_EXEC.EXE (Logitech Inc. )
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe (HP)
O4 - HKLM..\Run: [ISDN SpeedManager] C:\t-online\BSW4\ISDN SpeedManager\TOMCAT.EXE (T-Systems Nova GmbH)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LogitechVideoRepair] C:\Programme\Logitech\Video\ISStart.exe (Labtec Inc.)
O4 - HKLM..\Run: [LogitechVideoTray] C:\Programme\Logitech\Video\LogiTray.exe (Labtec Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Labtec Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UMonit] C:\WINDOWS\system32\umonit.exe (General)
O4 - HKLM..\Run: [Windows System Guard] C:\Dokumente und Einstellungen\user\Anwendungsdaten\winsvcn.exe ()
O4 - HKLM..\Run: [zBrowser Launcher] C:\Programme\Logitech\iTouch\iTouch.exe (Logitech Inc. )
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Adobe Reader Speed Launch.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\Icq.exe (ICQ Inc.)
O9 - Extra 'Tools' menuitem : ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Programme\ICQ\Icq.exe (ICQ Inc.)
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe File not found
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab (MessengerStatsClient Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://messenger.zone.msn.com/binary/ZIntro.cab47946.cab (ZoneIntro Class)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ic32pp {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - C:\WINDOWS\wc98pp.dll ()
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O24 - Desktop Components:0 () - hxxp://www.schueler.cc/b/sterne/stern1.png
O24 - Desktop Components:1 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.12.21 18:36:03 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6e0c6c4f-7245-11da-9276-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{6e0c6c4f-7245-11da-9276-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6e0c6c4f-7245-11da-9276-806d6172696f}\Shell\AutoRun\command - "" = D:\Setup.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.04.16 18:36:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Eigene Dateien\ICQ
[2010.04.16 18:32:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\ICQ
[2010.04.16 18:32:36 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.1
[2010.04.06 16:08:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google
[2010.04.06 16:03:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google
[2010.03.28 12:26:54 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010.03.17 19:12:24 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\user\Desktop\Eigene Bilder
[2008.02.05 14:13:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Apple
[2007.08.30 15:53:35 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Microsoft
[2007.08.30 15:52:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2007.03.30 21:23:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\IsolatedStorage
[2007.03.30 21:22:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\HP
[2007.03.30 21:12:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\HP
[2006.02.19 03:28:56 | 000,012,288 | ---- | C] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll
[2006.01.21 19:13:37 | 005,185,880 | ---- | C] (Mozilla) -- C:\Programme\Firefox Setup 1.5.exe
[2005.12.21 19:34:18 | 000,009,216 | R--- | C] ( ) -- C:\WINDOWS\System32\capi2032.dll
[2005.12.21 18:54:36 | 000,131,072 | R--- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll
[2005.12.21 18:39:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2005.12.21 18:35:55 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Microsoft
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.04.16 19:08:07 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.04.16 18:39:01 | 000,001,204 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-220523388-839522115-1003UA.job
[2010.04.16 18:34:04 | 000,001,451 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ICQ7.1.lnk
[2010.04.16 18:33:57 | 005,242,880 | ---- | M] () -- C:\Dokumente und Einstellungen\user\ntuser.dat
[2010.04.16 17:50:27 | 000,073,728 | RHS- | M] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\winsvcn.exe
[2010.04.16 17:49:59 | 000,000,051 | ---- | M] () -- C:\WINDOWS\iTouch.ini
[2010.04.16 17:43:04 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.04.16 17:43:00 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.04.16 17:41:05 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.04.16 17:41:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.04.16 17:41:02 | 536,399,872 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.16 17:40:06 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\user\ntuser.ini
[2010.04.16 13:26:34 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010.04.15 19:39:00 | 000,001,152 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1417001333-220523388-839522115-1003Core.job
[2010.04.15 17:44:19 | 000,002,571 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Desktop\OpenOffice.org Writer.lnk
[2010.04.10 15:47:43 | 000,002,243 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Skype.lnk
[2010.04.06 16:07:55 | 000,001,887 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
[2010.04.01 19:40:21 | 000,002,357 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Desktop\Google Chrome.lnk
[2010.04.01 17:58:55 | 001,070,080 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010.04.01 17:58:55 | 000,458,822 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010.04.01 17:58:55 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.04.01 17:58:55 | 000,084,326 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010.04.01 17:58:55 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.03.31 12:35:42 | 000,000,846 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Desktop\Ashampoo Burning Studio 2010.lnk
[2010.03.27 22:02:21 | 000,000,168 | ---- | M] () -- C:\Dokumente und Einstellungen\user\default.pls
[2010.03.27 22:02:10 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010.03.25 23:33:27 | 000,508,604 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Desktop\02195_taipeidazhibridgesunset_1024x768.jpg
[2010.03.20 01:51:54 | 000,022,455 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Desktop\Malte2.odt
[2010.03.20 01:37:23 | 000,017,975 | ---- | M] () -- C:\Dokumente und Einstellungen\user\Desktop\jaja.odt
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.04.16 18:34:04 | 000,001,451 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ICQ7.1.lnk
[2010.04.16 17:50:28 | 000,073,728 | RHS- | C] () -- C:\Dokumente und Einstellungen\user\Anwendungsdaten\winsvcn.exe
[2010.04.06 16:07:55 | 000,001,887 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
[2010.04.06 16:03:32 | 000,001,084 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.04.06 16:03:32 | 000,001,080 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.03.31 12:35:42 | 000,000,846 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Desktop\Ashampoo Burning Studio 2010.lnk
[2010.03.25 23:33:27 | 000,508,604 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Desktop\02195_taipeidazhibridgesunset_1024x768.jpg
[2009.12.18 18:00:40 | 000,000,043 | ---- | C] () -- C:\WINDOWS\SESAM.INI
[2007.10.07 17:41:49 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL
[2007.09.08 15:07:46 | 005,242,880 | ---- | C] () -- C:\Dokumente und Einstellungen\user\ntuser.dat
[2007.07.29 20:25:51 | 000,000,346 | ---- | C] () -- C:\Dokumente und Einstellungen\user\applet800x600_4A100.sav
[2007.07.10 16:28:16 | 000,000,703 | R--- | C] () -- C:\WINDOWS\System32\iconcfg.ini
[2007.04.21 11:09:40 | 000,000,243 | ---- | C] () -- C:\WINDOWS\KLETT.INI
[2007.03.31 07:26:02 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2007.03.30 21:22:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2007.03.30 19:14:17 | 000,005,725 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\hpzinstall.log
[2007.03.30 19:14:11 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll
[2007.03.19 18:14:40 | 000,003,328 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache
[2007.03.16 18:50:11 | 000,000,073 | ---- | C] () -- C:\WINDOWS\Loewe_4.ini
[2006.09.27 18:09:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\odbcddp.ini
[2006.09.27 18:05:59 | 000,002,549 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2006.09.27 18:05:37 | 000,003,091 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006.07.20 10:40:29 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2006.05.23 10:04:33 | 000,000,742 | ---- | C] () -- C:\WINDOWS\tomcat.INI
[2006.04.30 09:48:47 | 000,000,109 | ---- | C] () -- C:\WINDOWS\KTEL.INI
[2006.04.29 10:27:40 | 000,262,144 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.dat
[2006.04.29 10:27:40 | 000,001,024 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.dat.LOG
[2006.04.29 09:50:00 | 000,009,255 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006.04.25 16:46:18 | 000,000,168 | ---- | C] () -- C:\Dokumente und Einstellungen\user\default.pls
[2006.04.13 16:06:02 | 000,000,719 | ---- | C] () -- C:\Programme\INSTALL.LOG
[2006.04.12 12:07:47 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\JJAKEn.dll
[2006.03.08 19:43:02 | 000,000,011 | ---- | C] () -- C:\WINDOWS\wanpatan.ini
[2006.03.04 10:39:48 | 000,000,062 | ---- | C] () -- C:\WINDOWS\O!Kay!.INI
[2006.02.20 10:53:27 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
[2006.02.10 10:09:51 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2006.02.04 17:15:08 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006.02.04 17:01:12 | 000,000,020 | ---- | C] () -- C:\WINDOWS\eplan.ini
[2006.02.01 20:11:53 | 000,008,704 | ---- | C] () -- C:\Dokumente und Einstellungen\user\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.01.21 18:10:43 | 008,943,616 | ---- | C] () -- C:\Programme\avwinsfx.exe
[2006.01.21 17:58:22 | 000,366,831 | ---- | C] () -- C:\Programme\xp-AntiSpy_setup-deutsch.exe
[2006.01.03 16:31:21 | 000,287,744 | ---- | C] () -- C:\WINDOWS\uno364mi.dll
[2006.01.03 16:31:21 | 000,109,568 | ---- | C] () -- C:\WINDOWS\vos364mi.dll
[2006.01.03 16:31:21 | 000,091,648 | ---- | C] () -- C:\WINDOWS\osl364mi.dll
[2006.01.03 16:31:21 | 000,000,137 | ---- | C] () -- C:\WINDOWS\uno.ini
[2005.12.26 09:01:24 | 000,015,317 | R--- | C] () -- C:\WINDOWS\Hornet2.ini
[2005.12.25 13:02:47 | 000,051,712 | ---- | C] () -- C:\WINDOWS\wc98pp.dll
[2005.12.24 19:13:39 | 000,000,051 | ---- | C] () -- C:\WINDOWS\iTouch.ini
[2005.12.24 19:09:33 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2005.12.24 18:45:03 | 000,096,768 | ---- | C] () -- C:\WINDOWS\System32\LGUICOM.DLL
[2005.12.21 19:34:18 | 000,042,267 | R--- | C] () -- C:\WINDOWS\System32\isdncoin.dll
[2005.12.21 19:34:18 | 000,008,976 | R--- | C] () -- C:\WINDOWS\System32\capi20.dll
[2005.12.21 19:04:33 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2005.12.21 19:04:31 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2005.12.21 18:49:48 | 000,000,190 | -HS- | C] () -- C:\Dokumente und Einstellungen\user\ntuser.ini
[2005.12.21 18:49:47 | 000,001,024 | -H-- | C] () -- C:\Dokumente und Einstellungen\user\ntuser.dat.LOG
[2004.06.10 16:46:34 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2001.07.07 03:00:00 | 000,003,254 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI
[1999.01.27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1997.06.13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
< End of report >

So, was soll ich denn jetzt machen?
Ich komm auch noch bei ICQ2Go rein, will aber das Dingen SO SCHNELL WIE MÖGLICH weghaben, das Dingen ist nämlich sowas von nervig :/

Yoshi- · 17.04.2010, 17:40

Erstelle eine neuen Thread, da es sonst zu unübersichtlicht wird, und halte dich an die Punkte: http://www.trojaner-board.de/69886-a...-beachten.html

Kumpelblase · 18.04.2010, 16:45

Hab jetzt die beiden Programme laufen lassen und es wurde nichts gefunden.
Allerdings muss ich sagen, dass ich gestern angefangen habe, SUPERAntiSpyware meinen PC durchsuchenzulassen und es hat 19 Adware-Dateien oder so gefunden, welche aber alle etwas mit Mozilla Firefox zu tun hatten. Firefox habe ich aber schon seit einiger Zeit nicht mehr im PC. Ich habe die Dateien in Quarantäne verschoben, kann ich die aber nun löschen? Musste übrigens den Vorgang gestern abbrechen, weil ich weg musste.
Hier mal die File von gestern:

SUPERAntiSpyware Scan Log
h**p://www.superantispyware.com

Generated 04/17/2010 at 08:00 PM

Application Version : 4.35.1002

Core Rules Database Version : 4817
Trace Rules Database Version: 2629

Scan type : Complete Scan
Total Scan Time : 04:37:31

Memory items scanned : 825
Memory threats detected : 0
Registry items scanned : 7877
Registry threats detected : 0
File items scanned : 197821
File threats detected : 19

Adware.Tracking Cookie
.2o7.net [ C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\zegrd7fs.default\cookies.txt ]
.2o7.net [ C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\zegrd7fs.default\cookies.txt ]
.adopt.euroclick.com [ C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\zegrd7fs.default\cookies.txt ]
.adopt.euroclick.com [ C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\zegrd7fs.default\cookies.txt ]
.adopt.euroclick.com [ C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\zegrd7fs.default\cookies.txt ]
.adopt.euroclick.com [ C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\zegrd7fs.default\cookies.txt ]
.adopt.euroclick.com [ C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\zegrd7fs.default\cookies.txt ]
adopt.euroclick.com [ C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\zegrd7fs.default\cookies.txt ]
.doubleclick.net [ C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\zegrd7fs.default\cookies.txt ]
.tradedoubler.com [ C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\zegrd7fs.default\cookies.txt ]
ad.yieldmanager.com [ C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\zegrd7fs.default\cookies.txt ]
ad.yieldmanager.com [ C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\zegrd7fs.default\cookies.txt ]
ad.yieldmanager.com [ C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\zegrd7fs.default\cookies.txt ]
ad.yieldmanager.com [ C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\zegrd7fs.default\cookies.txt ]
ad.yieldmanager.com [ C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\zegrd7fs.default\cookies.txt ]
.advertising.com [ C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\zegrd7fs.default\cookies.txt ]
.advertising.com [ C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\zegrd7fs.default\cookies.txt ]
.advertising.com [ C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\zegrd7fs.default\cookies.txt ]
.advertising.com [ C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\zegrd7fs.default\cookies.txt ]

Habe heute noch mal erst mbam und dann SUPERAntiSpyware komplett fertig suchen lassen, haben beide jedoch nichts gefunden. Falls ich die Files auch posten soll, editiere ich diesen Beitrag und mach keinen neuen^^

Yoshi- · 18.04.2010, 16:53

Das sind nur Cookies und können ruhig gelöscht werden.

Besteht das Problem mit ICQ denn noch immer?

Link über ICQ geschickt bekommen und natürlich angeklickt und an alle verschickt

Log-Analyse und Auswertung: Link über ICQ geschickt bekommen und natürlich angeklickt und an alle verschickt