große pc probleme. mal log checken :) (silentrunners)

booster123 · 23.10.2011, 16:30

Das Brennen.

markusg · 23.10.2011, 16:37

es gibt mehrere möglichkeiten.
1. das geladene file ist kaputt, lösche es bitte und lads erneut runter.
2. die brenn geschwindigkeit verendern, auf langsamste.
3. anderen roling hersteller versuchen.
4. anderes brenn programm versuchen:
http://www.trojaner-board.de/83208-b...ei-cd-dvd.html

booster123 · 23.10.2011, 18:33

jetzt ma ne doofe frage aber das otlpenet aus deinem link ist ja ne .exe datei aber brennt der, und andere burner (zb imgburn) nur .ios dateien?

markusg · 23.10.2011, 18:34

mit doppelklick sollte es gestartet werden und gebrannt.
dass passt schon so wie es ist.
ging bisher auch, deswegen denke ich an einen fehler auf deiner seite.
beschädigte datei etc, alles was ich bereits aufgezehlt hab.

booster123 · 23.10.2011, 18:45

sry ich meinte .iso, also ob die nicht nur .iso dateien brennen

markusg · 23.10.2011, 18:57

nein, diese datei ist schon die richtige, nutze sie ja auch sonst immer.
hast du die tipps versucht, neu runterladen, langsamere brenn geschwindigkeit, anderes brenn programm andere rolinge?

booster123 · 24.10.2011, 14:17

hey markusg.
also hab jetzt alles gemacht was du sagtest. cd brennen ging dann. von der cd gebootet, auf otlpe. gedoppelklickt. dann öffnet sich eine maske "brose your folder" da soll ich irdeneinen ordner auswählen, praktisch wie im "arbeitsplatz". aber egal was ich drücke kommt immer die fehlermeldung: "Target us not windows 2000 or later" oder "no windows installation found".. -.- was genau soll ich jetzt machen.
achso und ich habe mal versucht von der norton cd zu booten, das ging auch und der scan hat einen trojan.gen gefunden (kam von ner .zip datei die ich entpackt hab

) und auch behoben. aber als ich dann windows wieder normal gestartet habe hats sich nicht geändert

heeeelp please

markusg · 24.10.2011, 15:28

bitte mache keine andern scans außer die von mir genannten.
du solltest in dem fenster nen ordner computer haben, dort mal auf das + klicken damit die liste erweitert wird, dann sollte da nen ordner windows zu sehen sein, dann sollte der scan funktionieren.

booster123 · 24.10.2011, 16:17

hey hat geklappt danke.. hier sind die beiden files:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 10/24/2011 7:48:52 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450.13 Gb Total Space | 318.42 Gb Free Space | 70.74% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirScheduler) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe (Avira GmbH)
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe (Avira GmbH)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) --  File not found
DRV - (NwlnkFlt) --  File not found
DRV - (IpInIp) --  File not found
DRV - (a98a8884) -- C:\Windows\2223540905 ()
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek                                            )
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys (Avira GmbH)
DRV - (cdrom) -- C:\Windows\System32\drivers\cdrom.sys ()
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (AVIRA GmbH)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (Ph3xIB32) -- C:\Windows\System32\drivers\Ph3xIB32.sys (Philips Semiconductors GmbH)
DRV - (HCW713x) -- C:\Windows\System32\drivers\HCW713x.sys (Hauppauge Computer Works inc.)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvm60x32.sys (NVIDIA Corporation)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=nv1&s={searchTerms}&f=4
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Irene_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\Irene_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\Irene_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?babsrc=HP_ss&affID=100842&mntrId=02b71024000000000000001d607b2ad6"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.babylon.com/?babsrc=adbartrp&affID=100842&mntrId=02b71024000000000000001d607b2ad6&q="
FF - prefs.js..browser.startup.homepage: "hxxp://home.sweetim.com/?barid={9FD340B0-FBF2-11E0-ABB1-001D607B2AD6}"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "SweetIM Search"
FF - prefs.js..browser.search.defaultenginename: "SweetIM Search"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.defaultenginename: "Google"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0: C:\Program Files\DivX\DivX Content Uploader\npUpload.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0:  File not found
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Irene\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Irene\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/29 11:32:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/24 11:41:34 | 000,000,000 | ---D | M]
 
[2011/02/04 08:15:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Irene\AppData\Roaming\Mozilla\Extensions
[2011/02/04 08:15:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Irene\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/10/22 07:20:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\iotqo5cx.default\extensions
[2009/07/30 09:29:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\iotqo5cx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/10/01 07:35:09 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\iotqo5cx.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/10/21 10:40:47 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\iotqo5cx.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2011/10/21 09:36:54 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\iotqo5cx.default\extensions\ffxtlbr@babylon.com
[2011/09/27 05:03:44 | 000,002,448 | ---- | M] () -- C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\iotqo5cx.default\searchplugins\safesearch.xml
[2011/10/22 07:14:27 | 000,003,915 | ---- | M] () -- C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\iotqo5cx.default\searchplugins\SweetIM Search.xml
[2011/10/21 10:40:38 | 000,003,915 | ---- | M] () -- C:\Users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\iotqo5cx.default\searchplugins\sweetim.xml
[2011/09/29 11:32:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/27 14:35:29 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
File not found (No name found) -- 
File not found (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\COFFPLGN_2011_7_2_3
File not found (No name found) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.1.0.29\IPSFFPLGN
File not found (No name found) -- C:\USERS\IRENE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IOTQO5CX.DEFAULT\EXTENSIONS\{33E0DAA6-3AF3-D8B5-6752-10E949C61516}
File not found (No name found) -- C:\USERS\IRENE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IOTQO5CX.DEFAULT\EXTENSIONS\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
File not found (No name found) -- C:\USERS\IRENE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IOTQO5CX.DEFAULT\EXTENSIONS\FFXTLBR@FACEMOODS.COM
() (No name found) -- C:\USERS\IRENE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IOTQO5CX.DEFAULT\EXTENSIONS\SQLITEMANAGER@MRINALKANT.BLOGSPOT.COM.XPI
[2011/09/23 00:44:20 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/10/23 10:01:34 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2011/09/22 21:52:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/10/21 10:58:35 | 000,002,288 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011/09/22 21:46:24 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/09/22 21:52:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011/10/21 09:37:05 | 000,002,046 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2011/09/22 21:52:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/09/22 21:52:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/09/22 21:52:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKU\Irene_ON_C\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AuditVista]  File not found
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\Irene_ON_C..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\Irene_ON_C..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Irene\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Öffnen mit WordPerfect - C:\Program Files\WordPerfect Office X3\Programs\WPLauncher.hta ()
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 -  File not found
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} hxxp://powersoccer.spielen.com/applet/PowerLoader.cab (PowerLoader Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKU\Irene_ON_C Winlogon: Shell - (C:\Users\Irene\AppData\Local\a98a8884\X) - C:\Users\Irene\AppData\Local\a98a8884\X ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{47a95808-7aac-11df-853c-001d607b2ad6}\Shell\AutoRun\command - "" = L:\PMBP_Win.exe
O33 - MountPoints2\{b50ffc50-a356-11de-b7d3-001d607b2ad6}\Shell\AutoRun\command - "" = I:\3n8awsyg.exe
O33 - MountPoints2\{b50ffc50-a356-11de-b7d3-001d607b2ad6}\Shell\open\Command - "" = I:\3n8awsyg.exe
O33 - MountPoints2\{c44381af-b4a4-11de-8927-001d607b2ad6}\Shell\AutoRun\command - "" = I:\Menu.exe
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Start.exe
O33 - MountPoints2\D\Shell\Install\Command - "" = D:\Start.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
File not found -- C:\Windows\System32\
[2011/10/22 17:50:36 | 000,000,000 | ---D | C] -- C:\NBRT
[2011/10/22 10:47:00 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/10/22 10:47:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2011/10/21 12:40:24 | 000,000,000 | ---D | C] -- C:\Program Files\Easy Downloads
[2011/10/21 12:15:08 | 000,000,000 | ---D | C] -- C:\Users\Irene\AppData\Roaming\Moka
[2011/10/21 11:56:28 | 000,000,000 | ---D | C] -- C:\Users\Irene\AppData\Roaming\Reviversoft
[2011/10/21 11:56:11 | 000,017,224 | ---- | C] (ReviverSoft) -- C:\Windows\System32\roboot.exe
[2011/10/21 11:32:11 | 000,000,000 | ---D | C] -- C:\Users\Irene\AppData\Roaming\SQLiteManager
[2011/10/21 11:31:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SQLiteManager
[2011/10/21 11:31:16 | 000,000,000 | ---D | C] -- C:\Program Files\SQLabs
[2011/10/21 10:58:35 | 000,000,000 | ---D | C] -- C:\ProgramData\BabylonUpdater
[2011/10/21 10:54:51 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2011/10/21 10:52:42 | 000,000,000 | ---D | C] -- C:\Users\Irene\AppData\Roaming\Tific
[2011/10/21 10:52:41 | 000,000,000 | ---D | C] -- C:\Users\Irene\AppData\Local\Symantec
[2011/10/21 10:49:55 | 000,000,000 | -HSD | C] -- C:\Users\Irene\AppData\Local\a98a8884
[2011/10/21 10:40:25 | 000,000,000 | ---D | C] -- C:\Program Files\SweetIM
[2011/10/21 10:39:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2011/10/21 10:39:10 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2011/10/21 10:34:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reincubate
[2011/10/21 09:37:05 | 000,000,000 | ---D | C] -- C:\Program Files\Fast Download Manager
[2011/10/21 09:36:32 | 000,000,000 | ---D | C] -- C:\Users\Irene\AppData\Local\Babylon
[2011/10/21 09:36:31 | 000,000,000 | ---D | C] -- C:\Users\Irene\AppData\Roaming\Babylon
[2011/10/21 09:36:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2011/10/21 09:20:40 | 000,000,000 | ---D | C] -- C:\Program Files\Reincubate
[2011/10/21 05:05:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/10/21 05:03:57 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/10/21 04:53:49 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/10/21 04:33:21 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2011/10/21 04:33:06 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/10/18 11:22:18 | 000,000,000 | ---D | C] -- C:\Users\Irene\Desktop\Laura
[2011/10/17 11:23:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Bullzip
[2011/10/13 04:05:53 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011/10/13 04:05:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/10/13 04:05:51 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011/10/13 04:05:50 | 001,798,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011/10/13 04:05:50 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/10/13 04:05:49 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/10/12 06:10:11 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2011/10/12 06:10:11 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2011/10/12 06:10:11 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Mpeg2Data.ax
[2011/10/12 06:10:11 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSDvbNP.ax
[2011/10/12 06:10:09 | 002,043,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/10/12 06:09:46 | 000,555,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAutomationCore.dll
[2011/10/12 06:09:44 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\oleaccrc.dll
[2011/10/05 10:40:56 | 000,000,000 | ---D | C] -- C:\Users\Irene\Desktop\Lukas
[2011/10/01 07:35:24 | 000,000,000 | ---D | C] -- C:\Users\Irene\AppData\Roaming\DVDVideoSoft
[2011/10/01 07:35:08 | 000,000,000 | ---D | C] -- C:\Users\Irene\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/10/01 07:34:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2011/10/01 07:34:40 | 000,000,000 | ---D | C] -- C:\Users\Irene\Documents\DVDVideoSoft
[2011/10/01 07:34:40 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2011/10/01 07:34:40 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2011/10/01 07:19:55 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFPlatform.dll
[2011/10/01 07:19:55 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFCoinstaller.dll
[2011/10/01 07:19:54 | 000,567,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WUDFx.dll
[2011/10/01 07:16:05 | 000,000,000 | ---D | C] -- C:\Program Files\Mediafour
[2011/10/01 07:03:41 | 000,000,000 | ---D | C] -- C:\Users\Irene\AppData\Roaming\TuneAid
[2011/10/01 06:36:32 | 000,000,000 | ---D | C] -- C:\Users\Irene\AppData\Local\CrashDumps
[2011/09/29 11:38:27 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/09/29 11:38:26 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/09/29 11:38:25 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/09/29 11:38:25 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/09/29 11:38:25 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/09/29 11:38:25 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/09/29 11:38:23 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/09/29 11:38:23 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/09/29 11:38:23 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/09/29 11:38:23 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/09/29 11:38:23 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/09/29 11:38:22 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/09/29 11:38:22 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/09/29 11:38:21 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/09/29 11:38:21 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/09/29 11:38:21 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/09/29 11:38:20 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/09/29 11:38:20 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/09/29 11:38:19 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/09/29 11:38:19 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/09/29 11:38:19 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/09/29 11:38:19 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/09/29 11:38:18 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/09/29 11:38:18 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/09/29 11:38:17 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/09/29 11:38:17 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/09/29 11:38:17 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/09/29 11:38:17 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/09/29 11:38:17 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/09/29 11:38:16 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/09/29 11:38:15 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/09/29 11:38:15 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/09/29 11:38:14 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/09/29 11:30:32 | 000,000,000 | ---D | C] -- C:\Users\Irene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/09/28 08:57:16 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011/09/28 03:58:05 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2011/09/28 03:40:12 | 000,092,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll
[2011/09/28 03:40:11 | 003,023,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbon.dll
[2011/09/28 03:40:11 | 001,164,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIRibbonRes.dll
[2011/09/28 03:39:06 | 000,369,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll
[2011/09/28 03:39:04 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2011/09/28 03:39:04 | 000,321,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PhotoMetadataHandler.dll
[2011/09/28 03:39:04 | 000,252,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiag.exe
[2011/09/28 03:39:04 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxdiagn.dll
[2011/09/28 03:39:04 | 000,189,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll
[2011/09/28 03:38:12 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\BthMtpContextHandler.dll
[2011/09/28 03:38:12 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDShextAutoplay.exe
[2011/09/28 03:38:04 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceConnectApi.dll
[2011/09/28 03:38:00 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtpUS.dll
[2011/09/28 03:38:00 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdConns.dll
[2011/09/28 03:37:59 | 000,546,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wpd_ci.dll
[2011/09/28 03:37:59 | 000,350,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WPDSp.dll
[2011/09/28 03:37:59 | 000,334,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceApi.dll
[2011/09/28 03:37:59 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WpdMtp.dll
[2011/09/28 03:37:59 | 000,196,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceWMDRM.dll
[2011/09/28 03:37:59 | 000,160,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceTypes.dll
[2011/09/28 03:37:59 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PortableDeviceClassExtension.dll
[2011/09/27 06:16:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2011/09/27 06:15:56 | 000,000,000 | ---D | C] -- C:\Users\Irene\AppData\Local\{3F65C56C-4847-41D3-8284-91DCA302FDAF}
[2011/09/27 06:01:48 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2011/09/27 06:01:38 | 000,979,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFH264Dec.dll
[2011/09/27 06:01:38 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll
[2011/09/27 06:01:38 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsRasterService.dll
[2011/09/27 06:01:37 | 000,357,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MFHEAACdec.dll
[2011/09/27 06:01:37 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfmp4src.dll
[2011/09/27 06:01:37 | 000,261,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfreadwrite.dll
[2011/09/27 06:01:36 | 002,873,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2011/09/27 06:01:36 | 000,667,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2011/09/27 06:01:36 | 000,209,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2011/09/27 06:01:36 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll
[2011/09/27 06:01:34 | 000,098,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2011/09/27 06:01:34 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2011/09/27 06:00:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/09/27 06:00:31 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll
[2011/09/27 06:00:31 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll
[2011/09/27 06:00:31 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll
[2011/09/27 06:00:31 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll
[2011/09/27 06:00:30 | 001,554,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xpsservices.dll
[2011/09/27 06:00:30 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2011/09/27 06:00:30 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll
[2011/09/27 06:00:30 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll
[2011/09/27 06:00:30 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll
[2011/09/27 06:00:29 | 000,847,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\OpcServices.dll
[2011/09/27 06:00:29 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll
[2011/09/27 05:58:27 | 003,602,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/09/27 05:58:26 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/09/27 05:18:00 | 000,231,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msshsq.dll
[2011/09/26 14:55:10 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2011/09/26 14:55:10 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2011/09/26 14:55:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2011/09/26 11:32:18 | 000,000,000 | ---D | C] -- C:\Users\Irene\Documents\Symantec
[2011/09/26 11:29:02 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Windows\System32\
[2011/10/24 12:34:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/24 12:34:30 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/24 12:34:30 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/24 11:36:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1736235967-2657770174-236075978-1001UA.job
[2011/10/24 11:35:49 | 000,000,000 | ---- | M] () -- C:\Windows\2223540905
[2011/10/24 11:35:43 | 2011,684,864 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/22 10:49:20 | 000,001,778 | ---- | M] () -- C:\Users\Irene\Desktop\HijackThis.lnk
[2011/10/22 10:47:00 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2011/10/22 07:07:17 | 262,748,954 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/10/21 18:36:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1736235967-2657770174-236075978-1001Core.job
[2011/10/21 11:45:05 | 000,008,192 | ---- | M] () -- C:\Users\Irene\AppData\Roaming\SQLiteManager3.pref
[2011/10/21 11:36:37 | 000,000,558 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Irene.job
[2011/10/21 11:31:21 | 000,001,013 | ---- | M] () -- C:\Users\Public\Desktop\SQLiteManager.lnk
[2011/10/21 11:31:20 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SQLiteManager
[2011/10/21 10:50:34 | 000,000,000 | -HS- | M] () -- C:\Windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/10/21 10:34:53 | 000,001,101 | ---- | M] () -- C:\Users\Public\Desktop\iPhone Backup Extractor.lnk
[2011/10/21 10:34:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reincubate
[2011/10/21 05:05:33 | 000,001,664 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/21 05:05:33 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/10/21 04:33:27 | 000,001,830 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/10/17 03:44:17 | 000,001,682 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys
[2011/10/13 04:24:01 | 000,391,552 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011/10/05 11:35:43 | 000,002,004 | ---- | M] () -- C:\Users\Irene\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/05 11:35:42 | 000,002,042 | ---- | M] () -- C:\Users\Irene\Desktop\Google Chrome.lnk
[2011/10/02 03:07:32 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_M4iPodWPDDriver_01_07_00.Wdf
[2011/10/01 13:27:58 | 000,000,093 | ---- | M] () -- C:\Users\Irene\AppData\default.pls
[2011/10/01 07:35:01 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2011/10/01 07:34:56 | 000,001,191 | ---- | M] () -- C:\Users\Irene\Desktop\Free YouTube to MP3 Converter.lnk
[2011/10/01 05:57:27 | 005,678,816 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/10/01 05:57:26 | 017,093,004 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011/10/01 05:57:26 | 004,982,026 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/10/01 05:57:25 | 005,463,878 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011/09/29 12:05:59 | 000,000,943 | ---- | M] () -- C:\Users\Irene\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/09/29 11:41:41 | 000,012,288 | ---- | M] () -- C:\Users\Irene\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/29 11:38:57 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/09/29 11:38:57 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/09/29 11:38:27 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011/09/29 11:38:26 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011/09/29 11:38:25 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/09/29 11:38:25 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011/09/29 11:38:25 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011/09/29 11:38:25 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011/09/29 11:38:23 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011/09/29 11:38:23 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011/09/29 11:38:23 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/09/29 11:38:23 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011/09/29 11:38:23 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011/09/29 11:38:22 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/09/29 11:38:22 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/09/29 11:38:21 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/09/29 11:38:21 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/09/29 11:38:21 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/09/29 11:38:21 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/09/29 11:38:20 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011/09/29 11:38:20 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/09/29 11:38:19 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/09/29 11:38:19 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011/09/29 11:38:19 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011/09/29 11:38:19 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011/09/29 11:38:18 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/09/29 11:38:18 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011/09/29 11:38:17 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011/09/29 11:38:17 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011/09/29 11:38:17 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/09/29 11:38:17 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011/09/29 11:38:17 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011/09/29 11:38:16 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/09/29 11:38:15 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011/09/29 11:38:15 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/09/29 11:38:14 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011/09/29 11:34:49 | 000,000,870 | ---- | M] () -- C:\Users\Irene\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/09/29 11:34:46 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/09/29 11:34:44 | 000,000,858 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/09/28 03:53:34 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/09/28 03:48:13 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2011/09/26 11:40:08 | 000,000,000 | R--D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
 
========== Files Created - No Company Name ==========
 
[2011/10/22 10:47:00 | 000,001,778 | ---- | C] () -- C:\Users\Irene\Desktop\HijackThis.lnk
[2011/10/22 09:09:43 | 2011,684,864 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/21 11:32:02 | 000,008,192 | ---- | C] () -- C:\Users\Irene\AppData\Roaming\SQLiteManager3.pref
[2011/10/21 11:31:21 | 000,001,013 | ---- | C] () -- C:\Users\Public\Desktop\SQLiteManager.lnk
[2011/10/21 10:50:34 | 000,000,000 | -HS- | C] () -- C:\Windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}
[2011/10/21 10:50:15 | 000,000,000 | ---- | C] () -- C:\Windows\2223540905
[2011/10/21 10:34:52 | 000,001,101 | ---- | C] () -- C:\Users\Public\Desktop\iPhone Backup Extractor.lnk
[2011/10/21 05:05:32 | 000,001,664 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/10/02 03:07:32 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_M4iPodWPDDriver_01_07_00.Wdf
[2011/10/01 07:34:56 | 000,001,191 | ---- | C] () -- C:\Users\Irene\Desktop\Free YouTube to MP3 Converter.lnk
[2011/09/29 11:38:21 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/09/29 11:30:40 | 000,002,004 | ---- | C] () -- C:\Users\Irene\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/09/29 11:30:39 | 000,002,042 | ---- | C] () -- C:\Users\Irene\Desktop\Google Chrome.lnk
[2011/09/29 11:26:01 | 000,001,120 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1736235967-2657770174-236075978-1001UA.job
[2011/09/29 11:26:00 | 000,001,068 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1736235967-2657770174-236075978-1001Core.job
[2011/09/28 03:53:34 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2011/09/28 03:48:13 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/08/27 14:37:45 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009/12/03 03:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009/10/15 04:05:00 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2009/09/15 08:51:18 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/09/15 08:51:18 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/15 08:50:37 | 000,067,072 | ---- | C] () -- C:\Windows\System32\drivers\cdrom.sys
[2009/07/11 06:29:03 | 000,000,093 | ---- | C] () -- C:\Users\Irene\AppData\default.pls
[2009/05/21 04:47:39 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/01/06 05:36:23 | 000,000,680 | ---- | C] () -- C:\Users\Irene\AppData\Local\d3d9caps.dat
[2008/04/16 08:08:51 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2008/04/16 08:08:51 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2008/03/05 07:40:42 | 000,000,049 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/03/05 07:35:39 | 000,012,288 | ---- | C] () -- C:\Users\Irene\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/05 07:28:49 | 000,000,010 | ---- | C] () -- C:\Windows\WININIT.INI
[2008/03/05 07:23:36 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008/03/05 07:23:36 | 000,000,030 | ---- | C] () -- C:\Windows\System32\brss01a.ini
[2008/03/05 07:23:36 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2008/03/05 07:22:40 | 000,000,050 | ---- | C] () -- C:\Windows\System32\bridf05a.dat
[2008/03/04 09:01:23 | 000,001,682 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2008/03/03 13:11:38 | 000,001,471 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2008/03/03 12:55:23 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/03/03 12:55:22 | 000,000,063 | ---- | C] () -- C:\Windows\mdm.ini
[2008/03/03 11:50:33 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/03/03 11:27:41 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2008/02/20 22:05:44 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008/02/20 22:03:24 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2007/10/22 04:53:16 | 000,000,381 | ---- | C] () -- C:\Windows\WISO.INI
[2007/10/12 11:50:13 | 000,000,032 | ---- | C] () -- C:\Windows\CD_Start.INI
[2007/10/12 04:27:34 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2007/10/12 03:00:13 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007/10/11 14:21:05 | 000,006,212 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2007/08/21 21:56:17 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/07/16 11:37:39 | 000,154,206 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2006/11/02 14:40:12 | 000,174,656 | ---- | C] () -- C:\Windows\System32\PSIService.exe
[2006/11/02 11:33:31 | 017,093,004 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006/11/02 11:33:31 | 005,463,878 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006/11/02 11:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006/11/02 11:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:47:37 | 000,391,552 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:33:01 | 005,678,816 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 004,982,026 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/02/20 12:53:42 | 000,005,702 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2001/07/13 02:04:00 | 000,373,248 | ---- | C] () -- C:\Windows\EyeCand3.INI
[1999/01/22 14:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
 
========== LOP Check ==========
 
[2011/10/21 09:36:31 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\Babylon
[2011/10/01 07:35:27 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\DVDVideoSoft
[2011/10/01 07:35:08 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/08/24 11:32:57 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\gtk-2.0
[2011/10/21 12:15:08 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\Moka
[2011/10/22 07:11:17 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\Reviversoft
[2011/10/21 11:32:17 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\SQLiteManager
[2011/03/06 15:11:16 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\temp
[2011/02/04 08:30:01 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\Thunderbird
[2011/10/21 10:52:42 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\Tific
[2011/10/01 07:06:43 | 000,000,000 | ---D | M] -- C:\Users\Irene\AppData\Roaming\TuneAid
[2008/03/03 11:08:46 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
[2011/10/21 09:36:31 | 000,000,000 | ---D | M] -- C:\ProgramData\Babylon
[2011/10/21 11:17:36 | 000,000,000 | ---D | M] -- C:\ProgramData\BabylonUpdater
[2007/10/12 11:55:11 | 000,000,000 | ---D | M] -- C:\ProgramData\Borland
[2007/10/22 04:52:43 | 000,000,000 | ---D | M] -- C:\ProgramData\Buhl Data Service GmbH
[2008/03/05 07:28:49 | 000,000,000 | ---D | M] -- C:\ProgramData\CanonCP
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents
[2008/03/03 11:08:46 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente
[2011/06/11 05:03:58 | 000,000,000 | ---D | M] -- C:\ProgramData\Electronic Arts
[2008/03/03 11:08:46 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites
[2011/02/17 09:21:29 | 000,000,000 | ---D | M] -- C:\ProgramData\FreePDF
[2010/05/17 10:48:27 | 000,000,000 | ---D | M] -- C:\ProgramData\GameHouse
[2011/10/21 10:41:34 | 000,000,000 | ---D | M] -- C:\ProgramData\InstallMate
[2007/10/12 12:43:21 | 000,000,000 | ---D | M] -- C:\ProgramData\LightScribe
[2007/10/23 04:49:05 | 000,000,000 | ---D | M] -- C:\ProgramData\My Music
[2011/10/21 10:39:12 | 000,000,000 | ---D | M] -- C:\ProgramData\Premium
[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu
[2008/03/03 11:08:46 | 000,000,000 | -HSD | M] -- C:\ProgramData\Startmenü
[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates
[2011/08/17 04:34:51 | 000,000,000 | ---D | M] -- C:\ProgramData\TrackMania
[2008/03/03 11:08:46 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen
[2008/03/03 11:54:17 | 000,000,000 | ---D | M] -- C:\ProgramData\WinZip
[2009/12/10 15:27:53 | 000,000,000 | ---D | M] -- C:\ProgramData\Zylom
[2011/03/28 07:17:39 | 000,000,000 | ---D | M] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/12/21 10:00:11 | 000,000,000 | ---D | M] -- C:\ProgramData\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/10/24 12:34:22 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 816 bytes -> C:\Windows\2223540905:1450538875.exe
< End of report >

--- --- ---

und der 2.:OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 10/24/2011 7:48:52 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 450.13 Gb Total Space | 318.42 Gb Free Space | 70.74% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05831078-5C78-038A-553D-6F94E99B8AD1}" = Catalyst Control Center Graphics Light
"{05D1531E-11D3-C4E0-DA0C-F0EE314EB1E7}" = ccc-core-static
"{0DE739CA-9487-4E3E-8511-92EAF01F1031}" = Nero 7 Essentials
"{12665B01-3F3A-4433-B179-9D8E352D7547}" = Try Corel Snapfire muvee autoProducer add on
"{17E14D89-3A9F-4706-9F9B-C2DFC7ABE94B}" = Corel Snapfire DVD Maker
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{29ED20C9-5E15-4969-9279-25BF3727A3DA}" = iTunes
"{2EAB7D86-942A-2123-2F59-E4A1EE989A72}" = ccc-utility
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A712D29-DBE3-4381-A331-AF4AE5BEB244}" = ArcSoft Software Suite
"{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5F6A846C-1CBA-407F-839C-DC0204547F13}" = EuroRoute 2008
"{625EE105-F2F0-A0ED-BC06-D5392F3581CE}" = Catalyst Control Center Graphics Full New
"{6DE13770-01B7-4366-8DA6-48237793F445}" = VoiceOver Kit
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7ADE3A47-B425-45E9-8FF6-11BE2B775645}" = Corel Snapfire Plus
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7EEFDEF4-CE37-1FD1-AED9-4B0B9AB852A6}" = Catalyst Control Center Core Implementation
"{807127A8-4E9D-C323-865C-230A277FD29E}" = Catalyst Control Center Graphics Full Existing
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95436D3D-737A-8249-8971-372A8587FBAE}" = CCC Help German
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{A00B9A50-3090-4CFF-9CDA-82DA0BEDAA21}" = Apple Mobile Device Support
"{A2370EDB-B2EE-5382-7D62-78B3D0664708}" = Catalyst Control Center Graphics Previews Vista
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.4 - Deutsch
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ACCF6F84-AD7A-6CA5-3324-B619359CDDC0}" = Skins
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BB9AC6BF-71B6-42A4-9689-C17D9F44E79A}" = Brother MFL-Pro Suite
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3
"{CC516453-9703-ABF9-201F-58A5EC567292}" = ATI Catalyst Install Manager
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE86A0E7-818D-43EC-A181-59BA9BD3EF2E}" = LightScribe  1.8.13.1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 Anniversary Edition
"{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional
"{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade
"{E17BDC6C-C461-D8C4-FD6E-2D6EF656D67F}" = Catalyst Control Center Localization German
"{E1C7EF5E-3A7B-4ED4-A48B-F70F1B36EAB4}" = Corel Paint Shop Pro Photo XI
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E3E62E-16D7-425E-009C-DCB5E64F5955}" = FIFA 2005
"{E5210CA5-407E-FE10-45AB-9A5B9695F82C}" = Catalyst Control Center Graphics Previews Common
"{F095393B-0D7E-4BC7-A28A-2CD66E8BB449}" = SQLiteManager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"82A44D22-9452-49FB-00FB-CEC7DCAF7E23" = EA SPORTS online 2005
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"EADM" = EA Download Manager
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"FreePDF_XP" = FreePDF XP (Remove only)
"FUSSBALL MANAGER 09" = FUSSBALL MANAGER 09
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25102)
"HijackThis" = HijackThis 2.0.2
"iPhoneBackupExtractor" = iPhone Backup Extractor
"LIDL Fotoservice_is1" = LIDL Fotoservice
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MozBackup_is1" = MozBackup 1.4.7
"Mozilla Firefox 7.0 (x86 de)" = Mozilla Firefox 7.0 (x86 de)
"NSS" = Norton Security Scan
"Picasa 3" = Picasa 3
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"TmNationsForever_is1" = TmNationsForever
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinRAR archiver" = WinRAR
"WinZip" = WinZip
"Zylom Games Player Plugin" = Zylom Games Player Plugin
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\Irene_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"DrKawashima" = Dr Kawashima
"Google Chrome" = Google Chrome
 
< End of report >

--- --- ---

guckste dir den mal an?? danke schonmal

markusg · 24.10.2011, 16:24

na da kommen wir der sache doch schon näher.
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort rein:

Code:

ATTFilter

:OTL
O20 - HKU\Irene_ON_C Winlogon: Shell - (C:\Users\Irene\AppData\Local\a98a8884\X) - C:\Users\Irene\AppData\Local\a98a8884\X ()
:Files
C:\Users\Irene\AppData\Local\a98a8884
:Commands
[purity]
[EMPTYFLASH] 
[emptytemp]
[Reboot]

dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

wenn das mit dem fix geklappt hatt, und windows startet, folgendes:
öffne computer, öffne C: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
folge dem link, und lade das archiv im upload channel hoch
http://www.trojaner-board.de/54791-a...ner-board.html

booster123 · 24.10.2011, 16:56

okay habe ich dort hochgeladen. findest du es?

markusg · 24.10.2011, 17:09

jepp.
combofix:

Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.

Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.

Besuche folgende Seite für Downloadlinks und Anweisungen für dieses
Tool

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Hinweis:
Gehe sicher das all deine Anti Virus und Anti Malware Programme abgeschalten sind, damit diese Combofix nicht bei der Arbeit stören.
Poste bitte die C:\Combofix.txt in deiner nächsten Antwort.

booster123 · 24.10.2011, 18:35

hier das log von combofix:
Combofix Logfile:

Code:

ATTFilter

ComboFix 11-10-24.02 - Irene 24.10.2011  23:14:04.4.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.1918.945 [GMT 2:00]
ausgeführt von:: c:\users\Irene\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Irene\AppData\Roaming\Help\ceptr.tll
c:\users\Irene\AppData\Roaming\Help\comm.tll
c:\users\Irene\AppData\Roaming\Help\coredb\storage
c:\users\Irene\Sav3AE5.tmp
c:\users\Irene\SavD5EE.tmp
c:\windows\$NtUninstallKB57073$
c:\windows\$NtUninstallKB57073$\2186878887
c:\windows\$NtUninstallKB57073$\2844428420\@
c:\windows\$NtUninstallKB57073$\2844428420\L\qnbwvoto
c:\windows\$NtUninstallKB57073$\2844428420\loader.tlb
c:\windows\$NtUninstallKB57073$\2844428420\U\@00000001
c:\windows\$NtUninstallKB57073$\2844428420\U\@000000c0
c:\windows\$NtUninstallKB57073$\2844428420\U\@000000cb
c:\windows\$NtUninstallKB57073$\2844428420\U\@000000cf
c:\windows\$NtUninstallKB57073$\2844428420\U\@80000000
c:\windows\$NtUninstallKB57073$\2844428420\U\@800000c0
c:\windows\$NtUninstallKB57073$\2844428420\U\@800000cb
c:\windows\$NtUninstallKB57073$\2844428420\U\@800000cf
c:\windows\{2521BB91-29B1-4d7e-9137-AC9875D77735}
c:\windows\assembly\GAC_MSIL\desktop.ini
c:\windows\system32\ 
.
Infizierte Kopie von c:\windows\system32\drivers\cdrom.sys wurde gefunden und desinfiziert 
Kopie von - c:\windows\System32\DriverStore\FileRepository\cdrom.inf_c949a5b6\cdrom.sys wurde wiederhergestellt 
.
Infizierte Kopie von c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe wurde gefunden und desinfiziert 
Kopie von - c:\combofix\HarddiskVolumeShadowCopy9_!Program Files!Avira!AntiVir PersonalEdition Classic!sched.exe wurde wiederhergestellt 
.
Infizierte Kopie von c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe wurde gefunden und desinfiziert 
Kopie von - c:\combofix\HarddiskVolumeShadowCopy9_!Program Files!Avira!AntiVir PersonalEdition Classic!avguard.exe wurde wiederhergestellt 
.
Infizierte Kopie von c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe wurde gefunden und desinfiziert 
Kopie von - c:\combofix\HarddiskVolumeShadowCopy9_!Program Files!Common Files!Apple!Mobile Device Support!AppleMobileDeviceService.exe wurde wiederhergestellt 
.
Infizierte Kopie von c:\windows\system32\Ati2evxx.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\System32\DriverStore\FileRepository\cl_52447.inf_41d08328\B_52365\Ati2evxx.exe wurde wiederhergestellt 
.
Infizierte Kopie von c:\windows\system32\brsvc01a.exe wurde gefunden und desinfiziert 
Kopie von - c:\windows\System32\DriverStore\FileRepository\brprbh3e.inf_5fe52dce\brsvc01a.exe wurde wiederhergestellt 
.
Infizierte Kopie von c:\program files\iPod\bin\iPodService.exe wurde gefunden und desinfiziert 
Kopie von - c:\combofix\HarddiskVolumeShadowCopy9_!Program Files!iPod!bin!iPodService.exe wurde wiederhergestellt 
.
Infizierte Kopie von c:\program files\Common Files\LightScribe\LSSrvc.exe wurde gefunden und desinfiziert 
Kopie von - c:\combofix\HarddiskVolumeShadowCopy9_!Program Files!Common Files!LightScribe!LSSrvc.exe wurde wiederhergestellt 
.
Infizierte Kopie von c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE wurde gefunden und desinfiziert 
Kopie von - c:\combofix\HarddiskVolumeShadowCopy9_!Program Files!Common Files!microsoft shared!VS7DEBUG!MDM.EXE wurde wiederhergestellt 
.
Infizierte Kopie von c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe wurde gefunden und desinfiziert 
Kopie von - c:\combofix\HarddiskVolumeShadowCopy9_!Program Files!Common Files!Ahead!Lib!NMIndexingService.exe wurde wiederhergestellt 
.
Infizierte Kopie von c:\windows\system32\PSIService.exe wurde gefunden und desinfiziert 
Kopie von - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!System32!PSIService.exe wurde wiederhergestellt 
.
Infizierte Kopie von c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe wurde gefunden und desinfiziert 
Kopie von - c:\combofix\HarddiskVolumeShadowCopy9_!Program Files!Avira!AntiVir PersonalEdition Classic!sched.exe wurde wiederhergestellt
Infizierte Kopie von c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe wurde gefunden und desinfiziert 
Kopie von - c:\combofix\HarddiskVolumeShadowCopy9_!Program Files!Avira!AntiVir PersonalEdition Classic!avguard.exe wurde wiederhergestellt
Infizierte Kopie von c:\windows\system32\PSIService.exe wurde gefunden und desinfiziert 
Kopie von - c:\combofix\HarddiskVolumeShadowCopy9_!Windows!System32!PSIService.exe wurde wiederhergestellt
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_a98a8884
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-09-24 bis 2011-10-24  ))))))))))))))))))))))))))))))
.
.
2011-10-25 01:45 . 2011-07-13 02:55	2237440	----a-r-	C:\OTLPE.exe
2011-10-25 01:45 . 2011-10-24 19:50	--------	d-----w-	C:\_OTL
2011-10-24 21:23 . 2011-10-24 21:25	--------	d-----w-	c:\users\Irene\AppData\Local\temp
2011-10-24 21:23 . 2011-10-24 21:23	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-10-22 21:50 . 2011-10-24 22:21	--------	d-----w-	C:\NBRT
2011-10-22 14:47 . 2011-10-22 14:47	--------	d-----w-	c:\program files\Trend Micro
2011-10-21 16:40 . 2011-10-22 11:10	--------	d-----w-	c:\program files\Easy Downloads
2011-10-21 16:15 . 2011-10-21 16:15	--------	d-----w-	c:\users\Irene\AppData\Roaming\Moka
2011-10-21 15:56 . 2011-10-22 11:11	--------	d-----w-	c:\users\Irene\AppData\Roaming\Reviversoft
2011-10-21 15:56 . 2011-08-09 15:26	17224	----a-w-	c:\windows\system32\roboot.exe
2011-10-21 15:32 . 2011-10-21 15:32	--------	d-----w-	c:\users\Irene\AppData\Roaming\SQLiteManager
2011-10-21 15:31 . 2011-10-21 15:31	--------	d-----w-	c:\program files\SQLabs
2011-10-21 14:54 . 2011-10-21 14:54	--------	d-sh--w-	c:\windows\system32\%APPDATA%
2011-10-21 14:52 . 2011-10-21 14:52	--------	d-----w-	c:\users\Irene\AppData\Roaming\Tific
2011-10-21 14:52 . 2011-10-21 14:52	--------	d-----w-	c:\users\Irene\AppData\Local\Symantec
2011-10-21 14:40 . 2011-10-21 16:41	--------	d-----w-	c:\program files\SweetIM
2011-10-21 14:39 . 2011-10-21 14:39	--------	d-----w-	c:\programdata\Premium
2011-10-21 14:39 . 2011-10-21 14:41	--------	d-----w-	c:\programdata\InstallMate
2011-10-21 13:37 . 2011-10-21 13:37	--------	d-----w-	c:\program files\Fast Download Manager
2011-10-21 13:37 . 2011-09-23 04:44	773080	----a-w-	c:\program files\Mozilla Firefox\sqlite3.dll
2011-10-21 13:36 . 2011-10-21 13:36	--------	d-----w-	c:\users\Irene\AppData\Local\Babylon
2011-10-21 13:36 . 2011-10-21 13:36	--------	d-----w-	c:\users\Irene\AppData\Roaming\Babylon
2011-10-21 13:36 . 2011-10-21 13:36	--------	d-----w-	c:\programdata\Babylon
2011-10-21 13:20 . 2011-10-21 13:20	--------	d-----w-	c:\program files\Reincubate
2011-10-21 09:03 . 2011-10-21 09:03	--------	d-----w-	c:\program files\iPod
2011-10-21 08:53 . 2011-10-22 11:14	--------	d-----w-	c:\program files\Bonjour
2011-10-21 08:33 . 2011-10-21 08:33	--------	d-----w-	c:\program files\Apple Software Update
2011-10-17 15:24 . 2008-01-19 07:34	89600	----a-w-	c:\windows\system32\Spool\prtprocs\w32x86\HPZPPLHN.DLL
2011-10-17 15:23 . 2011-10-18 15:58	--------	d-----w-	c:\program files\Common Files\Bullzip
2011-10-12 10:10 . 2011-07-29 16:01	293376	----a-w-	c:\windows\system32\psisdecd.dll
2011-10-12 10:10 . 2011-07-29 16:01	217088	----a-w-	c:\windows\system32\psisrndr.ax
2011-10-12 10:10 . 2011-07-29 16:00	57856	----a-w-	c:\windows\system32\MSDvbNP.ax
2011-10-12 10:10 . 2011-07-29 16:00	69632	----a-w-	c:\windows\system32\Mpeg2Data.ax
2011-10-12 10:10 . 2011-09-06 13:30	2043392	----a-w-	c:\windows\system32\win32k.sys
2011-10-12 10:09 . 2011-09-14 10:51	2409784	----a-w-	c:\program files\Windows Mail\OESpamFilter.dat
2011-10-12 10:09 . 2011-08-25 16:15	555520	----a-w-	c:\windows\system32\UIAutomationCore.dll
2011-10-12 10:09 . 2011-08-25 16:14	238080	----a-w-	c:\windows\system32\oleacc.dll
2011-10-12 10:09 . 2011-08-25 16:14	563712	----a-w-	c:\windows\system32\oleaut32.dll
2011-10-12 10:09 . 2011-08-25 13:31	4096	----a-w-	c:\windows\system32\oleaccrc.dll
2011-10-01 11:35 . 2011-10-01 11:35	--------	d-----w-	c:\users\Irene\AppData\Roaming\DVDVideoSoft
2011-10-01 11:34 . 2011-10-01 11:34	--------	d-----w-	c:\program files\Common Files\DVDVideoSoft
2011-10-01 11:34 . 2011-10-01 11:34	--------	d-----w-	c:\program files\DVDVideoSoft
2011-10-01 11:19 . 2009-07-14 17:45	132224	----a-w-	c:\windows\system32\drivers\WUDFRd.sys
2011-10-01 11:19 . 2009-07-14 17:48	64512	----a-w-	c:\windows\system32\WUDFSvc.dll
2011-10-01 11:19 . 2009-07-14 17:48	39936	----a-w-	c:\windows\system32\WUDFCoinstaller.dll
2011-10-01 11:19 . 2009-07-14 17:48	162304	----a-w-	c:\windows\system32\WUDFPlatform.dll
2011-10-01 11:19 . 2009-07-14 17:45	92672	----a-w-	c:\windows\system32\drivers\WUDFPf.sys
2011-10-01 11:19 . 2009-07-14 17:45	195584	----a-w-	c:\windows\system32\WUDFHost.exe
2011-10-01 11:19 . 2009-07-14 17:48	567808	----a-w-	c:\windows\system32\WUDFx.dll
2011-10-01 11:16 . 2011-10-01 11:28	--------	d-----w-	c:\program files\Mediafour
2011-10-01 11:03 . 2011-10-01 11:06	--------	d-----w-	c:\users\Irene\AppData\Roaming\TuneAid
2011-10-01 10:36 . 2011-10-24 20:54	--------	d-----w-	c:\users\Irene\AppData\Local\CrashDumps
2011-09-28 12:57 . 2011-03-12 21:55	876032	----a-w-	c:\windows\system32\XpsPrint.dll
2011-09-28 07:58 . 2011-09-28 07:58	--------	d-----w-	c:\program files\Windows Portable Devices
2011-09-28 07:40 . 2009-09-10 02:00	92672	----a-w-	c:\windows\system32\UIAnimation.dll
2011-09-28 07:40 . 2009-09-10 02:01	3023360	----a-w-	c:\windows\system32\UIRibbon.dll
2011-09-28 07:40 . 2009-09-10 02:00	1164800	----a-w-	c:\windows\system32\UIRibbonRes.dll
2011-09-28 07:39 . 2009-09-25 01:33	369664	----a-w-	c:\windows\system32\WMPhoto.dll
2011-09-28 07:39 . 2009-09-25 02:10	974848	----a-w-	c:\windows\system32\WindowsCodecs.dll
2011-09-28 07:39 . 2009-09-25 02:07	189440	----a-w-	c:\windows\system32\WindowsCodecsExt.dll
2011-09-28 07:39 . 2009-09-25 02:04	321024	----a-w-	c:\windows\system32\PhotoMetadataHandler.dll
2011-09-28 07:39 . 2009-09-25 01:33	195584	----a-w-	c:\windows\system32\dxdiagn.dll
2011-09-28 07:39 . 2009-09-25 01:32	252928	----a-w-	c:\windows\system32\dxdiag.exe
2011-09-28 07:39 . 2009-09-25 01:31	519680	----a-w-	c:\windows\system32\d3d11.dll
2011-09-28 07:38 . 2009-10-01 01:02	30208	----a-w-	c:\windows\system32\WPDShextAutoplay.exe
2011-09-28 07:38 . 2009-10-01 01:02	31232	----a-w-	c:\windows\system32\BthMtpContextHandler.dll
2011-09-28 07:38 . 2009-10-01 01:01	81920	----a-w-	c:\windows\system32\wpdbusenum.dll
2011-09-28 07:38 . 2009-10-01 01:01	60928	----a-w-	c:\windows\system32\PortableDeviceConnectApi.dll
2011-09-28 07:38 . 2009-10-01 01:01	40448	----a-w-	c:\windows\system32\drivers\WpdUsb.sys
2011-09-28 07:38 . 2009-10-01 01:01	61952	----a-w-	c:\windows\system32\WpdMtpUS.dll
2011-09-28 07:38 . 2009-10-01 01:01	33280	----a-w-	c:\windows\system32\WpdConns.dll
2011-09-28 07:37 . 2009-10-01 01:02	2537472	----a-w-	c:\windows\system32\wpdshext.dll
2011-09-28 07:37 . 2009-10-01 01:02	334848	----a-w-	c:\windows\system32\PortableDeviceApi.dll
2011-09-28 07:37 . 2009-10-01 01:02	87552	----a-w-	c:\windows\system32\WPDShServiceObj.dll
2011-09-28 07:37 . 2009-10-01 01:01	546816	----a-w-	c:\windows\system32\wpd_ci.dll
2011-09-28 07:37 . 2009-10-01 01:01	160256	----a-w-	c:\windows\system32\PortableDeviceTypes.dll
2011-09-28 07:37 . 2009-10-01 01:01	350208	----a-w-	c:\windows\system32\WPDSp.dll
2011-09-28 07:37 . 2009-10-01 01:01	196608	----a-w-	c:\windows\system32\PortableDeviceWMDRM.dll
2011-09-28 07:37 . 2009-10-01 01:01	100864	----a-w-	c:\windows\system32\PortableDeviceClassExtension.dll
2011-09-28 07:37 . 2009-10-01 01:01	839168	----a-w-	c:\windows\system32\drivers\UMDF\WpdMtpDr.dll
2011-09-28 07:37 . 2009-10-01 01:01	226816	----a-w-	c:\windows\system32\WpdMtp.dll
2011-09-27 10:16 . 2011-09-27 10:16	--------	d-----w-	c:\program files\Common Files\Windows Live
2011-09-27 10:00 . 2011-07-11 13:25	2048	----a-w-	c:\windows\system32\tzres.dll
2011-09-27 10:00 . 2011-01-20 16:08	160768	----a-w-	c:\windows\system32\d3d10_1.dll
2011-09-27 10:00 . 2011-01-20 16:08	1029120	----a-w-	c:\windows\system32\d3d10.dll
2011-09-27 10:00 . 2011-01-20 14:12	1172480	----a-w-	c:\windows\system32\d3d10warp.dll
2011-09-27 10:00 . 2011-01-20 13:47	683008	----a-w-	c:\windows\system32\d2d1.dll
2011-09-27 10:00 . 2011-02-22 13:33	1068544	----a-w-	c:\windows\system32\DWrite.dll
2011-09-27 10:00 . 2011-02-22 13:33	797696	----a-w-	c:\windows\system32\FntCache.dll
2011-09-27 10:00 . 2011-01-20 16:08	219648	----a-w-	c:\windows\system32\d3d10_1core.dll
2011-09-27 10:00 . 2011-01-20 16:08	189952	----a-w-	c:\windows\system32\d3d10core.dll
2011-09-27 10:00 . 2011-01-20 14:28	1554432	----a-w-	c:\windows\system32\xpsservices.dll
2011-09-27 10:00 . 2011-01-20 14:11	486400	----a-w-	c:\windows\system32\d3d10level9.dll
2011-09-27 10:00 . 2011-02-22 14:13	288768	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-09-27 10:00 . 2011-01-20 14:25	847360	----a-w-	c:\windows\system32\OpcServices.dll
2011-09-27 09:58 . 2011-06-20 08:54	3602832	----a-w-	c:\windows\system32\ntkrnlpa.exe
2011-09-27 09:58 . 2011-06-20 08:54	3550096	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-09-27 09:58 . 2011-06-17 20:13	905104	----a-w-	c:\windows\system32\drivers\tcpip.sys
2011-09-27 09:18 . 2010-05-04 19:13	231424	----a-w-	c:\windows\system32\msshsq.dll
2011-09-26 18:55 . 2011-09-26 18:59	--------	d-----w-	c:\windows\system32\ca-ES
2011-09-26 18:55 . 2011-09-26 18:58	--------	d-----w-	c:\windows\system32\eu-ES
2011-09-26 18:55 . 2011-09-26 18:58	--------	d-----w-	c:\windows\system32\vi-VN
2011-09-26 15:30 . 2011-07-06 10:44	27888	----a-w-	c:\windows\system32\drivers\GEARAspiWDM.sys
2011-09-26 15:29 . 2011-10-22 11:36	--------	d-----w-	c:\program files\Norton 360
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-12 23:14 . 2011-09-23 10:45	7269712	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A571DDE1-AFEA-4276-9D67-DDD808BC89FF}\mpengine.dll
2011-08-02 15:38 . 2011-08-02 15:38	4517664	----a-w-	c:\windows\system32\usbaaplrc.dll
2011-08-02 15:38 . 2011-08-02 15:38	42496	----a-w-	c:\windows\system32\drivers\usbaapl.sys
2011-09-23 04:44 . 2011-08-24 15:41	134104	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2011-09-29 . 904E13BA41AF2E353A32CF351CA53639 . 748336 . . [9.00.8112.16421] . . c:\windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.1.8112.16421_none_58a99749ebaa0de6\iexplore.exe
[7] 2011-07-23 . 4D08A4234D645EFCB30605CC0BFA87F4 . 638232 . . [8.00.6001.23216] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23216_none_12cfce3e48ec3cf4\iexplore.exe
[7] 2011-07-23 . 04D1DC458C723B291179F8449ACC281D . 638232 . . [8.00.6001.19120] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19120_none_12355fcb2fdc2111\iexplore.exe
[7] 2011-05-28 . 7EE10C5413AD7ED1AF9E8FAE1B58FC3E . 638232 . . [8.00.6001.23181] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23181_none_127f1b72492984b1\iexplore.exe
[7] 2011-05-28 . ED65737D70FDEAC29F738E77D2496EE5 . 638232 . . [8.00.6001.19088] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19088_none_11fc80ad30059648\iexplore.exe
[7] 2011-02-22 . 9CE5543464432CA73134F170FA2BF823 . 638232 . . [8.00.6001.23143] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23143_none_12ac5bb64907479b\iexplore.exe
[7] 2011-02-22 . C1D36A2CBE0CEC4DF593DB1288CF586E . 638232 . . [8.00.6001.19048] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19048_none_1227c05d2fe52684\iexplore.exe
[7] 2010-12-18 . 7852371DA9EFBC17B645558E23780EAC . 638232 . . [8.00.6001.23111] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23111_none_12cacae648f0c11a\iexplore.exe
[7] 2010-12-18 . B988D7F127B94BD5BF8356FE81B985C4 . 638232 . . [8.00.6001.19019] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.19019_none_1249306b2fcbec08\iexplore.exe
[7] 2010-11-02 . 92A17B0A89D14815AACC62CD190B6CE3 . 638232 . . [8.00.6001.23091] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23091_none_127449a04931a37b\iexplore.exe
[7] 2010-11-02 . 5AB037B17F8A87D052F5A88E0D29A3C8 . 638232 . . [8.00.6001.18999] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18999_none_11f2d8e9300c984e\iexplore.exe
[7] 2010-09-08 . 4A719476A6393B1DCACFEB4F3AC6599C . 638232 . . [8.00.6001.23067] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23067_none_129abb204913e7b2\iexplore.exe
[7] 2010-09-08 . D5A730DFDEAE005373E62BC2A866E3BB . 638232 . . [8.00.6001.18975] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18975_none_120477992ffffb10\iexplore.exe
[7] 2010-06-26 . F05B3A2C6CB319DD1377AD566CF5ECE5 . 638232 . . [8.00.6001.23040] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23040_none_12a958f24909fe6f\iexplore.exe
[7] 2010-06-26 . 7420BE0E7D3D1320054F7ACA0594953D . 638232 . . [8.00.6001.18943] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18943_none_1222e6c92fe9748f\iexplore.exe
[7] 2010-05-04 . 48A6109E8DF0365195298CC527B7426A . 638232 . . [8.00.6001.23019] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.23019_none_12d2cb5048e98eab\iexplore.exe
[7] 2010-05-04 . 5C9B1062EA7A44E8F6BFDE994B68C7AA . 638232 . . [8.00.6001.18928] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18928_none_123d88132fd4bb60\iexplore.exe
[7] 2010-02-23 . 25DB705A7DC85C208B3CF2D20F118AA7 . 638232 . . [8.00.6001.22995] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22995_none_127872a6492dd595\iexplore.exe
[7] 2010-02-23 . 9F52FBE99C749E3F32C75124F09F1B03 . 638232 . . [8.00.6001.18904] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18904_none_124f26c32fc81e22\iexplore.exe
[7] 2010-01-02 . 3D8DA00B028DEA9517066F1CECBFC4A2 . 638216 . . [8.00.6001.22973] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22973_none_128c11ea491f6b05\iexplore.exe
[7] 2010-01-02 . 88BD42DAE7CFFEB256CA7145A15E4843 . 638216 . . [8.00.6001.18882] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18882_none_11f6a4e9300acdd5\iexplore.exe
[7] 2009-11-21 . E7F8DF50E483D165BB01F367D3519AA7 . 638232 . . [8.00.6001.22956] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22956_none_12a4b2a0490c7f28\iexplore.exe
[7] 2009-11-21 . 1B6362BB14FCEB9E76BCF9A953B04788 . 638232 . . [8.00.6001.18865] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18865_none_120f459f2ff7e1f8\iexplore.exe
[7] 2009-08-27 . 7DD482E4A2E3CBB0A72F718C342F5B75 . 638216 . . [8.00.6001.22918] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22918_none_12d1f2e448ea4212\iexplore.exe
[7] 2009-08-27 . 2E48756F12C21F46895036AC089AAD97 . 638232 . . [8.00.6001.18828] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18828_none_123d862d2fd4be39\iexplore.exe
[7] 2009-07-22 . 4B5AEA50CE77FBA4C2D169622DC9B489 . 638232 . . [8.00.6001.22903] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.22903_none_12d7c15e48e6a76e\iexplore.exe
[7] 2009-07-21 . C33BD196A0301F9B23D9A003D30ED8B0 . 638216 . . [8.00.6001.18813] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18813_none_124354a72fd12395\iexplore.exe
[7] 2009-07-18 . 1D8163DBFECAEDB9C48C5F55084BC491 . 634648 . . [7.00.6001.18294] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18294_none_2f04b5b11a43dbec\iexplore.exe
[7] 2009-07-18 . 1D5A01AA2DE47C052AF46D7EBCB003A3 . 634648 . . [7.00.6000.16890] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16890_none_2d1a75e31d20e59f\iexplore.exe
[7] 2009-07-18 . 7FCF4E704A48D95202F3E7A1E1A21412 . 634648 . . [7.00.6000.21089] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21089_none_2db7bd56362e80c9\iexplore.exe
[7] 2009-07-18 . EBEE9E4421F35CD861107DDA0266FBB1 . 634648 . . [7.00.6001.22475] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22475_none_2fa4f48433505a52\iexplore.exe
[7] 2009-04-24 . 1F44940EF1D07D0BDAF80E55853DFBD0 . 634648 . . [7.00.6000.16851] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16851_none_2d46b5dd1cff8f32\iexplore.exe
[7] 2009-04-24 . F294D8EEB05C835EC44A12CE0A1DFE7A . 634632 . . [7.00.6001.18248] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18248_none_2f3ec6751a17b593\iexplore.exe
[7] 2009-04-24 . D5271AC4A06AD9D1E2EA0151B79B2657 . 634648 . . [7.00.6000.21046] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21046_none_2ddffc283610c500\iexplore.exe
[7] 2009-04-24 . D6157423C117F24D24695866A1D0A93F . 634648 . . [7.00.6001.22418] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22418_none_2fe8d4ea331cfeb1\iexplore.exe
[7] 2009-04-11 . 2C5168C856455CC43C4B4E1CC1920001 . 636080 . . [7.00.6002.18005] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6002.18005_none_314d791517204c15\iexplore.exe
[7] 2009-03-08 . B60DDDD2D63CE41CB8C487FCFBB6419E . 638816 . . [8.00.6001.18702] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_8.0.6001.18702_none_124d22632fc9f126\iexplore.exe
[7] 2009-03-03 . 9E6C1527D9A2C64BFD780AA23075380F . 636072 . . [7.00.6001.18226] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18226_none_2f5265b91a094b03\iexplore.exe
[7] 2009-03-03 . 8BA2B7A05F88BE0D45237A0994AD8366 . 636072 . . [7.00.6001.22389] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.22389_none_2f9e23da3354de78\iexplore.exe
[7] 2009-03-03 . EA4BE33726155F89D89A3FE7142878E0 . 636072 . . [7.00.6000.16830] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16830_none_2d5b556b1cf03df9\iexplore.exe
[7] 2009-03-03 . 1DD66A2851DACDEC32EAE8F9A8865ABD . 636072 . . [7.00.6000.21023] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.21023_none_2df29b2236034119\iexplore.exe
[7] 2009-01-15 . F0B1CA517977BA2FF6DA33F1B966C488 . 634024 . . [7.00.6000.20996] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20996_none_2daa146a36391d73\iexplore.exe
[7] 2009-01-15 . 0844F5B9CB3BB85A917D347EF1565B6C . 634024 . . [7.00.6000.16809] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16809_none_2d84c7c91ccfce35\iexplore.exe
[7] 2008-10-16 . D762642A109433EEDCD332B0A9511137 . 634024 . . [7.00.6000.16764] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16764_none_2d3ee4e91d04fa01\iexplore.exe
[7] 2008-10-16 . 4CBA2F58668F2D5F3259CBE73E227F25 . 634024 . . [7.00.6000.20937] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20937_none_2debf43c36078f24\iexplore.exe
[7] 2008-10-02 . 19403B64906C9EAC627E3C10847B0FDA . 633632 . . [7.00.6000.16757] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16757_none_2d4cb5b31cfa2a15\iexplore.exe
[7] 2008-10-02 . 6655B851D9EEF7C83395EE52D551B448 . 633632 . . [7.00.6000.20927] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20927_none_2df6c42835ff7333\iexplore.exe
[7] 2008-06-27 . 157F8DE991396C536820D7FA5C8DCF7D . 625664 . . [7.00.6000.16711] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16711_none_2d71f3a71cdf2247\iexplore.exe
[7] 2008-06-27 . 4DBD95312B1C96C5285D38F1D748CD4D . 625664 . . [7.00.6000.20868] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20868_none_2dcc82dc361eff27\iexplore.exe
[7] 2008-04-25 . 07ED775D6DB4BFA96D7CFB09EB228418 . 625664 . . [7.00.6000.16681] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16681_none_2d26424d1d17e8b7\iexplore.exe
[7] 2008-04-25 . 9F1427F203CA078005C9943800929640 . 625664 . . [7.00.6000.20823] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20823_none_2df2c11a360310b0\iexplore.exe
[7] 2008-03-03 . 9143C721DD6482374EFB35BC35944324 . 625664 . . [7.00.6000.16609] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16609_none_2d84c3fd1ccfd3e7\iexplore.exe
[7] 2008-03-03 . 7F2693693511F7ECD2762081F2F19864 . 625664 . . [7.00.6000.20734] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20734_none_2de8ef92360a48d1\iexplore.exe
[7] 2008-02-22 . 182CAF7403705ACCB51211A761080B8F . 625664 . . [7.00.6000.20777] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20777_none_2dc0b0c03628049a\iexplore.exe
[7] 2008-02-21 . 9437CA21CD48C9B6BFD6F5AC0143D251 . 625664 . . [7.00.6000.16643] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16643_none_2d5382911cf5aba1\iexplore.exe
[7] 2008-01-19 . 5B92133D3E7FB2644677686305E29E81 . 625664 . . [7.00.6001.18000] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6001.18000_none_2f62000919fe80c9\iexplore.exe
[7] 2007-10-12 . 3C1B2AD79DBF750A15A8832AF8192DB4 . 625152 . . [7.00.6000.20663] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20663_none_2dc77d9e36238626\iexplore.exe
[7] 2007-10-12 . EDEE147E416398BB3DD5B0DD4F6F1D32 . 625152 . . [7.00.6000.16546] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16546_none_2d5681891cf2fa7f\iexplore.exe
[7] 2007-10-12 . BD8502DFD53FC24FB8D6929DC46B8C2C . 625152 . . [7.00.6000.20627] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.20627_none_2df6be7635ff7bbe\iexplore.exe
[7] 2007-10-12 . 275CEE268B9E5D82474C43D5D249D111 . 625152 . . [7.00.6000.16512] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16512_none_2d72f0251cde4150\iexplore.exe
[7] 2006-11-02 . 8308F01F27DF839E0010B0F72F855E35 . 623616 . . [7.00.6000.16386] . . c:\windows\winsxs\x86_microsoft-windows-ie-internetexplorer_31bf3856ad364e35_6.0.6000.16386_none_2d2b3e0d1d136ff5\iexplore.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-06-20 451872]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-01 153136]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2007-10-01 4702208]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-02-15 622592]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 65536]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2007-06-26 312320]
"Skytel"="Skytel.exe" [2007-08-03 1826816]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-10-09 421736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Picasa Media Detector"="c:\program files\Picasa2\PicasaMediaDetector.exe" [2008-02-26 443968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-3-3 389120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 HCW713x;Hauppauge 713x VU PCI TV Card;c:\windows\system32\DRIVERS\HCW713x.sys [2007-03-26 827776]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S3 Ph3xIB32;Philips 713x VU PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [2007-04-03 1131136]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-06-20 10:47	451872	----a-w-	c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2011-10-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1736235967-2657770174-236075978-1001Core.job
- c:\users\Irene\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-29 15:25]
.
2011-10-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1736235967-2657770174-236075978-1001UA.job
- c:\users\Irene\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-29 15:25]
.
2011-10-21 c:\windows\Tasks\Norton Security Scan for Irene.job
- c:\program files\Norton Security Scan\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-05-07 00:27]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube to MP3 Converter - c:\users\Irene\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Öffnen mit WordPerfect - c:\program files\WordPerfect Office X3\Programs\WPLauncher.hta
TCP: DhcpNameServer = 192.168.2.1
DPF: {4BFD075D-C36E-4F28-BB0A-5D472795197A} - hxxp://powersoccer.spielen.com/applet/PowerLoader.cab
FF - ProfilePath - c:\users\Irene\AppData\Roaming\Mozilla\Firefox\Profiles\iotqo5cx.default\
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - prefs.js: browser.startup.homepage - hxxp://home.sweetim.com/?barid={9FD340B0-FBF2-11E0-ABB1-001D607B2AD6}
FF - prefs.js: browser.search.selectedEngine - SweetIM Search
FF - prefs.js: browser.search.defaulturl - 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-AuditVista - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2011-10-24 23:25
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"=hex:51,66,7a,6c,4c,1d,38,12,f1,9d,97,
   02,e5,86,37,08,c7,6b,3b,0b,78,35,a4,a7
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,
   aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
   fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
   b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:37,75,5b,f6,86,92,cc,01
.
[HKEY_USERS\S-1-5-21-1736235967-2657770174-236075978-1001\Software\SecuROM\License information*]
"datasecu"=hex:a3,ba,7d,2f,ce,7c,2d,39,d2,42,72,52,da,f2,ba,cb,59,ff,ae,65,33,
   2b,4d,db,94,90,e3,0c,49,a0,ac,35,c5,62,31,06,4c,1b,f5,57,77,b7,1c,8a,b8,e5,\
"rkeysecu"=hex:83,ed,3f,4d,06,65,17,41,f4,78,89,2c,af,0f,a7,67
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3536)
c:\program files\Mozilla Firefox\PhotoImpression 5\share\pihook.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\brss01a.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\PSIService.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\conime.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
c:\windows\RtHDVCpl.exe
c:\program files\Brother\ControlCenter3\brccMCtl.exe
c:\windows\ehome\ehmsas.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-10-24  23:33:06 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-10-24 21:32
.
Vor Suchlauf: 13 Verzeichnis(se), 342.766.788.608 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 342.354.743.296 Bytes frei
.
- - End Of File - - FCF0B272A7A1EA2F1C8517E71DEF0BE2

--- --- ---
hilft dir das was?

markusg · 24.10.2011, 18:49

hi, nutzt du den pc für banking, einkäufe oder sonst was wichtiges?

booster123 · 24.10.2011, 18:54

kein banking aber manchmal eher seltten halt online was kaufen im kreditkarte ?!

23.10.2011, 16:37	#17
markusg /// Malware-holic	große pc probleme. mal log checken :) (silentrunners) es gibt mehrere möglichkeiten. 1. das geladene file ist kaputt, lösche es bitte und lads erneut runter. 2. die brenn geschwindigkeit verendern, auf langsamste. 3. anderen roling hersteller versuchen. 4. anderes brenn programm versuchen: http://www.trojaner-board.de/83208-b...ei-cd-dvd.html __________________ __________________

23.10.2011, 18:57	#21
markusg /// Malware-holic	große pc probleme. mal log checken :) (silentrunners) nein, diese datei ist schon die richtige, nutze sie ja auch sonst immer. hast du die tipps versucht, neu runterladen, langsamere brenn geschwindigkeit, anderes brenn programm andere rolinge? __________________ --> große pc probleme. mal log checken :) (silentrunners)

große pc probleme. mal log checken :) (silentrunners)

Log-Analyse und Auswertung: große pc probleme. mal log checken :) (silentrunners)