Fehler beim Laden von C:\Wondows\system32\sshnas.dll

laevalalala · 14.04.2010, 17:28

OTL logfile created on: 14.04.2010 18:19:49 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\Eva-Maria\Documents\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 40,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,99 Gb Total Space | 306,04 Gb Free Space | 67,11% Space Free | Partition Type: NTFS
Drive D: | 126,68 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: EVA-MARIAS-PC
Current User Name: Eva-Maria
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Eva-Maria\Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\EVA-MA~1\AppData\Local\Temp\vwYj.exe ()
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
PRC - C:\Users\Eva-Maria\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Programme\iTunes\iTunes.exe (Apple Inc.)
PRC - C:\Users\EVA-MA~1\AppData\Local\Temp\Df1.exe ()
PRC - C:\Windows\Dwymua.exe ()
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Users\EVA-MA~1\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerEvent.exe (Acer Incorporated)
PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.)
PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
PRC - C:\Programme\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
PRC - C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
PRC - C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.)
PRC - C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Programme\McAfee\MSK\msksrver.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - c:\Programme\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - c:\Programme\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Users\Eva-Maria\Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - c:\Programme\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
MOD - C:\Programme\Acer\Acer PowerSmart Manager\SysHook.dll (Acer Incorporated)
MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\GdiPlus.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (GoogleDesktopManager-093009-130223) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
SRV - (MWLService) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (NTI IScheduleSvc) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (mcmscsvc) -- C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Programme\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (NTISchedulerSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
SRV - (NTIBackupSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV - (MSK80Service) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\Programme\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (McProxy) -- c:\Programme\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Incorporated.)
DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Incorporated.)
DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Incorporated.)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (MPFP) -- C:\Windows\System32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (NSCIRDA) -- C:\Windows\System32\drivers\nscirda.sys (National Semiconductor Corporation)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_7735
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_7735
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.4.4.118
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB}:1.0.3
FF - prefs.js..extensions.enabledItems: {64e8cc5b-20db-4212-8320-178fc5ae71f7}:1.0
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.2
FF - prefs.js..extensions.enabledItems: silvermelxt@pardal.de:1.3.3
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.6
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: gutscheinmieze@synatix-gmbh.de:1.03
FF - prefs.js..extensions.enabledItems: {961408A3-C970-4577-970A-D97C29839A67}:1.3.3
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="

FF - user.js..browser.search.selectedEngine: "foxsearch"
FF - user.js..browser.search.order.1: "foxsearch"
FF - user.js..browser.search.defaultenginename: "foxsearch"
FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010.04.09 14:21:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.01.24 22:22:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.03.31 12:47:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.03.31 12:47:07 | 000,000,000 | ---D | M]

[2009.09.16 16:48:47 | 000,000,000 | ---D | M] -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Extensions
[2010.04.05 17:13:07 | 000,000,000 | ---D | M] -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions
[2009.09.16 17:01:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.01.25 16:20:13 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010.02.17 16:03:04 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.01.13 00:20:21 | 000,000,000 | ---D | M] (FaceMod Dislike Button) -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\{64e8cc5b-20db-4212-8320-178fc5ae71f7}
[2010.03.21 17:11:43 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.03.06 10:57:34 | 000,000,000 | ---D | M] (Charamel) -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\{961408A3-C970-4577-970A-D97C29839A67}
[2010.01.08 14:58:22 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.03.06 10:57:33 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2010.03.23 18:12:41 | 000,000,000 | ---D | M] -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\gutscheinmieze@synatix-gmbh.de
[2009.09.30 12:16:35 | 000,000,000 | ---D | M] -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\moveplayer@movenetworks.com
[2010.03.21 17:11:43 | 000,000,000 | ---D | M] -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\personas@christopher.beard
[2010.03.21 17:11:44 | 000,000,000 | ---D | M] -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\piclens@cooliris.com
[2010.03.06 10:57:34 | 000,000,000 | ---D | M] -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\silvermelxt@pardal.de
[2010.02.12 03:16:38 | 000,000,000 | ---D | M] -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\toolbar@ask.com
[2010.02.04 17:45:40 | 000,002,254 | ---- | M] () -- C:\Users\Eva-Maria\AppData\Roaming\Mozilla\FireFox\Profiles\jy1c4yrj.default\searchplugins\askcom.xml
[2010.03.28 17:45:22 | 000,000,950 | ---- | M] () -- C:\Users\Eva-Maria\AppData\Roaming\Mozilla\FireFox\Profiles\jy1c4yrj.default\searchplugins\icqplugin-1.xml
[2010.01.19 21:17:07 | 000,000,961 | ---- | M] () -- C:\Users\Eva-Maria\AppData\Roaming\Mozilla\FireFox\Profiles\jy1c4yrj.default\searchplugins\icqplugin-2.xml
[2010.03.14 12:53:30 | 000,000,950 | ---- | M] () -- C:\Users\Eva-Maria\AppData\Roaming\Mozilla\FireFox\Profiles\jy1c4yrj.default\searchplugins\icqplugin-3.xml
[2010.03.23 18:16:42 | 000,000,950 | ---- | M] () -- C:\Users\Eva-Maria\AppData\Roaming\Mozilla\FireFox\Profiles\jy1c4yrj.default\searchplugins\icqplugin-4.xml
[2008.03.31 13:52:00 | 000,000,168 | ---- | M] () -- C:\Users\Eva-Maria\AppData\Roaming\Mozilla\FireFox\Profiles\jy1c4yrj.default\searchplugins\icqplugin.gif
[2008.03.31 13:52:00 | 000,000,618 | ---- | M] () -- C:\Users\Eva-Maria\AppData\Roaming\Mozilla\FireFox\Profiles\jy1c4yrj.default\searchplugins\icqplugin.src
[2008.07.10 14:07:28 | 000,000,944 | ---- | M] () -- C:\Users\Eva-Maria\AppData\Roaming\Mozilla\FireFox\Profiles\jy1c4yrj.default\searchplugins\icqplugin.xml
[2009.12.03 21:51:36 | 000,003,915 | ---- | M] () -- C:\Users\Eva-Maria\AppData\Roaming\Mozilla\FireFox\Profiles\jy1c4yrj.default\searchplugins\sweetim.xml
[2010.03.28 17:45:22 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.01.19 21:07:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.03.23 18:14:51 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.04.11 00:34:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}
[2010.03.19 10:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Programme\Mozilla Firefox\plugins\npmieze.dll
[2010.03.14 12:53:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.14 12:53:00 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.23 18:12:42 | 000,000,143 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\foxsearch.src
[2010.03.14 12:53:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.14 12:53:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.14 12:53:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Eva-Maria\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Eva-Maria\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AmIcoSinglun] C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKCU..\Run: [YVIBBBHA8C] C:\Users\EVA-MA~1\AppData\Local\Temp\Df1.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -Mozilla\5.0_(Windows;_U;_Windows_NT_6.0;_en-US)_AppleWebKit\532.5_(KHTML,_like_Gecko)_Chrome\4.1.249.1045_Safari\532.5 - File not found
O4 - Startup: C:\Users\Eva-Maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Eva-Maria\Pictures\2010\MeranBozen\DSC08437.JPG
O24 - Desktop BackupWallPaper: C:\Users\Eva-Maria\Pictures\2010\MeranBozen\DSC08437.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.04.14 14:12:24 | 000,000,000 | ---D | C] -- C:\Users\Eva-Maria\AppData\Roaming\Malwarebytes
[2010.04.14 14:12:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.14 14:12:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.04.14 14:12:10 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.14 14:12:10 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.04.11 00:40:10 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010.04.11 00:28:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2010.04.11 00:28:31 | 000,000,000 | ---D | C] -- C:\Programme\Security Task Manager
[2010.04.02 19:57:27 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010.03.31 12:51:38 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.03.31 12:51:32 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2010.03.31 12:51:32 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.03.31 12:46:14 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2010.03.31 12:39:12 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2010.03.31 12:39:09 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.03.31 12:35:13 | 000,000,000 | ---D | C] -- C:\Programme\Safari
[2010.03.31 12:12:53 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.03.31 12:12:51 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.03.31 12:12:50 | 000,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.03.31 12:12:50 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010.03.31 12:12:50 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.03.31 12:12:49 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.03.31 12:12:49 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.03.31 12:12:48 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.03.31 12:12:48 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.03.31 12:12:47 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.03.31 12:12:45 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.03.26 20:25:52 | 000,000,000 | ---D | C] -- C:\Users\Eva-Maria\Documents\Downloads
[2010.03.23 18:30:44 | 000,000,000 | ---D | C] -- C:\Users\Eva-Maria\AppData\Roaming\skypePM
[2010.03.23 18:15:55 | 000,000,000 | ---D | C] -- C:\Users\Eva-Maria\AppData\Roaming\Skype
[2010.03.23 18:13:56 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2010.03.23 18:13:52 | 000,000,000 | R--D | C] -- C:\Programme\Skype
[2010.03.23 18:13:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010.03.23 18:12:29 | 000,000,000 | ---D | C] -- C:\Users\Eva-Maria\AppData\Roaming\Gutscheinmieze
[2010.03.21 17:12:01 | 000,000,000 | ---D | C] -- C:\Users\Eva-Maria\AppData\Local\Cooliris
[2010.03.17 21:53:42 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2010.03.17 21:53:42 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[2009.07.21 10:28:54 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

[2010.04.14 18:21:01 | 000,024,131 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2010.04.14 18:19:50 | 004,194,304 | -HS- | M] () -- C:\Users\Eva-Maria\NTUSER.DAT
[2010.04.14 18:19:00 | 000,000,482 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan for Eva-Maria.job
[2010.04.14 18:13:02 | 000,000,300 | -H-- | M] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010.04.14 17:37:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.04.14 17:32:52 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\ixuj.sys
[2010.04.14 17:24:01 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1313689582-3900863286-3496430324-1000UA.job
[2010.04.14 16:51:23 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.04.14 16:51:23 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.04.14 15:37:03 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.04.14 15:24:35 | 000,000,128 | -H-- | M] () -- C:\Users\Eva-Maria\Documents\.~lock.semesterarbeit kunst.odt#
[2010.04.14 14:12:16 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.14 12:55:09 | 000,006,836 | ---- | M] () -- C:\Users\Eva-Maria\AppData\Local\d3d9caps.dat
[2010.04.14 12:55:09 | 000,000,552 | ---- | M] () -- C:\Users\Eva-Maria\AppData\Local\d3d8caps.dat
[2010.04.14 12:51:42 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.04.14 12:51:06 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.04.14 12:51:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.04.13 23:08:25 | 000,524,288 | -HS- | M] () -- C:\Users\Eva-Maria\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.04.13 23:08:25 | 000,065,536 | -HS- | M] () -- C:\Users\Eva-Maria\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.04.13 22:31:26 | 000,023,086 | ---- | M] () -- C:\Users\Eva-Maria\Documents\der heilige-exemplarische mensch reli.odt
[2010.04.13 16:55:24 | 003,429,528 | -H-- | M] () -- C:\Users\Eva-Maria\AppData\Local\IconCache.db
[2010.04.13 16:50:29 | 000,019,413 | ---- | M] () -- C:\Users\Eva-Maria\Documents\portfolio bus.odt
[2010.04.13 15:02:07 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.04.13 15:02:07 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.04.13 15:02:07 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.04.13 15:02:06 | 001,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.04.13 15:02:06 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.04.12 18:24:00 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1313689582-3900863286-3496430324-1000Core.job
[2010.04.11 21:46:08 | 000,028,066 | ---- | M] () -- C:\Users\Eva-Maria\Documents\Frauen%20in%20der%20nachkriegszeit%20p-seminar%20ausdrucken.odt_0.odt
[2010.04.11 21:30:08 | 000,024,145 | ---- | M] () -- C:\Users\Eva-Maria\Documents\semesterarbeit kunst.odt
[2010.04.11 17:32:35 | 000,000,128 | -H-- | M] () -- C:\Users\Eva-Maria\Documents\.~lock.Frauen in der nachkriegszeit p-seminar ausdrucken.odt#
[2010.04.11 00:51:01 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010.04.11 00:40:03 | 000,001,019 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.04.05 18:45:19 | 000,014,468 | ---- | M] () -- C:\Users\Eva-Maria\Documents\fb smiliesy.odt
[2010.04.05 17:43:51 | 000,012,800 | ---- | M] () -- C:\Users\Eva-Maria\Documents\Lebenslauf.doc
[2010.04.04 11:47:42 | 000,118,272 | ---- | M] () -- C:\Users\Eva-Maria\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.02 14:24:58 | 000,002,109 | ---- | M] () -- C:\Users\Eva-Maria\Desktop\Google Chrome.lnk
[2010.04.01 20:42:52 | 000,485,888 | ---- | M] () -- C:\Users\Eva-Maria\Documents\Bewerbungsformular.Lena.doc
[2010.04.01 14:33:24 | 000,007,856 | ---- | M] () -- C:\Users\Eva-Maria\.recently-used.xbel
[2010.03.31 12:52:44 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.03.31 12:46:48 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.03.31 12:35:21 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010.03.31 08:16:15 | 000,025,844 | ---- | M] () -- C:\Users\Eva-Maria\Documents\Frauen in der nachkriegszeit p-seminar ausdrucken.odt
[2010.03.29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.03.29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.03.24 21:13:27 | 000,165,376 | ---- | M] () -- C:\Windows\Dwymua.exe
[2010.03.24 00:09:37 | 000,012,865 | ---- | M] () -- C:\Users\Eva-Maria\Documents\portfolio pseminar.odt
[2010.03.23 18:30:47 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010.03.23 18:13:57 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.03.22 22:39:20 | 000,057,002 | ---- | M] () -- C:\Users\Eva-Maria\Documents\sport gerätturnen.odt
[2010.03.22 21:45:05 | 000,058,414 | ---- | M] () -- C:\Users\Eva-Maria\Documents\sport gerätturnen handout.odt
[2010.03.21 16:42:59 | 000,037,005 | ---- | M] () -- C:\Users\Eva-Maria\Documents\sozi.odt
[2010.03.17 21:53:42 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2010.03.17 21:53:42 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts

========== Files Created - No Company Name ==========

[2010.04.14 17:33:07 | 000,000,300 | -H-- | C] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010.04.14 17:32:52 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\ixuj.sys
[2010.04.14 15:24:35 | 000,000,128 | -H-- | C] () -- C:\Users\Eva-Maria\Documents\.~lock.semesterarbeit kunst.odt#
[2010.04.14 14:12:16 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.14 12:55:09 | 000,000,552 | ---- | C] () -- C:\Users\Eva-Maria\AppData\Local\d3d8caps.dat
[2010.04.13 22:31:24 | 000,023,086 | ---- | C] () -- C:\Users\Eva-Maria\Documents\der heilige-exemplarische mensch reli.odt
[2010.04.13 21:41:13 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.04.12 16:45:11 | 000,028,066 | ---- | C] () -- C:\Users\Eva-Maria\Documents\Frauen%20in%20der%20nachkriegszeit%20p-seminar%20ausdrucken.odt_0.odt
[2010.04.11 17:32:35 | 000,000,128 | -H-- | C] () -- C:\Users\Eva-Maria\Documents\.~lock.Frauen in der nachkriegszeit p-seminar ausdrucken.odt#
[2010.04.11 00:40:03 | 000,001,019 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.04.10 21:01:41 | 000,024,145 | ---- | C] () -- C:\Users\Eva-Maria\Documents\semesterarbeit kunst.odt
[2010.04.05 18:45:19 | 000,014,468 | ---- | C] () -- C:\Users\Eva-Maria\Documents\fb smiliesy.odt
[2010.04.01 20:42:47 | 000,485,888 | ---- | C] () -- C:\Users\Eva-Maria\Documents\Bewerbungsformular.Lena.doc
[2010.04.01 14:33:24 | 000,007,856 | ---- | C] () -- C:\Users\Eva-Maria\.recently-used.xbel
[2010.03.31 12:52:44 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.03.31 12:46:48 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.03.31 12:35:21 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2010.03.26 19:20:36 | 000,002,109 | ---- | C] () -- C:\Users\Eva-Maria\Desktop\Google Chrome.lnk
[2010.03.26 19:19:00 | 000,001,134 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1313689582-3900863286-3496430324-1000UA.job
[2010.03.26 19:19:00 | 000,001,082 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1313689582-3900863286-3496430324-1000Core.job
[2010.03.25 17:09:10 | 000,025,844 | ---- | C] () -- C:\Users\Eva-Maria\Documents\Frauen in der nachkriegszeit p-seminar ausdrucken.odt
[2010.03.24 21:13:32 | 000,165,376 | ---- | C] () -- C:\Windows\Dwymua.exe
[2010.03.23 18:30:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.03.23 18:13:57 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.03.23 00:10:37 | 000,019,413 | ---- | C] () -- C:\Users\Eva-Maria\Documents\portfolio bus.odt
[2010.01.07 12:13:38 | 000,151,008 | ---- | C] () -- C:\Users\Eva-Maria\Orial Bold.ttf
[2010.01.05 22:54:27 | 000,000,088 | ---- | C] () -- C:\Users\Eva-Maria\VISIT DIRT2.COM FOR USAGE.txt
[2010.01.05 22:54:20 | 000,008,128 | ---- | C] () -- C:\Users\Eva-Maria\little bliss bold.otf
[2010.01.05 22:52:41 | 000,008,280 | ---- | C] () -- C:\Users\Eva-Maria\little bliss.otf
[2010.01.05 22:25:26 | 000,011,496 | ---- | C] () -- C:\Users\Eva-Maria\little bliss bold.ttf
[2010.01.05 11:53:00 | 000,050,566 | ---- | C] () -- C:\Users\Eva-Maria\littlebliss.jpg
[2010.01.05 11:33:10 | 000,011,528 | ---- | C] () -- C:\Users\Eva-Maria\little bliss.ttf
[2009.12.24 23:46:26 | 000,001,089 | ---- | C] () -- C:\Users\Eva-Maria\ScriptSERIF - READ ME.txt
[2009.12.23 15:46:43 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2009.12.23 15:46:43 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009.12.23 15:36:08 | 000,113,152 | ---- | C] () -- C:\Users\Eva-Maria\1031.MST
[2009.12.23 15:36:08 | 000,015,832 | ---- | C] () -- C:\Users\Eva-Maria\0x0407.ini
[2009.12.23 15:35:58 | 097,979,392 | ---- | C] () -- C:\Users\Eva-Maria\Samsung New PC Studio.msi
[2009.12.22 20:40:18 | 000,298,828 | ---- | C] () -- C:\Users\Eva-Maria\script_serif.ttf
[2009.12.22 20:30:56 | 000,280,209 | ---- | C] () -- C:\Users\Eva-Maria\scriptSERIF_sample.jpg
[2009.12.22 20:04:42 | 000,242,864 | ---- | C] () -- C:\Users\Eva-Maria\script_serif_riptrash.ttf
[2009.11.15 12:45:44 | 000,537,011 | ---- | C] () -- C:\Users\Eva-Maria\ billy argel beyaond sky font.jpg
[2009.11.15 12:37:34 | 000,516,096 | ---- | C] () -- C:\Users\Eva-Maria\BEYONDSKTRIAL.ttf
[2009.11.15 11:19:36 | 000,000,134 | ---- | C] () -- C:\Users\Eva-Maria\READ ME.txt
[2009.09.20 11:21:32 | 000,014,336 | -H-- | C] () -- C:\Users\Eva-Maria\photothumb.db
[2009.09.17 13:25:41 | 000,087,349 | ---- | C] () -- C:\Users\Eva-Maria\0405_09780_happy_birthday.jpg
[2009.09.13 01:03:19 | 000,242,200 | ---- | C] () -- C:\Users\Eva-Maria\acer-code.jpg
[2009.09.03 15:46:08 | 000,002,712 | ---- | C] () -- C:\Users\Eva-Maria\JOEBOB graphics free trial font users license.txt
[2009.08.26 08:27:16 | 000,006,836 | ---- | C] () -- C:\Users\Eva-Maria\AppData\Local\d3d9caps.dat
[2009.08.25 23:47:23 | 000,001,072 | ---- | C] () -- C:\Users\Eva-Maria\AppData\Roaming\wklnhst.dat
[2009.08.22 01:11:33 | 000,118,272 | ---- | C] () -- C:\Users\Eva-Maria\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.12 17:41:40 | 004,194,304 | -HS- | C] () -- C:\Users\Eva-Maria\NTUSER.DAT
[2009.08.12 17:41:40 | 000,524,288 | -HS- | C] () -- C:\Users\Eva-Maria\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2009.08.12 17:41:40 | 000,524,288 | -HS- | C] () -- C:\Users\Eva-Maria\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009.08.12 17:41:40 | 000,262,144 | -H-- | C] () -- C:\Users\Eva-Maria\ntuser.dat.LOG1
[2009.08.12 17:41:40 | 000,065,536 | -HS- | C] () -- C:\Users\Eva-Maria\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009.08.12 17:41:40 | 000,000,020 | -HS- | C] () -- C:\Users\Eva-Maria\ntuser.ini
[2009.08.12 17:41:40 | 000,000,000 | -H-- | C] () -- C:\Users\Eva-Maria\ntuser.dat.LOG2
[2009.07.21 10:16:20 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009.07.21 10:16:20 | 000,011,264 | ---- | C] () -- C:\Windows\System32\atimuixx.dll
[2009.07.21 01:52:22 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2009.07.21 01:44:57 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2009.07.21 01:44:56 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2009.04.26 15:05:36 | 000,521,608 | ---- | C] () -- C:\Users\Eva-Maria\vtks Deja Vu.ttf
[2009.03.12 12:32:52 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009.03.12 05:26:46 | 000,004,516 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe2.log
[2009.02.11 22:03:58 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009.02.11 22:03:58 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009.02.11 22:03:57 | 000,000,060 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2008.10.26 15:03:52 | 000,147,604 | ---- | C] () -- C:\Users\Eva-Maria\FPENSTRIAL.ttf
[2008.10.26 15:03:52 | 000,104,352 | ---- | C] () -- C:\Users\Eva-Maria\FPENSTRIAL.otf
[2007.10.25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.12.10 07:56:24 | 000,047,272 | ---- | C] () -- C:\Users\Eva-Maria\FairyDustB.ttf
[2005.10.23 22:46:42 | 000,057,560 | ---- | C] () -- C:\Users\Eva-Maria\Anywhere.ttf
[2005.08.04 09:28:04 | 000,000,286 | ---- | C] () -- C:\Users\Eva-Maria\readme.txt
[2005.08.04 09:23:30 | 000,193,572 | ---- | C] () -- C:\Users\Eva-Maria\kiralynn__.ttf
[2005.05.11 03:39:36 | 000,085,808 | ---- | C] () -- C:\Users\Eva-Maria\MINUS___.TTF
[2005.03.04 19:40:38 | 000,039,648 | ---- | C] () -- C:\Users\Eva-Maria\konanur.ttf
[2004.10.27 20:24:44 | 000,034,788 | ---- | C] () -- C:\Users\Eva-Maria\Flat Earth Scribe.ttf
[2000.07.13 11:12:46 | 000,000,430 | ---- | C] () -- C:\Users\Eva-Maria\font info.txt
[1998.10.01 23:13:48 | 000,084,704 | ---- | C] () -- C:\Users\Eva-Maria\Kelt Caps Freehand.ttf

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:3B3A35EC
< End of report >

Chris4You · 14.04.2010, 19:05

Hi,

da ist noch einiges übrig...

Schau-ma(h)-mal:

Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:

Als erstes versteckte Dateien

anzeigen lassen!
(nur Punkt 1 durchführen!)

Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:

Code:

ATTFilter

C:\Users\EVA-MA~1\AppData\Local\Temp\Df1.exe
C:\Windows\System32\drivers\ixuj.sys
C:\Users\EVA-MA~1\AppData\Local\Temp\vwYj.exe
C:\Windows\Dwymua.exe

Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)

Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag
einfügen.

Wichtig: Auch die Größenangabe sowie den
HASH mit kopieren!

Hoffen wir mal, dass sich nicht neues dadurch eingeschlichen hat...

Doppelklick auf die OTL.exe, um das Programm auszuführen.

Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.

Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"

Code:

ATTFilter

:OTL

PRC - C:\Users\EVA-MA~1\AppData\Local\Temp\vwYj.exe ()
PRC - C:\Users\EVA-MA~1\AppData\Local\Temp\Df1.exe ()
PRC - C:\Windows\Dwymua.exe ()
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.4.4.118
[2010.02.12 03:16:38 | 000,000,000 | ---D | M] -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\toolbar@ask.com
[2010.02.04 17:45:40 | 000,002,254 | ---- | M] () -- C:\Users\Eva-Maria\AppData\Roaming\Mozilla\FireFox\Profiles\jy1c4yrj.default\searchplugins\askcom.xml
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKCU..\Run: [YVIBBBHA8C] C:\Users\EVA-MA~1\AppData\Local\Temp\Df1.exe ()
[2010.04.14 17:32:52 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\ixuj.sys
[2010.04.14 18:13:02 | 000,000,300 | -H-- | M] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010.03.24 21:13:27 | 000,165,376 | ---- | M] () -- C:\Windows\Dwymua.exe
:Commands
[emptytemp]
[Reboot]

Den roten Run Fixes! Button anklicken.

Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.

Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:

%systemroot%\_OTL

Danach MAM updaten und ein neuer kompletter Suchlauf, Log posten...

Und noch mal OTL, nur das "normale" Log, nicht die Extras...

chris

laevalalala · 14.04.2010, 19:43

Ein Feld "durchsuchen" habe ich nicht gefunden, aber ich habe die Dateien einfach mal geöffnet...

Datei Df1.exe empfangen 2010.04.14 18:41:04 (UTC)
Status: Beendet
Ergebnis: 22/40 (55%)
Filter
Drucken der Ergebnisse
Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.50 2010.04.14 -
AhnLab-V3 5.0.0.2 2010.04.14 Win-Trojan/Mdjob.159232.H
AntiVir 7.10.6.77 2010.04.14 TR/Dldr.Renos.KF.794
Antiy-AVL 2.0.3.7 2010.04.14 -
Authentium 5.2.0.5 2010.04.14 W32/FakeAlert.FT.gen!Eldorado
Avast 4.8.1351.0 2010.04.14 Win32:Trojan-gen
Avast5 5.0.332.0 2010.04.14 Win32:Trojan-gen
AVG 9.0.0.787 2010.04.14 Downloader.Agent2.UFG
BitDefender 7.2 2010.04.14 -
CAT-QuickHeal 10.00 2010.04.14 Win32.Packed.Krap.as.4
ClamAV 0.96.0.3-git 2010.04.14 -
Comodo 4597 2010.04.14 Win32.PkdKrap.AS
DrWeb 5.0.2.03300 2010.04.14 -
eSafe 7.0.17.0 2010.04.14 -
eTrust-Vet 35.2.7426 2010.04.14 Win32/FakeAlert.D!generic
F-Prot 4.5.1.85 2010.04.14 W32/FakeAlert.FT.gen!Eldorado
F-Secure 9.0.15370.0 2010.04.14 Trojan-Downloader:W32/Renos.gen!C
Fortinet 4.0.14.0 2010.04.12 -
GData 19 2010.04.14 Win32:Trojan-gen
Ikarus T3.1.1.80.0 2010.04.14 -
Jiangmin 13.0.900 2010.04.13 -
Kaspersky 7.0.0.125 2010.04.14 -
McAfee 5.400.0.1158 2010.04.14 Downloader-CEW
McAfee-GW-Edition 6.8.5 2010.04.14 Trojan.Dldr.Renos.KF.794
Microsoft 1.5605 2010.04.14 TrojanDownloader:Win32/Renos.KF
NOD32 5029 2010.04.14 a variant of Win32/Kryptik.DFA
Norman 6.04.11 2010.04.14 -
nProtect 2010-04-14.01 2010.04.14 -
Panda 10.0.2.7 2010.04.14 Generic Trojan
PCTools 7.0.3.5 2010.04.14 -
Prevx 3.0 2010.04.14 Medium Risk Malware
Rising 22.43.02.04 2010.04.14 -
Sophos 4.52.0 2010.04.14 Mal/FakeAV-CX
Sunbelt 6176 2010.04.14 -
Symantec 20091.2.0.41 2010.04.14 Trojan.FakeAV!gen24
TheHacker 6.5.2.0.261 2010.04.14 -
TrendMicro 9.120.0.1004 2010.04.14 TROJ_RENOS.SMD
VBA32 3.12.12.4 2010.04.14 -
ViRobot 2010.4.14.2276 2010.04.14 -
VirusBuster 5.0.27.0 2010.04.14 Trojan.Codecpack.Gen.4
weitere Informationen
File size: 159232 bytes
MD5...: fd0940e33de88fffb28564af91b466cf
SHA1..: f07bfa5a0642e88536b02b31e410a8a59ef42a07
SHA256: 0d08cc70a032d65d0eda68eec4a07b4c4aec077e45e4241b27c20a1cf921107f
ssdeep: 3072:7BqCj5v+BrYC7utMngCAS9QItJ6ee1iWSr5jx+/Fc4RN87BAc4bw:7Bq0mp
yungGTe8W25jxuI
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x729a
timedatestamp.....: 0x4a5102d7 (Sun Jul 05 19:45:27 2009)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
text 0x1000 0x7ea2 0x8000 5.72 6ee7e7f2530fdfe4313227263d49bbab
DATA 0x9000 0x319d5 0x1ca00 7.58 b9448e52b551af3d7197ec5b651a1f70
.data 0x3b000 0x1420 0x1600 4.90 bb814b8564a54ae98310f7f07aa79041
.bss 0x3d000 0x7df 0x800 0.00 c99a74c555371a433d121f551d6c6398

( 14 imports )
> comdlg32.dll: GetSaveFileNameA, GetOpenFileNameA, GetFileTitleA, ChooseColorA, FindTextA
> GDI32.dll: SetTextColor, CreateDIBitmap, GetCurrentPositionEx, SelectObject, GetBitmapBits, BitBlt, CreateFontIndirectA, SaveDC
> USER32.dll: GetWindow, EnumWindows, GetScrollInfo, EndDeferWindowPos, CharNextA, GetWindowTextA, GetIconInfo, DrawEdge, GetLastActivePopup, EnumChildWindows, CreateIcon, EnableMenuItem, DrawTextA, GetCursor, IsDialogMessageA, GetMenuItemID, ShowWindow, DispatchMessageA, GetDesktopWindow, SetWindowPos, GetDCEx, GetMenu, EqualRect, TrackPopupMenu, GetKeyState, CreateWindowExA, DefWindowProcA, CharLowerA, EnableScrollBar, CharToOemA, GetForegroundWindow, EnableWindow, EndPaint, EnumThreadWindows, DeferWindowPos, DefMDIChildProcA, ClientToScreen, BeginDeferWindowPos, GetSysColorBrush, GetScrollRange, GetScrollPos, GetMenuItemInfoA, DrawIcon, DrawMenuBar, MessageBoxA, CreatePopupMenu, GetClassLongA, GetCapture, CallWindowProcA, GetMessagePos, DrawFrameControl, SetWindowTextA, SetTimer, GetMenuStringA, GetParent, GetActiveWindow, IsChild, SetCursor, GetKeyNameTextA, GetClassInfoA, DefFrameProcA, FillRect, CreateMenu, GetSysColor, IsWindowVisible, GetMenuState, SetWindowLongA, DispatchMessageW, GetSubMenu, GetMenuItemCount, IsMenu, GetDC, GetFocus, DrawIconEx, GetPropA, FrameRect, CallNextHookEx, GetClipboardData, RegisterClassA, GetDlgItem, BeginPaint
> OLE32.dll: GetHGlobalFromStream, CreateStreamOnHGlobal, CoFreeUnusedLibraries
> comctl32.dll: ImageList_Destroy, ImageList_DragShowNolock
> shell32.dll: DragQueryFileA, SHGetFolderPathA, Shell_NotifyIconA, SHGetDiskFreeSpaceA, SHGetFileInfoA
> NTDLL.dll: wcscat, atoi, NtWaitForSingleObject, _wcsnicmp
> version.dll: GetFileVersionInfoA, VerQueryValueA, VerInstallFileA
> SHLWAPI.dll: SHQueryInfoKeyA, SHGetValueA, SHDeleteValueA, SHQueryValueExA
> oleaut32.dll: GetErrorInfo, SafeArrayCreate, SafeArrayGetElement, SafeArrayGetUBound, SysReAllocStringLen, RegisterTypeLib, SafeArrayUnaccessData, VariantChangeType, VariantCopyInd
> kernel32.dll: SetLastError, GetLastError, CompareStringA, lstrcpynA, ResetEvent, VirtualAllocEx, ExitProcess, SizeofResource, GetCurrentThreadId, LoadLibraryA, DeleteCriticalSection, GetCurrentProcessId, GetDiskFreeSpaceA, LocalAlloc, GetTickCount, GetCommandLineA, HeapDestroy, GetStringTypeA, SetEvent, ExitThread, VirtualAlloc, GlobalFindAtomA, WriteFile, lstrcatA, SetHandleCount, GetFullPathNameA, GetCPInfo, GetCurrentThread, MoveFileA, GetVersionExA, InitializeCriticalSection, GetSystemDefaultLangID, EnumCalendarInfoA, GetStartupInfoA, FormatMessageA, FindResourceA, SetThreadLocale, GlobalDeleteAtom, GetStdHandle, HeapAlloc, GetProcessHeap, FindClose, ReadFile, VirtualFree, lstrlenA, GetModuleHandleA, CreateThread
> OLE32.dll: CoFreeUnusedLibraries, OleCreateStaticFromData, PropVariantClear, CLSIDFromString, CreateStreamOnHGlobal, CoDisconnectObject
> msvcrt.dll: exit, sqrt, calloc, wcscspn, memmove, atol, wcstol, swprintf, srand, clock, memcpy, tolower, strlen, memset
> advapi32.dll: RegDeleteValueA

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (62.9%)
Win32 Executable Generic (14.2%)
Win32 Dynamic Link Library (generic) (12.6%)
Clipper DOS Executable (3.3%)
Generic Win/DOS Executable (3.3%)
<a href='hxxp://info.prevx.com/aboutprogramtext.asp?PX5=80835867002992206E270246B5CB2F00320B82B1' target='_blank'>hxxp://info.prevx.com/aboutprogramtext.asp?PX5=80835867002992206E270246B5CB2F00320B82B1</a>
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

laevalalala · 14.04.2010, 19:44

Die Datei wurde bereits analysiert:
MD5: e6d35f3aa51a65eb35c1f2340154a25e
First received: 2009.09.17 22:44:25 UTC
Datum 2010.04.14 17:49:54 UTC [<1D]
Ergebnisse 1/40
Permalink: analisis/3da4f51682e7d42c5569f1fb1adc6295182962e36f748219e1d0c8f2389ba516-1271267394

laevalalala · 14.04.2010, 19:44

Datei vwYj.exe empfangen 2010.04.14 18:39:24 (UTC)
Status: Beendet
Ergebnis: 5/40 (12.5%)
Filter
Drucken der Ergebnisse
Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.50 2010.04.14 -
AhnLab-V3 5.0.0.2 2010.04.14 -
AntiVir 7.10.6.77 2010.04.14 -
Antiy-AVL 2.0.3.7 2010.04.14 -
Authentium 5.2.0.5 2010.04.14 -
Avast 4.8.1351.0 2010.04.14 -
Avast5 5.0.332.0 2010.04.14 -
AVG 9.0.0.787 2010.04.14 -
BitDefender 7.2 2010.04.14 -
CAT-QuickHeal 10.00 2010.04.14 -
ClamAV 0.96.0.3-git 2010.04.14 -
Comodo 4597 2010.04.14 -
DrWeb 5.0.2.03300 2010.04.14 -
eSafe 7.0.17.0 2010.04.14 -
eTrust-Vet 35.2.7426 2010.04.14 -
F-Prot 4.5.1.85 2010.04.14 -
F-Secure 9.0.15370.0 2010.04.14 -
Fortinet 4.0.14.0 2010.04.12 -
GData 19 2010.04.14 -
Ikarus T3.1.1.80.0 2010.04.14 -
Jiangmin 13.0.900 2010.04.13 -
Kaspersky 7.0.0.125 2010.04.14 Packed.Win32.Krap.ao
McAfee 5.400.0.1158 2010.04.14 -
McAfee-GW-Edition 6.8.5 2010.04.14 -
Microsoft 1.5605 2010.04.14 PWS:Win32/Zbot.gen!R
NOD32 5029 2010.04.14 a variant of Win32/Kryptik.DQK
Norman 6.04.11 2010.04.14 -
nProtect 2010-04-14.01 2010.04.14 -
Panda 10.0.2.7 2010.04.14 Suspicious file
PCTools 7.0.3.5 2010.04.14 -
Prevx 3.0 2010.04.14 -
Rising 22.43.02.04 2010.04.14 -
Sophos 4.52.0 2010.04.14 -
Sunbelt 6176 2010.04.14 Trojan.Win32.Generic.pak!cobra
Symantec 20091.2.0.41 2010.04.14 -
TheHacker 6.5.2.0.261 2010.04.14 -
TrendMicro 9.120.0.1004 2010.04.14 -
VBA32 3.12.12.4 2010.04.14 -
ViRobot 2010.4.14.2276 2010.04.14 -
VirusBuster 5.0.27.0 2010.04.14 -
weitere Informationen
File size: 111104 bytes
MD5...: 257df8d793ad8609b30c008b8e491904
SHA1..: cf44a939470d4b9d5eb919e2ec97fb78cd5e0252
SHA256: 53ff9c7d97a12be2af9cd46499c3a19220aa0fc5951494fb423c8bee2b352818
ssdeep: 1536:GspP2RgmZ5de8wF0CUaxlFlje+vciKAnsv3vhKs8cSR2T+Wnw8yT5idlmfG
x9:7P2CMde8PZWN33tfsGcqWnw3APeGx9
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x402a0
timedatestamp.....: 0x43686d93 (Wed Nov 02 07:41:07 2005)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x25000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x26000 0x1b000 0x1a600 7.87 462b0db8c4e878081198b16a38ed2eae
.rsrc 0x41000 0x1000 0xa00 3.34 39f711d2abe2a5ae0e4e47e000f1e861

( 3 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
> ADVAPI32.dll: AddAccessAllowedAce
> COMDLG32.dll: ChooseFontA

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
packers (Kaspersky): PE_Patch.UPX, UPX
packers (F-Prot): UPX
Symantec Reputation Network: Suspicious.Insight hxxp://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99

laevalalala · 14.04.2010, 19:45

Datei Dwymua.exe empfangen 2010.04.14 18:32:53 (UTC)
Status: Beendet
Ergebnis: 23/40 (57.5%)
Filter
Drucken der Ergebnisse
Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.50 2010.04.14 -
AhnLab-V3 5.0.0.2 2010.04.14 Win-Trojan/Fakeav.165376.F
AntiVir 7.10.6.77 2010.04.14 TR/Dldr.Renos.KF.847
Antiy-AVL 2.0.3.7 2010.04.14 -
Authentium 5.2.0.5 2010.04.14 W32/FakeAlert.FT.gen!Eldorado
Avast 4.8.1351.0 2010.04.14 Win32:Trojan-gen
Avast5 5.0.332.0 2010.04.14 Win32:Trojan-gen
AVG 9.0.0.787 2010.04.14 Generic17.UUQ
BitDefender 7.2 2010.04.14 -
CAT-QuickHeal 10.00 2010.04.14 Win32.Packed.Krap.as.4
ClamAV 0.96.0.3-git 2010.04.14 -
Comodo 4597 2010.04.14 -
DrWeb 5.0.2.03300 2010.04.14 Trojan.DownLoad1.47680
eSafe 7.0.17.0 2010.04.14 -
eTrust-Vet 35.2.7426 2010.04.14 -
F-Prot 4.5.1.85 2010.04.14 W32/FakeAlert.FT.gen!Eldorado
F-Secure 9.0.15370.0 2010.04.14 Trojan-Downloader:W32/Renos.gen!C
Fortinet 4.0.14.0 2010.04.12 -
GData 19 2010.04.14 Win32:Trojan-gen
Ikarus T3.1.1.80.0 2010.04.14 -
Jiangmin 13.0.900 2010.04.13 -
Kaspersky 7.0.0.125 2010.04.14 -
McAfee 5.400.0.1158 2010.04.14 Downloader-CEW
McAfee-GW-Edition 6.8.5 2010.04.14 Heuristic.LooksLike.Trojan.Dldr.Renos.H
Microsoft 1.5605 2010.04.14 TrojanDownloader:Win32/Renos.KF
NOD32 5029 2010.04.14 a variant of Win32/Kryptik.DIR
Norman 6.04.11 2010.04.14 -
nProtect 2010-04-14.01 2010.04.14 -
Panda 10.0.2.7 2010.04.14 Generic Malware
PCTools 7.0.3.5 2010.04.14 -
Prevx 3.0 2010.04.14 Medium Risk Malware
Rising 22.43.02.04 2010.04.14 Backdoor.Win32.Undef.gha
Sophos 4.52.0 2010.04.14 Mal/FakeAV-CX
Sunbelt 6176 2010.04.14 -
Symantec 20091.2.0.41 2010.04.14 Trojan.FakeAV!gen24
TheHacker 6.5.2.0.261 2010.04.14 Trojan/Kryptik.dhi
TrendMicro 9.120.0.1004 2010.04.14 TROJ_RENOS.SMD
VBA32 3.12.12.4 2010.04.14 -
ViRobot 2010.4.14.2276 2010.04.14 -
VirusBuster 5.0.27.0 2010.04.14 Trojan.Codecpack.Gen.4
weitere Informationen
File size: 165376 bytes
MD5...: 8e38875abb0a98b8b18f7747635b6d08
SHA1..: 3bf6a6bf5ec59692572aaaffcfcf1caa097b3415
SHA256: cc4faf5ec2954af53c6883c6f5d390d86abddd03382da1d14564a3a764eb6c64
ssdeep: 3072:T8w+JNHe7YkjCp4hCMW89cp/3tJav8MCyBU0lnl99xGKif3ezd2oKHQUu:T
8vbkup4h19cBHRyBUgTaVOg7w
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x53d2
timedatestamp.....: 0x4a77d197 (Tue Aug 04 06:13:43 2009)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
text 0x1000 0x760e 0x7800 5.73 b0a1490f60726da1a84abf558d8289d5
.rdata 0x9000 0x1ebe7 0x1ec00 7.44 30be65ecbdea63a452b83446ca6d9514
.data 0x28000 0x16455 0x1600 4.77 fe3a26f2951793e3b8be2891d0586ada
.idata 0x3f000 0x684 0x800 0.00 c99a74c555371a433d121f551d6c6398

( 13 imports )
> comdlg32.dll: GetOpenFileNameA
> GDI32.dll: SetPixel, CreatePalette, GetDIBits, GetDIBColorTable, CreateFontIndirectA, SelectObject, CopyEnhMetaFileA, CreateDIBitmap, CreateBrushIndirect, BitBlt
> msvcrt.dll: mbstowcs, _acmdln, wcsncmp, strlen, sqrt, srand, wcscspn, swprintf, wcstol, tolower, memmove, memcpy
> shell32.dll: SHFileOperationA, SHGetDiskFreeSpaceA, Shell_NotifyIconA
> user32.dll: DrawIcon, GetDlgItem, FrameRect, GetActiveWindow, GetWindow, GetMenuStringA, GetCapture, EnableWindow, MessageBoxA, EnumThreadWindows, CharLowerBuffA, GetClassLongA, CharLowerA, RegisterClassA, IsChild, HideCaret, GetLastActivePopup, DefMDIChildProcA, EnableScrollBar, GetFocus, GetClipboardData, SetWindowPos, DrawMenuBar, GetForegroundWindow, GetMenuState, GetCursor, DeferWindowPos, GetMenuItemCount, FindWindowA, GetCursorPos, SetTimer, EnableMenuItem, GetParent, EndPaint, IsWindowVisible, DrawEdge, DrawTextA, CreateMenu, GetIconInfo, GetMenuItemID, GetWindowTextA, SetWindowTextA, GetMessagePos, DefWindowProcA, IsMenu, GetScrollInfo, IsWindowEnabled, FillRect, DrawFrameControl, GetSysColorBrush, CreatePopupMenu, GetScrollPos, GetClientRect, GetKeyNameTextA, GetClassInfoA, CreateIcon, GetMenuItemInfoA, SetWindowLongA, ClientToScreen, GetDesktopWindow, DispatchMessageA, GetPropA, BeginPaint, CharToOemA, IsDialogMessageA, GetSysColor, GetDCEx
> KERNEL32.dll: WaitForSingleObject, WriteFile, GetStartupInfoA, GetModuleHandleA, FindClose, GetEnvironmentStrings, GetLocaleInfoA, GetDiskFreeSpaceA, lstrcatA, GlobalAlloc, GetACP, SetThreadLocale, FormatMessageA, GetCurrentThread, GetProcessHeap, lstrcpynA, GetModuleFileNameA, GetCurrentThreadId, VirtualAlloc, lstrlenA, GetVersionExA, LoadResource, GetDateFormatA, VirtualQuery, LoadLibraryExA, FreeResource, GetFileAttributesA, ResetEvent, MoveFileExA, HeapAlloc, ExitThread, MoveFileA, GetFullPathNameA, GetThreadLocale, HeapFree, DeleteFileA, EnumCalendarInfoA, GlobalDeleteAtom, GetCommandLineA, LocalFree, lstrcmpiA, VirtualAllocEx, GetStdHandle, GetStringTypeW, lstrcpyA, GetCPInfo, SetEndOfFile, GetOEMCP, FreeLibrary, GetCurrentProcessId, CreateEventA, FindFirstFileA, LoadLibraryA, MulDiv, EnterCriticalSection, CompareStringA, RaiseException
> NTDLL.dll: _wcsnicmp, RtlDeleteCriticalSection, atoi
> shlwapi.dll: SHDeleteKeyA, SHStrDupA
> OLE32.dll: ReleaseStgMedium, CoCreateGuid, StgOpenStorage, CLSIDFromProgID, CoTaskMemFree, StgCreateDocfileOnILockBytes, CoUninitialize
> ADVAPI32.dll: RegCreateKeyA, RegDeleteKeyA, RegLoadKeyA, RegQueryValueExA
> OLEAUT32.dll: OleLoadPicture, SysReAllocStringLen, SafeArrayPtrOfIndex, SafeArrayGetUBound, VariantChangeType, SafeArrayGetElement, SafeArrayUnaccessData, SafeArrayCreate, SysAllocStringLen, VariantCopyInd
> COMCTL32.dll: ImageList_GetBkColor, ImageList_Create, ImageList_DragShowNolock, ImageList_Draw, ImageList_Read, ImageList_Add, ImageList_Destroy, ImageList_Remove
> version.dll: GetFileVersionInfoSizeA

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (62.9%)
Win32 Executable Generic (14.2%)
Win32 Dynamic Link Library (generic) (12.6%)
Clipper DOS Executable (3.3%)
Generic Win/DOS Executable (3.3%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
<a href='hxxp://info.prevx.com/aboutprogramtext.asp?PX5=EF2BB1D700A23CBC864102CCACBFE1007C420787' target='_blank'>hxxp://info.prevx.com/aboutprogramtext.asp?PX5=EF2BB1D700A23CBC864102CCACBFE1007C420787</a>

laevalalala · 14.04.2010, 20:00

ich war gerade bei dem schritt mit dem runfix button, als es hieß dass der computer jetzt neugestartet werden müsse...
nachdem er wieder hochgefahren ist, kam folgendes fenster:

All processes killed
========== OTL ==========
No active process named vwYj.exe was found!
No active process named Df1.exe was found!
No active process named Dwymua.exe was found!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Programme\Ask.com\GenericAskToolbar.dll moved successfully.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: toolbar@ask.com:3.4.4.118 removed from extensions.enabledItems
C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\toolbar@ask.com\logs folder moved successfully.
C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\toolbar@ask.com\defaults folder moved successfully.
C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\toolbar@ask.com\datastore folder moved successfully.
C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sun-20-Sep-2009-14-11-03-GMT folder moved successfully.
C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-12-Feb-2010-01-16-40-GMT folder moved successfully.
C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\toolbar@ask.com\chrome\temp folder moved successfully.
C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\toolbar@ask.com\chrome folder moved successfully.
C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\toolbar@ask.com folder moved successfully.
C:\Users\Eva-Maria\AppData\Roaming\Mozilla\FireFox\Profiles\jy1c4yrj.default\searchplugins\askcom.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\YVIBBBHA8C deleted successfully.
C:\Users\EVA-MA~1\AppData\Local\Temp\Df1.exe moved successfully.
C:\Windows\System32\drivers\ixuj.sys moved successfully.
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job moved successfully.
C:\Windows\Dwymua.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 75 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Eva-Maria
->Temp folder emptied: 56416671 bytes
->Temporary Internet Files folder emptied: 270522110 bytes
->Java cache emptied: 51933414 bytes
->FireFox cache emptied: 48687422 bytes
->Google Chrome cache emptied: 483890430 bytes
->Apple Safari cache emptied: 21036224 bytes
->Flash cache emptied: 2102012 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33875043 bytes
RecycleBin emptied: 1245740910 bytes

Total Files Cleaned = 2.112,00 mb

OTL by OldTimer - Version 3.2.1.1 log created on 04142010_204741

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\mcafee_0rPnq1VBxAK1olO not found!
File\Folder C:\Windows\temp\mcmsc_HxWmg5letLh5aVz not found!
File\Folder C:\Windows\temp\mcmsc_IqubXiIKUFMbdkl not found!
File\Folder C:\Windows\temp\mcmsc_LHkUIDjDejQuzwE not found!
File\Folder C:\Windows\temp\mcmsc_QtNpnaTGw0CShvo not found!
C:\Windows\temp\sqlite_DkEfcA9J7abe59S moved successfully.
C:\Windows\temp\sqlite_pfBiijRhqjNe2ry moved successfully.
C:\Windows\temp\sqlite_xBBsanAblbuhNvS moved successfully.
C:\Windows\temp\sqlite_XFn2mazRlzC7oR6 moved successfully.

Registry entries deleted on Reboot...

Chris4You · 14.04.2010, 20:22

Hi,

teilweise waren die Einträge schon weg, allerdings hat OTL ein paar noch erwischt:

Code:

ATTFilter

C:\Users\EVA-MA~1\AppData\Local\Temp\Df1.exe moved successfully.
C:\Windows\System32\drivers\ixuj.sys moved successfully.
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job moved successfully.
C:\Windows\Dwymua.exe moved successfully.

Unbedingt MAM updaten und laufen lassen, eines davon war ein Trojandownloader und wie der Name schon sagt...

Danach Cureit:
http://www.trojaner-board.de/59299-a...eb-cureit.html
Nach Beendigung des Scans findes Du das Log unter %USERPROFILE%\DoctorWeb\CureIt.log.
Bevor du irgendwelche Aktionen unternimmst, kopiere bitte den Inhalt des Logs und poste ihn.
Die Log Datei ist sehr groß, ca. über 5MB Text. Benutzt einfach die Suche nach "infiziert" und kopiert betreffende Teile heraus, bevor Du sie postet.

chris

laevalalala · 15.04.2010, 17:38

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 3986

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

15.04.2010 18:36:12
mbam-log-2010-04-15 (18-36-12).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 272439
Laufzeit: 1 Stunde(n), 55 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\WEK9EMDHI9 (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wek9emdhi9 (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

laevalalala · 15.04.2010, 17:58

OTL logfile created on: 15.04.2010 18:51:10 - Run 2
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\Eva-Maria\Documents\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,99 Gb Total Space | 307,68 Gb Free Space | 67,48% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: EVA-MARIAS-PC
Current User Name: Eva-Maria
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\EVA-MA~1\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Users\Eva-Maria\Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
PRC - C:\Users\Eva-Maria\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerEvent.exe (Acer Incorporated)
PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.)
PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
PRC - C:\Programme\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
PRC - C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
PRC - C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.)
PRC - C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Programme\McAfee\MSK\msksrver.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - c:\Programme\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - c:\Programme\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Users\Eva-Maria\Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - c:\Programme\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
MOD - C:\Programme\Acer\Acer PowerSmart Manager\SysHook.dll (Acer Incorporated)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (GoogleDesktopManager-093009-130223) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
SRV - (MWLService) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (NTI IScheduleSvc) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (mcmscsvc) -- C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Programme\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (NTISchedulerSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
SRV - (NTIBackupSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV - (MSK80Service) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\Programme\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (McProxy) -- c:\Programme\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Incorporated.)
DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Incorporated.)
DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Incorporated.)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (MPFP) -- C:\Windows\System32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (NSCIRDA) -- C:\Windows\System32\drivers\nscirda.sys (National Semiconductor Corporation)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_7735
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_7735
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: ""
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB}:1.0.3
FF - prefs.js..extensions.enabledItems: {64e8cc5b-20db-4212-8320-178fc5ae71f7}:1.0
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.2
FF - prefs.js..extensions.enabledItems: silvermelxt@pardal.de:1.3.3
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.6
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: gutscheinmieze@synatix-gmbh.de:1.03
FF - prefs.js..extensions.enabledItems: {961408A3-C970-4577-970A-D97C29839A67}:1.3.3
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="

FF - user.js..browser.search.selectedEngine: "foxsearch"
FF - user.js..browser.search.order.1: "foxsearch"
FF - user.js..browser.search.defaultenginename: "foxsearch"
FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010.04.09 14:21:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.01.24 22:22:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.03.31 12:47:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.03.31 12:47:07 | 000,000,000 | ---D | M]

[2009.09.16 16:48:47 | 000,000,000 | ---D | M] -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Extensions
[2010.04.14 20:47:52 | 000,000,000 | ---D | M] -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions
[2009.09.16 17:01:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.01.25 16:20:13 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010.02.17 16:03:04 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.01.13 00:20:21 | 000,000,000 | ---D | M] (FaceMod Dislike Button) -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\{64e8cc5b-20db-4212-8320-178fc5ae71f7}
[2010.03.21 17:11:43 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.03.06 10:57:34 | 000,000,000 | ---D | M] (Charamel) -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\{961408A3-C970-4577-970A-D97C29839A67}
[2010.01.08 14:58:22 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.03.06 10:57:33 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2010.03.23 18:12:41 | 000,000,000 | ---D | M] -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\gutscheinmieze@synatix-gmbh.de
[2009.09.30 12:16:35 | 000,000,000 | ---D | M] -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\moveplayer@movenetworks.com
[2010.03.21 17:11:43 | 000,000,000 | ---D | M] -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\personas@christopher.beard
[2010.03.21 17:11:44 | 000,000,000 | ---D | M] -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\piclens@cooliris.com
[2010.03.06 10:57:34 | 000,000,000 | ---D | M] -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\silvermelxt@pardal.de
[2010.03.28 17:45:22 | 000,000,950 | ---- | M] () -- C:\Users\Eva-Maria\AppData\Roaming\Mozilla\FireFox\Profiles\jy1c4yrj.default\searchplugins\icqplugin-1.xml
[2010.01.19 21:17:07 | 000,000,961 | ---- | M] () -- C:\Users\Eva-Maria\AppData\Roaming\Mozilla\FireFox\Profiles\jy1c4yrj.default\searchplugins\icqplugin-2.xml
[2010.03.14 12:53:30 | 000,000,950 | ---- | M] () -- C:\Users\Eva-Maria\AppData\Roaming\Mozilla\FireFox\Profiles\jy1c4yrj.default\searchplugins\icqplugin-3.xml
[2010.03.23 18:16:42 | 000,000,950 | ---- | M] () -- C:\Users\Eva-Maria\AppData\Roaming\Mozilla\FireFox\Profiles\jy1c4yrj.default\searchplugins\icqplugin-4.xml
[2008.03.31 13:52:00 | 000,000,168 | ---- | M] () -- C:\Users\Eva-Maria\AppData\Roaming\Mozilla\FireFox\Profiles\jy1c4yrj.default\searchplugins\icqplugin.gif
[2008.03.31 13:52:00 | 000,000,618 | ---- | M] () -- C:\Users\Eva-Maria\AppData\Roaming\Mozilla\FireFox\Profiles\jy1c4yrj.default\searchplugins\icqplugin.src
[2008.07.10 14:07:28 | 000,000,944 | ---- | M] () -- C:\Users\Eva-Maria\AppData\Roaming\Mozilla\FireFox\Profiles\jy1c4yrj.default\searchplugins\icqplugin.xml
[2009.12.03 21:51:36 | 000,003,915 | ---- | M] () -- C:\Users\Eva-Maria\AppData\Roaming\Mozilla\FireFox\Profiles\jy1c4yrj.default\searchplugins\sweetim.xml
[2010.03.28 17:45:22 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.01.19 21:07:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.03.23 18:14:51 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.04.11 00:34:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}
[2010.03.19 10:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Programme\Mozilla Firefox\plugins\npmieze.dll
[2010.03.14 12:53:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.14 12:53:00 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.23 18:12:42 | 000,000,143 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\foxsearch.src
[2010.03.14 12:53:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.14 12:53:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.14 12:53:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Eva-Maria\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Eva-Maria\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AmIcoSinglun] C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -Mozilla\5.0_(Windows;_U;_Windows_NT_6.0;_en-US)_AppleWebKit\532.5_(KHTML,_like_Gecko)_Chrome\4.1.249.1045_Safari\532.5 - File not found
O4 - Startup: C:\Users\Eva-Maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Eva-Maria\Pictures\2010\MeranBozen\DSC08437.JPG
O24 - Desktop BackupWallPaper: C:\Users\Eva-Maria\Pictures\2010\MeranBozen\DSC08437.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.04.14 20:47:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.04.14 14:12:24 | 000,000,000 | ---D | C] -- C:\Users\Eva-Maria\AppData\Roaming\Malwarebytes
[2010.04.14 14:12:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.14 14:12:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.04.14 14:12:10 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.14 14:12:10 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.04.14 13:03:50 | 003,598,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.04.14 13:03:49 | 003,545,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.04.14 13:03:46 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.04.14 13:02:20 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010.04.11 00:40:10 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010.04.11 00:28:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2010.04.11 00:28:31 | 000,000,000 | ---D | C] -- C:\Programme\Security Task Manager
[2010.04.02 19:57:27 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010.03.31 12:51:38 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.03.31 12:51:32 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2010.03.31 12:51:32 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.03.31 12:46:14 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2010.03.31 12:39:12 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2010.03.31 12:35:13 | 000,000,000 | ---D | C] -- C:\Programme\Safari
[2010.03.31 12:12:53 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.03.31 12:12:51 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.03.31 12:12:50 | 000,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.03.31 12:12:50 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010.03.31 12:12:50 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.03.31 12:12:49 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.03.31 12:12:49 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.03.31 12:12:48 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.03.31 12:12:48 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.03.31 12:12:47 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.03.31 12:12:45 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.03.26 20:25:52 | 000,000,000 | ---D | C] -- C:\Users\Eva-Maria\Documents\Downloads
[2010.03.23 18:30:44 | 000,000,000 | ---D | C] -- C:\Users\Eva-Maria\AppData\Roaming\skypePM
[2010.03.23 18:15:55 | 000,000,000 | ---D | C] -- C:\Users\Eva-Maria\AppData\Roaming\Skype
[2010.03.23 18:13:56 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2010.03.23 18:13:52 | 000,000,000 | R--D | C] -- C:\Programme\Skype
[2010.03.23 18:13:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010.03.23 18:12:29 | 000,000,000 | ---D | C] -- C:\Users\Eva-Maria\AppData\Roaming\Gutscheinmieze
[2010.03.21 17:12:01 | 000,000,000 | ---D | C] -- C:\Users\Eva-Maria\AppData\Local\Cooliris
[2010.03.17 21:53:42 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2010.03.17 21:53:42 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[2009.07.21 10:28:54 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

[2010.04.15 18:55:48 | 004,194,304 | -HS- | M] () -- C:\Users\Eva-Maria\NTUSER.DAT
[2010.04.15 18:42:12 | 000,024,131 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2010.04.15 18:42:05 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.04.15 18:41:41 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.04.15 18:41:08 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.04.15 18:41:07 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.04.15 18:41:02 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.04.15 18:40:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.04.15 18:39:07 | 000,524,288 | -HS- | M] () -- C:\Users\Eva-Maria\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.04.15 18:39:07 | 000,065,536 | -HS- | M] () -- C:\Users\Eva-Maria\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.04.15 18:37:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.04.15 18:24:00 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1313689582-3900863286-3496430324-1000UA.job
[2010.04.15 18:24:00 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1313689582-3900863286-3496430324-1000Core.job
[2010.04.14 23:38:56 | 003,431,414 | -H-- | M] () -- C:\Users\Eva-Maria\AppData\Local\IconCache.db
[2010.04.14 22:40:33 | 001,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.04.14 22:40:33 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.04.14 22:40:33 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.04.14 22:40:33 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.04.14 22:40:33 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.04.14 18:31:44 | 000,034,226 | ---- | M] () -- C:\Users\Eva-Maria\Documents\semesterarbeit kunst.odt
[2010.04.14 18:19:00 | 000,000,482 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan for Eva-Maria.job
[2010.04.14 14:12:16 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.14 12:55:09 | 000,006,836 | ---- | M] () -- C:\Users\Eva-Maria\AppData\Local\d3d9caps.dat
[2010.04.14 12:55:09 | 000,000,552 | ---- | M] () -- C:\Users\Eva-Maria\AppData\Local\d3d8caps.dat
[2010.04.13 22:31:26 | 000,023,086 | ---- | M] () -- C:\Users\Eva-Maria\Documents\der heilige-exemplarische mensch reli.odt
[2010.04.13 16:50:29 | 000,019,413 | ---- | M] () -- C:\Users\Eva-Maria\Documents\portfolio bus.odt
[2010.04.11 21:46:08 | 000,028,066 | ---- | M] () -- C:\Users\Eva-Maria\Documents\Frauen%20in%20der%20nachkriegszeit%20p-seminar%20ausdrucken.odt_0.odt
[2010.04.11 17:32:35 | 000,000,128 | -H-- | M] () -- C:\Users\Eva-Maria\Documents\.~lock.Frauen in der nachkriegszeit p-seminar ausdrucken.odt#
[2010.04.11 00:51:01 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010.04.11 00:40:03 | 000,001,019 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.04.05 18:45:19 | 000,014,468 | ---- | M] () -- C:\Users\Eva-Maria\Documents\fb smiliesy.odt
[2010.04.05 17:43:51 | 000,012,800 | ---- | M] () -- C:\Users\Eva-Maria\Documents\Lebenslauf.doc
[2010.04.04 11:47:42 | 000,118,272 | ---- | M] () -- C:\Users\Eva-Maria\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.02 14:24:58 | 000,002,109 | ---- | M] () -- C:\Users\Eva-Maria\Desktop\Google Chrome.lnk
[2010.04.01 20:42:52 | 000,485,888 | ---- | M] () -- C:\Users\Eva-Maria\Documents\Bewerbungsformular.Lena.doc
[2010.04.01 14:33:24 | 000,007,856 | ---- | M] () -- C:\Users\Eva-Maria\.recently-used.xbel
[2010.03.31 12:52:44 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.03.31 12:46:48 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.03.31 12:35:21 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010.03.31 08:16:15 | 000,025,844 | ---- | M] () -- C:\Users\Eva-Maria\Documents\Frauen in der nachkriegszeit p-seminar ausdrucken.odt
[2010.03.29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.03.29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.03.24 00:09:37 | 000,012,865 | ---- | M] () -- C:\Users\Eva-Maria\Documents\portfolio pseminar.odt
[2010.03.23 18:30:47 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010.03.23 18:13:57 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.03.22 22:39:20 | 000,057,002 | ---- | M] () -- C:\Users\Eva-Maria\Documents\sport gerätturnen.odt
[2010.03.22 21:45:05 | 000,058,414 | ---- | M] () -- C:\Users\Eva-Maria\Documents\sport gerätturnen handout.odt
[2010.03.21 16:42:59 | 000,037,005 | ---- | M] () -- C:\Users\Eva-Maria\Documents\sozi.odt
[2010.03.17 21:53:42 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2010.03.17 21:53:42 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts

========== Files Created - No Company Name ==========

[2010.04.15 18:41:41 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.04.14 14:12:16 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.14 12:55:09 | 000,000,552 | ---- | C] () -- C:\Users\Eva-Maria\AppData\Local\d3d8caps.dat
[2010.04.13 22:31:24 | 000,023,086 | ---- | C] () -- C:\Users\Eva-Maria\Documents\der heilige-exemplarische mensch reli.odt
[2010.04.12 16:45:11 | 000,028,066 | ---- | C] () -- C:\Users\Eva-Maria\Documents\Frauen%20in%20der%20nachkriegszeit%20p-seminar%20ausdrucken.odt_0.odt
[2010.04.11 17:32:35 | 000,000,128 | -H-- | C] () -- C:\Users\Eva-Maria\Documents\.~lock.Frauen in der nachkriegszeit p-seminar ausdrucken.odt#
[2010.04.11 00:40:03 | 000,001,019 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.04.10 21:01:41 | 000,034,226 | ---- | C] () -- C:\Users\Eva-Maria\Documents\semesterarbeit kunst.odt
[2010.04.05 18:45:19 | 000,014,468 | ---- | C] () -- C:\Users\Eva-Maria\Documents\fb smiliesy.odt
[2010.04.01 20:42:47 | 000,485,888 | ---- | C] () -- C:\Users\Eva-Maria\Documents\Bewerbungsformular.Lena.doc
[2010.04.01 14:33:24 | 000,007,856 | ---- | C] () -- C:\Users\Eva-Maria\.recently-used.xbel
[2010.03.31 12:52:44 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.03.31 12:46:48 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.03.31 12:35:21 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2010.03.26 19:20:36 | 000,002,109 | ---- | C] () -- C:\Users\Eva-Maria\Desktop\Google Chrome.lnk
[2010.03.26 19:19:00 | 000,001,134 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1313689582-3900863286-3496430324-1000UA.job
[2010.03.26 19:19:00 | 000,001,082 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1313689582-3900863286-3496430324-1000Core.job
[2010.03.25 17:09:10 | 000,025,844 | ---- | C] () -- C:\Users\Eva-Maria\Documents\Frauen in der nachkriegszeit p-seminar ausdrucken.odt
[2010.03.23 18:30:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.03.23 18:13:57 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.03.23 00:10:37 | 000,019,413 | ---- | C] () -- C:\Users\Eva-Maria\Documents\portfolio bus.odt
[2010.01.07 12:13:38 | 000,151,008 | ---- | C] () -- C:\Users\Eva-Maria\Orial Bold.ttf
[2010.01.05 22:54:27 | 000,000,088 | ---- | C] () -- C:\Users\Eva-Maria\VISIT DIRT2.COM FOR USAGE.txt
[2010.01.05 22:54:20 | 000,008,128 | ---- | C] () -- C:\Users\Eva-Maria\little bliss bold.otf
[2010.01.05 22:52:41 | 000,008,280 | ---- | C] () -- C:\Users\Eva-Maria\little bliss.otf
[2010.01.05 22:25:26 | 000,011,496 | ---- | C] () -- C:\Users\Eva-Maria\little bliss bold.ttf
[2010.01.05 11:53:00 | 000,050,566 | ---- | C] () -- C:\Users\Eva-Maria\littlebliss.jpg
[2010.01.05 11:33:10 | 000,011,528 | ---- | C] () -- C:\Users\Eva-Maria\little bliss.ttf
[2009.12.24 23:46:26 | 000,001,089 | ---- | C] () -- C:\Users\Eva-Maria\ScriptSERIF - READ ME.txt
[2009.12.23 15:46:43 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2009.12.23 15:46:43 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009.12.23 15:36:08 | 000,113,152 | ---- | C] () -- C:\Users\Eva-Maria\1031.MST
[2009.12.23 15:36:08 | 000,015,832 | ---- | C] () -- C:\Users\Eva-Maria\0x0407.ini
[2009.12.23 15:35:58 | 097,979,392 | ---- | C] () -- C:\Users\Eva-Maria\Samsung New PC Studio.msi
[2009.12.22 20:40:18 | 000,298,828 | ---- | C] () -- C:\Users\Eva-Maria\script_serif.ttf
[2009.12.22 20:30:56 | 000,280,209 | ---- | C] () -- C:\Users\Eva-Maria\scriptSERIF_sample.jpg
[2009.12.22 20:04:42 | 000,242,864 | ---- | C] () -- C:\Users\Eva-Maria\script_serif_riptrash.ttf
[2009.11.15 12:45:44 | 000,537,011 | ---- | C] () -- C:\Users\Eva-Maria\ billy argel beyaond sky font.jpg
[2009.11.15 12:37:34 | 000,516,096 | ---- | C] () -- C:\Users\Eva-Maria\BEYONDSKTRIAL.ttf
[2009.11.15 11:19:36 | 000,000,134 | ---- | C] () -- C:\Users\Eva-Maria\READ ME.txt
[2009.09.20 11:21:32 | 000,014,336 | -H-- | C] () -- C:\Users\Eva-Maria\photothumb.db
[2009.09.17 13:25:41 | 000,087,349 | ---- | C] () -- C:\Users\Eva-Maria\0405_09780_happy_birthday.jpg
[2009.09.13 01:03:19 | 000,242,200 | ---- | C] () -- C:\Users\Eva-Maria\acer-code.jpg
[2009.09.03 15:46:08 | 000,002,712 | ---- | C] () -- C:\Users\Eva-Maria\JOEBOB graphics free trial font users license.txt
[2009.08.26 08:27:16 | 000,006,836 | ---- | C] () -- C:\Users\Eva-Maria\AppData\Local\d3d9caps.dat
[2009.08.25 23:47:23 | 000,001,072 | ---- | C] () -- C:\Users\Eva-Maria\AppData\Roaming\wklnhst.dat
[2009.08.22 01:11:33 | 000,118,272 | ---- | C] () -- C:\Users\Eva-Maria\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.12 17:41:40 | 004,194,304 | -HS- | C] () -- C:\Users\Eva-Maria\NTUSER.DAT
[2009.08.12 17:41:40 | 000,524,288 | -HS- | C] () -- C:\Users\Eva-Maria\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2009.08.12 17:41:40 | 000,524,288 | -HS- | C] () -- C:\Users\Eva-Maria\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009.08.12 17:41:40 | 000,262,144 | -H-- | C] () -- C:\Users\Eva-Maria\ntuser.dat.LOG1
[2009.08.12 17:41:40 | 000,065,536 | -HS- | C] () -- C:\Users\Eva-Maria\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009.08.12 17:41:40 | 000,000,020 | -HS- | C] () -- C:\Users\Eva-Maria\ntuser.ini
[2009.08.12 17:41:40 | 000,000,000 | -H-- | C] () -- C:\Users\Eva-Maria\ntuser.dat.LOG2
[2009.07.21 10:16:20 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009.07.21 10:16:20 | 000,011,264 | ---- | C] () -- C:\Windows\System32\atimuixx.dll
[2009.07.21 01:52:22 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2009.07.21 01:44:57 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2009.07.21 01:44:56 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2009.04.26 15:05:36 | 000,521,608 | ---- | C] () -- C:\Users\Eva-Maria\vtks Deja Vu.ttf
[2009.03.12 12:32:52 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009.03.12 05:26:46 | 000,004,516 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe2.log
[2009.02.11 22:03:58 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009.02.11 22:03:58 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009.02.11 22:03:57 | 000,000,060 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2008.10.26 15:03:52 | 000,147,604 | ---- | C] () -- C:\Users\Eva-Maria\FPENSTRIAL.ttf
[2008.10.26 15:03:52 | 000,104,352 | ---- | C] () -- C:\Users\Eva-Maria\FPENSTRIAL.otf
[2007.10.25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.12.10 07:56:24 | 000,047,272 | ---- | C] () -- C:\Users\Eva-Maria\FairyDustB.ttf
[2005.10.23 22:46:42 | 000,057,560 | ---- | C] () -- C:\Users\Eva-Maria\Anywhere.ttf
[2005.08.04 09:28:04 | 000,000,286 | ---- | C] () -- C:\Users\Eva-Maria\readme.txt
[2005.08.04 09:23:30 | 000,193,572 | ---- | C] () -- C:\Users\Eva-Maria\kiralynn__.ttf
[2005.05.11 03:39:36 | 000,085,808 | ---- | C] () -- C:\Users\Eva-Maria\MINUS___.TTF
[2005.03.04 19:40:38 | 000,039,648 | ---- | C] () -- C:\Users\Eva-Maria\konanur.ttf
[2004.10.27 20:24:44 | 000,034,788 | ---- | C] () -- C:\Users\Eva-Maria\Flat Earth Scribe.ttf
[2000.07.13 11:12:46 | 000,000,430 | ---- | C] () -- C:\Users\Eva-Maria\font info.txt
[1998.10.01 23:13:48 | 000,084,704 | ---- | C] () -- C:\Users\Eva-Maria\Kelt Caps Freehand.ttf

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:3B3A35EC
< End of report >

laevalalala · 15.04.2010, 20:15

hm ich bin irgendwie zu dumm dafür, die anleitung von DrWeb anti virus hinzubekommen...aber es zeigt an dass anscheinend keine viren mehr vorhanden sind....

Chris4You · 16.04.2010, 06:43

Hi,

das sieht recht gut aus...
Macht der Rechner noch zicken?

Abschießend noch Prevx:
Prevx 3.0 for Home and Family
Falls das Tool was findet, nicht das Log posten sondern einen Screenshot des dann angezeigten Fensters...

chris

laevalalala · 16.04.2010, 13:36

neein bis jetzt ist alles super

dankeschön!
sollte ich jetzt auf irgendetwas besonderes achten um nicht nochmal so ein virus zu bekommen? und die Programme (OTL etc) kann ich doch jetzt auch wieder löschen oder? (wegen arbeitsspeicher...)

laevalalala · 16.04.2010, 14:03

hat doch noch was gefunden

Chris4You · 16.04.2010, 20:07

Hi,

sollte nich schlimm sein, da im Downloadbereich (und läuft hoffentlich damit nicht). Weiterhin neigt Prevx auch gerne zu Fehlalamen, daher lass die Datei bei virustotal.com prüfen und poste das Ergebnis... ggf. löschem wir sie dann per Hand...

chris

Fehler beim Laden von C:\Wondows\system32\sshnas.dll

Plagegeister aller Art und deren Bekämpfung: Fehler beim Laden von C:\Wondows\system32\sshnas.dll