Firefox und Kaspersky lassen sich nicht mehr öffnen

Staufler · 27.06.2010, 10:43

Servus miteinander^^

Hab schon mehrere Foren durchstöbert aber ehrlich gesagt weiß ich dennoch nicht was ich jetzt machen soll.
Ich habe folgendes Problem. Firefox und Kaspersky lassen sich nicht mehr öffnen. Wenn ich auf die Desktop-Verknüpfung klicke kommt nur kurz eine Sanduhr und des war es. Ich komm nur noch über Google Chrome ins Inet. Im Task-Manager wird firefox aber angezeigt und Kaspersky vor kurzem auch noch. Hab bis jetzt keine anderen Programme gefunden, die sich nicht öffnen lassen. Wahrscheinlich hab ich mir einen Virus eingefangen. Hoffe ihr findet was in den logs und könnt mir dann sagen was ich machen soll

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:03:01, on 27.06.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Hans
Mustermann\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Alexander Sentner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\HansMustermann\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\HansMustermann \AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe
C:\Users\Hans Mustermann\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hans Mustermann\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Hans Mustermann\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = h**p://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
R3 - URLSearchHook: Softonic Deutsch Toolbar - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
O2 - BHO: Softonic Deutsch Toolbar - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} - (no file)
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3 - Toolbar: Softonic Deutsch Toolbar - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [recinfo6] c:\RecInfo\RecInfo.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [96834666814020918428834000263524] C:\Program Files\Antivirus 2009\av2009.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Alexander Sentner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AA1F0B3A-BE9E-47BB-AA59-AE14FB4CAB47}: NameServer = 217.0.43.177 217.0.43.161
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: lxda_device - - C:\Windows\system32\lxdacoms.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: Fujitsu Diagnostic Testhandler (TestHandler) - Fujitsu Technology Solutions - C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe

Larusso · 27.06.2010, 10:49

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

start --> ausführen --> notepad (reinschreiben)
Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

@echo off
cd \
reg delete "HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run" /v "96834666814020918428834000263524" /f
rd "C:\Program Files\Antivirus 2009"
del %0

Speichere diese unter file.bat auf Deinem Desktop.
Wähle bei Dateityp alle Dateien aus.
Doppelklick auf die file.bat.
Vista- User: Mit Rechtsklick "als Administrator starten"

Schritt 2

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

netsvcs
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\drivers\*.sys /90
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList|helpassistant /rs

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Bitte poste in Deiner nächsten Antwort
OTL.txt
Extras.txt

Staufler · 27.06.2010, 12:17

Danke erstmal Larusso für deine Hilfe. Komme aber bei dem customscan mit otl nicht weiter. Der Scan stopt immer und dann steht da: Manuel File Scan - Looking at file: C:/windows/system32/klogon.dll...
Ist des normal oder hängt sich der Scan immer auf? Und wo find ich die OTL.txt und Extras.txt
Und noch ein Frage. Ist des normal wenn ich des file.bat öffne das dann garnichts passiert. Habe es mit Administratorrecht geöffnet aber kam nur ein Fenster wo ich meine Zustimmung bestätigen musste und des wars.

Larusso · 27.06.2010, 12:51

Ja das mit der Batch ist normal

Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.

Staufler · 27.06.2010, 13:29

Alles klar. Ich hab diesmal nichts in die Benutzerdefinierte Scans/Fixes eingetragen. Ist das so richtig? Aufjedenfall ist schonmal ne Save Liste oder so gekommen. Davon die OTL.txt und Extras.txt oder?
Sorry für meine Unwissenheit aber bin halt in der Virenbekämpfung noch ein Anfänger

Larusso · 27.06.2010, 13:33

Wenn OTL gelaufen ist, müssten sich die OTL.txt und Extras.txt dort befinden, wo sich auch die OTL.exe befindet

( im idealfall am Desktop )

Diese bitte mir posten.

Staufler · 27.06.2010, 13:57

Ah manchmal bin ich echt blind.

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 27.06.2010 14:18:40 - Run 1
OTL by OldTimer - Version 3.2.7.0     Folder = C:\Users\Hans Mustermann\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.014,00 Mb Total Physical Memory | 339,00 Mb Available Physical Memory | 33,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 58,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 92,21 Gb Total Space | 29,45 Gb Free Space | 31,94% Space Free | Partition Type: NTFS
Drive D: | 45,12 Gb Total Space | 36,93 Gb Free Space | 81,85% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ALEXANDERSEN-PC
Current User Name: Hans Mustermann
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Processes (SafeList) ==========
 
PRC - [2010.06.27 12:08:14 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Hans Mustermann\Downloads\OTL.exe
PRC - [2010.06.19 20:15:29 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Users\Hans Mustermann\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
PRC - [2010.06.02 07:57:48 | 000,945,648 | ---- | M] (Google Inc.) -- C:\Users\Hans Mustermann\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2010.05.07 12:39:36 | 000,344,736 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
PRC - [2010.05.07 12:37:14 | 000,129,720 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe
PRC - [2010.04.01 20:00:17 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2009.04.11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 00:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.03.24 04:00:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009.02.19 15:46:26 | 000,341,264 | ---- | M] (Fujitsu Technology Solutions) -- C:\Programme\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
PRC - [2009.02.06 17:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.01.19 12:07:50 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008.01.18 23:38:40 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.18 23:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.18 23:33:40 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.10.01 11:53:50 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.03.21 13:28:36 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxdacoms.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.06.27 12:08:14 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Hans Mustermann\Downloads\OTL.exe
MOD - [2009.04.11 00:21:40 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008.01.18 23:33:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (CLTNetCnService)
SRV - [2010.05.07 12:39:36 | 000,344,736 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2010.01.04 21:55:00 | 003,404,560 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009.02.19 15:46:26 | 000,341,264 | ---- | M] (Fujitsu Technology Solutions) [Auto | Running] -- C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
SRV - [2009.02.06 17:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008.01.18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.03.21 13:28:36 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdacoms.exe -- (lxda_device)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010.05.07 12:28:06 | 000,475,224 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2010.05.07 00:19:06 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2010.05.07 00:19:02 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\kl1.sys -- (kl1)
DRV - [2009.11.02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009.04.10 22:45:26 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2008.02.11 19:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008.02.11 19:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2008.01.18 20:25:06 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2008.01.18 11:00:00 | 000,385,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007.11.03 01:53:24 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2007.11.03 01:53:24 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2007.11.03 01:53:24 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007.10.02 16:30:06 | 001,967,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.07.12 16:35:02 | 000,305,176 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007.07.02 17:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007.07.02 17:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.06.13 23:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
DRV - [2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2005.02.23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://google.icq.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B3 FE 84 F4 CF 4D CA 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.0.232
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {4b0a905d-b508-4574-8d12-b8fe120ace09}:0.5
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.3
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.0.232
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.06 18:13:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.05.06 18:13:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2010.06.18 14:34:38 | 000,000,000 | ---D | M]
 
[2010.05.06 18:17:48 | 000,000,000 | ---D | M] -- C:\Users\Hans Mustermann\AppData\Roaming\mozilla\Extensions
[2010.06.26 22:41:41 | 000,000,000 | ---D | M] -- C:\Users\Hans Mustermann\AppData\Roaming\mozilla\Firefox\Profiles\xtfh995q.default\extensions
[2010.05.12 19:14:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Alexander Sentner\AppData\Roaming\mozilla\Firefox\Profiles\xtfh995q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.14 16:28:14 | 000,000,000 | ---D | M] (Faark's Grepolis Bericht 2 Image - Exporter) -- C:\Users\Alexander Sentner\AppData\Roaming\mozilla\Firefox\Profiles\xtfh995q.default\extensions\{4b0a905d-b508-4574-8d12-b8fe120ace09}
[2010.06.26 22:41:40 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Hans Mustermann\AppData\Roaming\mozilla\Firefox\Profiles\xtfh995q.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.05.23 15:07:44 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\Hans Mustermann\AppData\Roaming\mozilla\Firefox\Profiles\xtfh995q.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010.05.12 19:20:15 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Hans Mustermann\AppData\Roaming\mozilla\Firefox\Profiles\xtfh995q.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.06.18 15:21:45 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.06.18 15:21:44 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
[2010.06.18 15:21:45 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2008.08.04 20:00:23 | 000,255,786 | R--- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.1001-search.info
O1 - Hosts: 127.0.0.1	1001-search.info
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.123topsearch.com
O1 - Hosts: 127.0.0.1	123topsearch.com
O1 - Hosts: 127.0.0.1	www.132.com
O1 - Hosts: 127.0.0.1	132.com
O1 - Hosts: 127.0.0.1	www.136136.net
O1 - Hosts: 8896 more lines...
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}  - No CLSID value found.
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [recinfo6] c:\RecInfo\RecInfo.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Alexander Sentner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Users\Hans Mustermann\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Hans Mustermann\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{10eb90ec-c534-11de-8bc6-a329e3ac46d6}\Shell\AutoRun\command - "" = K:\Menu.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.06.23 17:14:55 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010.06.23 17:14:55 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010.06.23 17:14:55 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010.06.19 15:29:15 | 000,074,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrclr40.dll
[2010.06.19 15:29:15 | 000,028,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrecr40.dll
[2010.06.19 15:29:15 | 000,000,000 | ---D | C] -- C:\Programme\Mesonic
[2010.06.19 15:26:36 | 000,000,000 | ---D | C] -- C:\winline_72
[2010.06.19 15:24:24 | 000,000,000 | ---D | C] -- C:\winline_71
[2010.06.19 15:18:47 | 000,000,000 | ---D | C] -- C:\winline_64
[2010.06.19 15:17:30 | 000,000,000 | ---D | C] -- C:\Users\Hans Mustermann\AppData\Roaming\WinRAR
[2010.06.19 15:15:55 | 000,000,000 | ---D | C] -- C:\Programme\WinRAR
[2010.06.09 12:04:29 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.06.09 12:04:28 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.06.09 12:04:13 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.06.09 12:04:12 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.06.09 12:04:12 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.06.09 12:04:11 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.06.09 12:04:11 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.06.09 12:04:10 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.06.09 12:04:10 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.06.09 12:04:10 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.06.09 12:04:10 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.06.09 12:04:10 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.06.09 12:04:09 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.06.09 12:04:09 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.06.09 12:04:09 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.06.09 12:04:09 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.06.09 12:04:09 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.06.09 12:02:43 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010.06.09 12:02:40 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2009.06.16 14:03:56 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\Interop.SHDocVw.dll
[2008.01.11 22:05:20 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxdaserv.dll
[2008.01.11 22:05:20 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxdausb1.dll
[2008.01.11 22:05:20 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxdapmui.dll
[2008.01.11 22:05:20 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXDAhcp.dll
[2008.01.11 22:05:20 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxdaprox.dll
[2008.01.11 22:05:20 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxdapplc.dll
[2008.01.11 22:05:19 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxdahbn3.dll
[2008.01.11 22:05:19 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxdacomc.dll
[2008.01.11 22:05:19 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxdacomm.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.06.27 14:20:08 | 005,505,024 | -HS- | M] () -- C:\Users\Hans Mustermann\ntuser.dat
[2010.06.27 14:20:01 | 000,001,166 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1362082009-162089984-658087930-1000UA.job
[2010.06.27 13:55:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.06.27 12:56:22 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.27 12:56:22 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.27 12:10:43 | 000,000,858 | ---- | M] () -- C:\Users\Hans Mustermann\Desktop\OTL.exe - Verknüpfung.lnk
[2010.06.27 09:21:48 | 000,000,442 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E6B417AA-7A65-4D0B-A342-B9D42C8F8778}.job
[2010.06.27 08:57:10 | 000,016,384 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010.06.27 08:56:24 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.06.27 08:56:18 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.06.27 08:56:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.06.27 00:22:44 | 000,524,288 | -HS- | M] () -- C:\Users\Hans Mustermann\ntuser.dat{4ce5169a-4846-11df-9727-b78f5ed39f11}.TMContainer00000000000000000001.regtrans-ms
[2010.06.27 00:22:44 | 000,065,536 | -HS- | M] () -- C:\Users\Hans Mustermann\ntuser.dat{4ce5169a-4846-11df-9727-b78f5ed39f11}.TM.blf
[2010.06.27 00:22:26 | 002,452,652 | -H-- | M] () -- C:\Users\Hans Mustermann\AppData\Local\IconCache.db
[2010.06.26 20:20:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1362082009-162089984-658087930-1000Core.job
[2010.06.17 18:19:58 | 001,418,612 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.06.17 18:19:58 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.06.17 18:19:58 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.06.17 18:19:58 | 000,122,442 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.06.17 18:19:58 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.06.14 20:32:58 | 000,053,320 | ---- | M] () -- C:\Users\Hans Mustermann\Documents\Bewerbungsanschreiben Alexander Sentner.pdf
[2010.06.14 20:32:10 | 000,017,754 | ---- | M] () -- C:\Users\Hans Mustermann\Documents\bewerbung alex anschreiben.odt
[2010.06.10 11:16:37 | 000,002,108 | ---- | M] () -- C:\Users\Hans Mustermann\Desktop\Google Chrome.lnk
[2010.06.09 20:26:54 | 000,315,208 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2010.06.27 12:11:13 | 000,000,858 | ---- | C] () -- C:\Users\Hans Mustermann\Desktop\OTL.exe - Verknüpfung.lnk
[2010.06.19 15:29:15 | 000,244,417 | ---- | C] () -- C:\Windows\System32\odbcjet.hlp
[2010.06.19 15:29:15 | 000,008,198 | ---- | C] () -- C:\Windows\System32\odbcjet.cnt
[2010.06.14 20:14:22 | 000,053,320 | ---- | C] () -- C:\Users\Hans Mustermann\Documents\Bewerbungsanschreiben Alexander Sentner.pdf
[2010.06.07 19:41:30 | 000,017,754 | ---- | C] () -- C:\Users\Hans Mustermann\Documents\bewerbung alex anschreiben.odt
[2009.11.14 18:53:46 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.10.30 15:27:49 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2009.06.16 20:22:35 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009.06.16 14:03:58 | 000,053,248 | ---- | C] () -- C:\Windows\System32\dossec.dll
[2009.06.04 19:09:17 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll
[2009.06.04 19:09:17 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
[2008.05.21 10:50:05 | 000,053,248 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008.04.21 18:01:44 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008.04.21 18:01:44 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2008.04.21 17:54:29 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini
[2008.02.11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008.01.11 22:05:21 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXDAinst.dll
[2008.01.11 22:05:20 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxdautil.dll
[2008.01.01 17:54:07 | 000,000,091 | ---- | C] () -- C:\Windows\LEXSTAT.INI
[2007.11.23 17:05:21 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.08.11 10:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users Hans Mustermann\Documents\clip0008.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Hans Mustermann\Documents\clip0007.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Hans Mustermann\Documents\clip0006.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Hans Mustermann\Documents\clip0005.avi:TOC.WMV
@Alternate Data Stream - 57110 bytes -> C:\Users\Hans Mustermann\Documents\clip0004.avi:TOC.WMV
< End of report >

--- --- ---

OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 27.06.2010 14:18:40 - Run 1
OTL by OldTimer - Version 3.2.7.0     Folder = C:\Users\Alexander Sentner\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.014,00 Mb Total Physical Memory | 339,00 Mb Available Physical Memory | 33,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 58,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 92,21 Gb Total Space | 29,45 Gb Free Space | 31,94% Space Free | Partition Type: NTFS
Drive D: | 45,12 Gb Total Space | 36,93 Gb Free Space | 81,85% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ALEXANDERSEN-PC
Current User Name: Alexander Sentner
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 1
"AntiSpywareOverride" = 0
"FirewallOverride" = 1
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:UPnP System
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:UPnP System
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:UPnP System
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:UPnP System
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0292E24E-15EF-41DF-B1D0-342DE64BB2C1}" = protocol=6 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat | 
"{10670B69-9E9E-4D08-9D44-0092F961CAD8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{1E805B10-5EC0-40BB-8F3F-8C4F08519CFE}" = protocol=6 | dir=in | app=c:\program files\electronic arts\aufstieg des hexenkönigs\game.dat | 
"{21496D1B-0A2C-4914-A2CA-570A5CB21A14}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{355887F7-F0D9-4D26-BFEF-0A809FCD230C}" = protocol=6 | dir=in | app=c:\windows\system32\lxdacoms.exe | 
"{36BAFEE0-DD50-436E-955C-1122B8340F56}" = protocol=17 | dir=in | app=c:\program files\electronic arts\die schlacht um mittelerde ii\game.dat | 
"{37431AE6-187D-480F-A555-1E59A614787C}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{44906390-3F16-4CD8-9D5C-1C0831BA50F6}" = protocol=17 | dir=in | app=c:\program files\electronic arts\aufstieg des hexenkönigs\game.dat | 
"{44E57FD4-D69F-4308-90F3-E6A8ABBFE58C}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{457E815E-5326-4051-B612-4417C9A5CE8E}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{541EADD8-2C49-44B0-BCEA-6F38B901A7E6}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{5D9CEEF3-332D-41D5-8C6E-5885F4A75ACA}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{8363047A-FF11-4854-916A-6F3B573EA3DE}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{83A159E9-1A5F-442C-B793-0066066FD819}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{864F980A-76C1-4569-BF97-EBE1426565B9}" = protocol=6 | dir=in | app=c:\program files\ea games\die schlacht um mittelerde(tm)\game.dat | 
"{95BB01BC-AFE8-4949-87F7-35B910177CB3}" = protocol=17 | dir=in | app=c:\program files\ea games\die schlacht um mittelerde(tm)\game.dat | 
"{A31ED788-9A3C-4295-AF1B-DC380E5157D3}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{C14FAFEB-998D-4566-AA19-B3F42AA3F1A7}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{C4F6D8CE-CD58-48CD-B936-38B41B2294A0}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe | 
"{D79FAC85-E192-454B-86A7-416D32361847}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"{E784E754-C7A5-4A41-A868-24E790B54DE8}" = protocol=17 | dir=in | app=c:\windows\system32\lxdacoms.exe | 
"{EDB81669-581D-4418-9BEE-88F626558546}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe | 
"TCP Query User{565E8235-6A7C-4438-8350-482BA8195DBC}C:\program files\icqlite\icqlite.exe" = protocol=6 | dir=in | app=c:\program files\icqlite\icqlite.exe | 
"TCP Query User{7504FE5D-4371-48B6-87D7-7C28F14F9217}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe | 
"TCP Query User{E6216B2D-A75E-47B9-9FF7-D2CF8CCBF437}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{2CC6DDDD-4399-40D9-8078-EE2ABD092443}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe | 
"UDP Query User{49F11D23-210B-446E-85CF-5D55AF96AB58}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe | 
"UDP Query User{B8C18592-AF17-412D-A01D-8C2FA0B95D42}C:\program files\icqlite\icqlite.exe" = protocol=17 | dir=in | app=c:\program files\icqlite\icqlite.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP270_series" = Canon MP270 series MP Drivers
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{21A127AE-2DAF-40B7-8374-34C3E629521C}" = Far Cry (Patch 1.3)
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{332CC6BF-E6C7-48EE-BA3D-435E576AD67F}" = PaperPort Image Printer
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C662203-292F-4E9D-AE02-281071C06903}" = Far Cry (Patch 1.33)
"{497A1721-088F-41EF-8876-B43C9DA5528B}" = ArcSoft Software Suite
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{81CD6232-10F5-4832-B3DA-1B88B1571031}" = Nero 7 Essentials
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{8C13BEE4-E7CE-4E46-BD13-8F41DAD00FEF}" = SweetIM Toolbar for Internet Explorer 3.4
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer-
"{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}" = Brother MFL-Pro Suite
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81000000003}" = Adobe Reader 8.1.0 - Deutsch
"{B6C89654-A6A2-477C-873B-724EC1C56407}" = ScanSoft PaperPort 11
"{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = Aufstieg des Hexenkönigs™
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFADE4AF-C0CF-4A04-A776-741318F1658F}" = Content Transfer
"{D765F1CE-5AE5-4C47-B134-AE58AC474740}" = OpenOffice.org 3.1
"{E47BA573-BBC4-40C1-8A7D-B25F2F2B0DAE}" = Far Cry (Patch 1.32)
"{E848C9C0-E6FF-4A3F-9D67-AE53AC3628FE}" = SweetIM for Messenger 2.7
"{EE8592F6-FC2B-4AFD-B527-109D127C039F}" = Far Cry (Patch 1.31)
"{EF59DB7F-7426-426E-B862-7031F83ED304}" = SystemDiagnostics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F534FFD4-F013-11D3-8031-0090272C6495}" = DA0 3.6 und ODBC
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9
"Canon MP270 series Benutzerregistrierung" = Canon MP270 series Benutzerregistrierung
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"CCleaner" = CCleaner
"Die Erde 2.0" = Die Erde 2.0
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"Fraps" = Fraps
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"Mahjong Towers Eternity EU" = Mahjong Towers Eternity EU (remove only)
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MP Navigator EX 3.0" = Canon MP Navigator EX 3.0
"Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar
"Uninstall_is1" = Uninstall 1.0.0.1
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 27.11.2008 10:53:00 | Computer Name = AlexanderSen-PC | Source = WerSvc | ID = 5007
Description = 
 
Error - 27.11.2008 11:11:12 | Computer Name = AlexanderSen-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 7.0.6000.16757 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: bfc  Anfangszeit: 01c950a20dd95128  Zeitpunkt
 der Beendigung: 37
 
Error - 27.11.2008 12:43:07 | Computer Name = AlexanderSen-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 7.0.6000.16757 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 152c  Anfangszeit: 01c950aef36f4f88  Zeitpunkt
 der Beendigung: 65
 
Error - 27.11.2008 13:50:15 | Computer Name = AlexanderSen-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 7.0.6000.16757 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 1480  Anfangszeit: 01c950b8550f9848  Zeitpunkt
 der Beendigung: 26
 
Error - 27.11.2008 13:52:55 | Computer Name = AlexanderSen-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 7.0.6000.16757 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 1834  Anfangszeit: 01c950b8cf21bf58  Zeitpunkt
 der Beendigung: 104
 
Error - 27.11.2008 14:05:17 | Computer Name = AlexanderSen-PC | Source = WerSvc | ID = 5007
Description = 
 
Error - 27.11.2008 14:09:27 | Computer Name = AlexanderSen-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 7.0.6000.16757 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 15e4  Anfangszeit: 01c950bae927d93c  Zeitpunkt
 der Beendigung: 20
 
Error - 28.11.2008 08:16:41 | Computer Name = AlexanderSen-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 7.0.6000.16757 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: aac  Anfangszeit: 01c95152ecb8b487  Zeitpunkt
 der Beendigung: 81
 
Error - 28.11.2008 08:17:47 | Computer Name = AlexanderSen-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 7.0.6000.16757 arbeitet nicht mehr 
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen 
über das Problem zu suchen.  Prozess-ID: 1670  Anfangszeit: 01c951532f10ce37  Zeitpunkt
 der Beendigung: 20
 
Error - 28.11.2008 08:18:17 | Computer Name = AlexanderSen-PC | Source = WerSvc | ID = 5007
Description = 
 
[ System Events ]
Error - 26.06.2010 16:02:09 | Computer Name = AlexanderSen-PC | Source = Print | ID = 19
Description = Der Druckspooler konnte den Drucker PaperPort-Bilddrucker nicht unter
 dem Namen PaperPort-Bilddrucker freigeben. Fehler: 2114. Der Drucker kann nicht
 von anderen Benutzern im Netzwerk verwendet werden.
 
Error - 26.06.2010 16:03:29 | Computer Name = AlexanderSen-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 26.06.2010 18:23:02 | Computer Name = AlexanderSen-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 26.06.2010 18:23:20 | Computer Name = AlexanderSen-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 26.06.2010 18:23:20 | Computer Name = AlexanderSen-PC | Source = Service Control Manager | ID = 7043
Description = 
 
Error - 27.06.2010 02:57:56 | Computer Name = AlexanderSen-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 27.06.2010 06:20:33 | Computer Name = AlexanderSen-PC | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 27.06.2010 06:20:36 | Computer Name = AlexanderSen-PC | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 27.06.2010 06:58:18 | Computer Name = AlexanderSen-PC | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
Error - 27.06.2010 06:58:20 | Computer Name = AlexanderSen-PC | Source = disk | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\Harddisk0\DR0.
 
 
< End of report >

--- --- ---

Larusso · 27.06.2010, 14:04

Schritt 1

Bereinigung mit Malwarebytes' Anti-Malware (Quick-Scan)

Downloade Dir bitte Malwarebytes

Installiere das Programm in den vorgegebenen Pfad.
Denke daran, bei Vista das Programm als Admin zu starten, ansonsten per Doppelklick starten.
Lasse es online updaten (Reiter Updates), sofern sich das Programm bereits auf dem Rechner befand.
Aktiviere "Quick-Scan durchführen" => Scan.
Wenn der Scan beendet ist, klicke auf "Ergebnisse anzeigen".
Bei Funden in C:\System Volume Information den Haken entfernen.
Ansonsten wird dieser Systemwiederherstellungspunkt nicht mehr funktionieren.
Er könnte jedoch trotz Malware noch gebraucht werden.
Versichere Dich, dass ansonsten alle Funde markiert sind und drücke "Entferne Auswahl".
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Scan-Berichte" finden.
Berichte, wie der Rechner nun läuft.

Schritt 2

Bitte

alle anderen Scanner gegen Viren, Spyware, usw. deaktiviert sein,
keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
nichts am Rechner getan werden,
nach jedem Scan der Rechner neu gestartet werden.

Gmer scannen lassen

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
Gmer ist geeignet für => NT/W2K/XP/VISTA.
Alle anderen Programme sollen geschlossen sein.
Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
Vista-User mit Rechtsklick und als Administrator starten.
Sollte sich ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?
Unbedingt auf "No" klicken.
Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf "Save" und speichere das Log als "Gmer.txt" auf dem Desktop, Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Schritt 3

Funktioniert der FF bzw Kas wieder ?

Bitte poste in Deiner nächsten Antwort
MBAM Logfile
Gmer.txt

Staufler · 27.06.2010, 18:46

hat jetzt ein bisschen gedauert wegen am Fußballspiel

also hier der Malwarebericht. Firefox lässt sich jetzt wieder öffnen. Kaspersky jedoch immer noch nicht. so werd noch GMER scannen lassen.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4246

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18928

27.06.2010 19:37:20
mbam-log-2010-06-27 (19-37-20).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 125615
Laufzeit: 8 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\QUAD Registry Cleaner v2 (Adware.QUADRegClean) -> No action taken.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Staufler · 27.06.2010, 20:58

der erste scan hat geklappt jedoch habe ich vergessen auf save zu drücken. nun kann ich den GMER scan nicht mehr ausführen. zuerst bekam ich beim scanausführen lauter bluescreens und jetzt zum schluss kam die nachricht, dass dieses programm nicht ausgeführt werden kann.
und beim starten von google chrome bekam ich zuletzt auch noch einen bluescreen. jetzt spinnt der pc langsam völlig

kommt man ohne diesen scan auch zu einem ergebnis?

Larusso · 27.06.2010, 21:02

Während dieser Scans soll(en):

alle anderen Scanner gegen Viren, Spyware, usw. deaktiviert sein,
keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
nichts am Rechner getan werden,
nach jedem Scan der Rechner neu gestartet werden.

Rootkitscan mit RootRepeal

Gehe hierhin, scrolle runter und downloade RootRepeal.zip.
Entpacke die Datei auf Deinen Desktop.
Doppelklicke die RootRepeal.exe, um den Scanner zu starten.
Klicke auf den Reiter Report und dann auf den Button Scan.
Mache einen Haken bei den folgenden Elementen und klicke Ok.
.
Drivers
Files
Processes
SSDT
Stealth Objects
Hidden Services
Shadow SSDT
.
Im Anschluss wirst Du gefragt, welche Laufwerke gescannt werden sollen.
Wähle C:\ und klicke wieder Ok.
Der Suchlauf beginnt automatisch, es wird eine Weile dauern, bitte Geduld.
Wenn der Suchlauf beendet ist, klicke auf Save Report.
Speichere das Logfile als RootRepeal.txt auf dem Desktop.
Kopiere den Inhalt hier in den Thread.

Staufler · 27.06.2010, 21:23

Hab alles genau nach deinen Anweisungen gemacht. Dieser Scan funktioniert nun aber auch nicht mehr. Es kommen nur noch Error Meldungen. Beim ersten Mal hat der Scan sich glaubig nur kurz aufgehängt und ging danach weiter. Bei mir hat sich aufjedenfall ein Fenster mit Logs geöffnet. Vielleicht hilft das ja weiter. Glaube, dass das aber nicht alles ist. Waren vielleicht 3 Minuten Scan

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/06/27 22:12
Program Version: Version 1.3.5.0
Windows Version: Windows Vista SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\Windows\System32\Drivers\dump_atapi.sys
Address: 0x8E91F000 Size: 32768 File Visible: No Signed: -
Status: -

Name: dump_dumpata.sys
Image Path: C:\Windows\System32\Drivers\dump_dumpata.sys
Address: 0x8E914000 Size: 45056 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\Windows\system32\drivers\rootrepeal.sys
Address: 0x8E4A2000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\System Volume Information\{3a708654-7ae5-11df-8a05-a72b73b46273}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{bc17cf89-7f83-11df-b56a-a4932bcc83ad}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{cbbe1bb7-7d13-11df-8f7c-a74472ce65ac}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{fb4f5e4e-7ea2-11df-a2e3-a8eda387e9b0}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{08c55ac2-81b9-11df-84e4-f03c6ed48fd4}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{08c55ac7-81b9-11df-84e4-f03c6ed48fd4}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{08c55ad1-81b9-11df-84e4-f03c6ed48fd4}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{1dbeb438-8028-11df-ad3a-ef77c9236feb}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{25d9cff9-7b71-11df-90a4-d50d2f36c0a7}{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Path: C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Locked to the Windows API!

Processes
-------------------
Path: System
PID: 4 Status: Locked to the Windows API!

Path: C:\Windows\System32\audiodg.exe
PID: 1408 Status: Locked to the Windows API!

SSDT
-------------------
#: 012 Function Name: NtAdjustPrivilegesToken
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df4a992

#: 021 Function Name: NtAlpcConnectPort
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df4c3fa

#: 022 Function Name: NtAlpcCreatePort
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df4c674

#: 038 Function Name: NtAlpcSendWaitReceivePort
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df4c8e6

#: 048 Function Name: NtClose
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df4b2aa

#: 054 Function Name: NtConnectPort
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df4ba52

#: 058 Function Name: NtCreateEvent
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df4be4e

#: 060 Function Name: NtCreateFile
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df4b4c8

#: 067 Function Name: NtCreateMutant
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df4bd34

#: 068 Function Name: NtCreateNamedPipeFile
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df4a582

#: 071 Function Name: NtCreatePort
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df4bc08

#: 075 Function Name: NtCreateSection
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df4a72a

#: 076 Function Name: NtCreateSemaphore
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df4bf6e

#: 078 Function Name: NtCreateThread
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df4af32

#: 115 Function Name: NtCreateWaitablePort
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df4bc9e

#: 116 Function Name: NtDebugActiveProcess
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df4d596

#: 129 Function Name: NtDuplicateObject
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df4e716

#: 150 Function Name: NtFsControlFile
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df4b694

#: 165 Function Name: NtLoadDriver
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df4d688

#: 177 Function Name: NtMapViewOfSection
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df4dd62

#: 184 Function Name: NtOpenEvent
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df4bee4

#: 186 Function Name: NtOpenFile
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df4b336

#: 191 Function Name: NtOpenMutant
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df4bdc4

#: 194 Function Name: NtOpenProcess
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df4abdc

#: 197 Function Name: NtOpenSection
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df4dafc

#: 198 Function Name: NtOpenSemaphore
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df4c004

#: 201 Function Name: NtOpenThread
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df4aad0

#: 219 Function Name: NtQueryDirectoryObject
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df4cb30

#: 242 Function Name: NtQuerySection
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df4e09c

#: 255 Function Name: NtQueueApcThread
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df4d98e

#: 270 Function Name: NtReplyPort
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df4c368

#: 271 Function Name: NtReplyWaitReceivePort
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df4c22e

#: 276 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df4d330

#: 282 Function Name: NtResumeThread
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df4e5b8

#: 286 Function Name: NtSecureConnectPort
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df4b79c

#: 289 Function Name: NtSetContextThread
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df4b14c

#: 307 Function Name: NtSetInformationToken
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df4cbd2

#: 314 Function Name: NtSetSecurityObject
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df4d790

#: 317 Function Name: NtSetSystemInformation
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df4e1ec

#: 330 Function Name: NtSuspendProcess
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df4e2de

#: 331 Function Name: NtSuspendThread
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df4e418

#: 332 Function Name: NtSystemDebugControl
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df4d4ba

#: 334 Function Name: NtTerminateProcess
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df4ad7c

#: 335 Function Name: NtTerminateThread
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df4acd2

#: 348 Function Name: NtUnmapViewOfSection
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df4df40

#: 358 Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df4ae68

#: 382 Function Name: NtCreateThreadEx
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df4b030

Shadow SSDT
-------------------
#: 013 Function Name: NtGdiBitBlt
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df5b520

#: 235 Function Name: NtGdiMaskBlt
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df5b5f6

#: 245 Function Name: NtGdiPlgBlt
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df5b666

#: 301 Function Name: NtGdiStretchBlt
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df5b58a

#: 317 Function Name: NtUserAttachThreadInput
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df5b150

#: 322 Function Name: NtUserBuildHwndList
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df5b6ce

#: 391 Function Name: NtUserFindWindowEx
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df5b344

#: 397 Function Name: NtUserGetAsyncKeyState
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df5b0b8

#: 428 Function Name: NtUserGetKeyboardState
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df5b452

#: 430 Function Name: NtUserGetKeyState
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df5b104

#: 479 Function Name: NtUserMessageCall
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df5b296

#: 497 Function Name: NtUserPostMessage
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df5b1ea

#: 498 Function Name: NtUserPostThreadMessage
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df5b23e

#: 513 Function Name: NtUserRegisterRawInputDevices
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df5b3da

#: 525 Function Name: NtUserSendInput
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df5b2f6

#: 550 Function Name: NtUserSetParent
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df5ba90

#: 573 Function Name: NtUserSetWindowsHookEx
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df5aff4

#: 576 Function Name: NtUserSetWinEventHook
Status: Hooked by "C:\Windows\system32\DRIVERS\klif.sys" at address 0x8df5b04c

==EOF==

Larusso · 27.06.2010, 21:41

Schritt 1

ESET Online Scanner

Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Unterstützte Betriebssysteme: Microsoft Windows 98/ME/NT 4.0/2000/XP und Windows Vista
Anmerkung für Vista-User: Bitte den Browser unbedingt als Administrator starten.
Dein Anti-Virus-Programm während des Scans deaktivieren.
Button "ESET Online Scanner" drücken.
Firefox-User müssen ein zusätzliches Addon (esetsmartinstaller_enu.exe) installieren.
Das Firefox-Addon auf dem Desktop speichern und dann installieren.
IE-User müssen das Installieren eines ActiveX Elements erlauben.
Einen Haken bei "Remove found threads" und "Scan archives" machen.
Start drücken.
Signaturen werden heruntergeladen.
Der Scan beginnt automatisch.
Finish drücken.
Browser schließen.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
Logfile hier posten.
Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
IE-User zusätzlich: mit HJT folgenden Eintrag fixen:
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control)

Schritt 2

Starte bitte OTL.exe und klicke auf den Quick Scan Button.

Staufler · 28.06.2010, 18:05

nach 5std scan hier endlich der Log. Sehr seltsam warum findet der wieder nichts.

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=83701d914820c74fb80e158b9c8fd912
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-06-27 09:05:14
# local_time=2010-06-27 11:05:14 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1280 16777215 100 0 807140 807140 0 0
# compatibility_mode=5892 16776573 100 100 275609 115204593 0 0
# compatibility_mode=8192 67108863 100 0 429 429 0 0
# scanned=2443
# found=0
# cleaned=0
# scan_time=847
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=83701d914820c74fb80e158b9c8fd912
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-06-28 04:57:48
# local_time=2010-06-28 06:57:48 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1280 16777215 100 0 863040 863040 0 0
# compatibility_mode=5892 16776573 100 100 331509 115260493 0 0
# compatibility_mode=8192 67108863 100 0 56329 56329 0 0
# scanned=180499
# found=0
# cleaned=0
# scan_time=16502

Staufler · 28.06.2010, 18:26

und hier nochmal der otl quick scan log

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 28.06.2010 19:13:19 - Run 2
OTL by OldTimer - Version 3.2.7.0     Folder = C:\Users\Alexander Sentner\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18928)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.014,00 Mb Total Physical Memory | 243,00 Mb Available Physical Memory | 24,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 48,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 92,21 Gb Total Space | 27,66 Gb Free Space | 29,99% Space Free | Partition Type: NTFS
Drive D: | 45,12 Gb Total Space | 36,93 Gb Free Space | 81,85% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ALEXANDERSEN-PC
Current User Name: Alexander Sentner
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010.06.27 12:08:14 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Alexander Sentner\Downloads\OTL.exe
PRC - [2010.06.19 20:15:29 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Users\Alexander Sentner\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe
PRC - [2010.05.07 12:39:36 | 000,344,736 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
PRC - [2010.05.07 12:37:14 | 000,129,720 | ---- | M] (Kaspersky Lab ZAO) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe
PRC - [2010.04.01 20:00:17 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2009.04.11 00:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 00:27:30 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.03.24 04:00:00 | 001,983,816 | ---- | M] (CANON INC.) -- C:\Programme\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2009.02.19 15:46:26 | 000,341,264 | ---- | M] (Fujitsu Technology Solutions) -- C:\Programme\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
PRC - [2009.02.06 17:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.01.19 12:07:50 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008.01.18 23:38:40 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.18 23:33:40 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.18 23:33:40 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.10.01 11:53:50 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.03.21 13:28:36 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxdacoms.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.06.27 12:08:14 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Alexander Sentner\Downloads\OTL.exe
MOD - [2009.04.11 00:21:40 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008.01.18 23:33:02 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (CLTNetCnService)
SRV - [2010.05.07 12:39:36 | 000,344,736 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -- (AVP)
SRV - [2010.01.04 21:55:00 | 003,404,560 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)
SRV - [2009.02.19 15:46:26 | 000,341,264 | ---- | M] (Fujitsu Technology Solutions) [Auto | Running] -- C:\Program Files\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
SRV - [2009.02.06 17:02:14 | 000,109,056 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2008.01.18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.03.21 13:28:36 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdacoms.exe -- (lxda_device)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010.05.07 12:28:06 | 000,475,224 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV - [2010.05.07 00:19:06 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV - [2010.05.07 00:19:02 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\kl1.sys -- (kl1)
DRV - [2009.11.02 20:27:16 | 000,019,984 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV - [2009.04.10 22:45:26 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2008.02.11 19:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008.02.11 19:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2008.01.18 20:25:06 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2008.01.18 11:00:00 | 000,385,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007.11.03 01:53:24 | 000,020,152 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2007.11.03 01:53:24 | 000,019,128 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2007.11.03 01:53:24 | 000,017,592 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007.10.02 16:30:06 | 001,967,576 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007.07.12 16:35:02 | 000,305,176 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2007.07.02 17:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007.07.02 17:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.06.13 23:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
DRV - [2006.11.02 11:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006.11.02 11:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006.11.02 11:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006.11.02 11:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006.11.02 11:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006.11.02 11:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006.11.02 11:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006.11.02 11:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006.11.02 11:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006.11.02 11:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006.11.02 11:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006.11.02 11:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006.11.02 11:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 11:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 09:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2005.02.23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://google.icq.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B3 FE 84 F4 CF 4D CA 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "hxxp://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.0.232
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {4b0a905d-b508-4574-8d12-b8fe120ace09}:0.5
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.3
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.0.232
FF - prefs.js..keyword.URL: "hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p="
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.06 18:13:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.05.06 18:13:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\THBExt [2010.06.18 14:34:38 | 000,000,000 | ---D | M]
 
[2010.05.06 18:17:48 | 000,000,000 | ---D | M] -- C:\Users\Alexander Sentner\AppData\Roaming\mozilla\Extensions
[2010.06.27 22:03:13 | 000,000,000 | ---D | M] -- C:\Users\Alexander Sentner\AppData\Roaming\mozilla\Firefox\Profiles\xtfh995q.default\extensions
[2010.05.12 19:14:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Alexander Sentner\AppData\Roaming\mozilla\Firefox\Profiles\xtfh995q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.05.14 16:28:14 | 000,000,000 | ---D | M] (Faark's Grepolis Bericht 2 Image - Exporter) -- C:\Users\Alexander Sentner\AppData\Roaming\mozilla\Firefox\Profiles\xtfh995q.default\extensions\{4b0a905d-b508-4574-8d12-b8fe120ace09}
[2010.06.26 22:41:40 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Alexander Sentner\AppData\Roaming\mozilla\Firefox\Profiles\xtfh995q.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.05.23 15:07:44 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\Alexander Sentner\AppData\Roaming\mozilla\Firefox\Profiles\xtfh995q.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010.05.12 19:20:15 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Alexander Sentner\AppData\Roaming\mozilla\Firefox\Profiles\xtfh995q.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.06.18 15:21:45 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.06.18 15:21:44 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
[2010.06.18 15:21:45 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2008.08.04 20:00:23 | 000,255,786 | R--- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.1001-search.info
O1 - Hosts: 127.0.0.1	1001-search.info
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.123topsearch.com
O1 - Hosts: 127.0.0.1	123topsearch.com
O1 - Hosts: 127.0.0.1	www.132.com
O1 - Hosts: 127.0.0.1	132.com
O1 - Hosts: 127.0.0.1	www.136136.net
O1 - Hosts: 8896 more lines...
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programme\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}  - No CLSID value found.
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programme\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Programme\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [recinfo6] c:\RecInfo\RecInfo.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Alexander Sentner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Users\Alexander Sentner\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Alexander Sentner\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{10eb90ec-c534-11de-8bc6-a329e3ac46d6}\Shell\AutoRun\command - "" = K:\Menu.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.06.27 22:43:56 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2010.06.27 22:09:51 | 000,472,064 | ---- | C] ( ) -- C:\Users\Alexander Sentner\Desktop\RootRepeal.exe
[2010.06.27 17:00:50 | 000,000,000 | ---D | C] -- C:\Users\Alexander Sentner\AppData\Roaming\Malwarebytes
[2010.06.27 17:00:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.06.27 17:00:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.06.27 17:00:37 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.06.27 17:00:37 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.06.19 15:29:15 | 000,000,000 | ---D | C] -- C:\Programme\Mesonic
[2010.06.19 15:26:36 | 000,000,000 | ---D | C] -- C:\winline_72
[2010.06.19 15:24:24 | 000,000,000 | ---D | C] -- C:\winline_71
[2010.06.19 15:18:47 | 000,000,000 | ---D | C] -- C:\winline_64
[2010.06.19 15:17:30 | 000,000,000 | ---D | C] -- C:\Users\Alexander Sentner\AppData\Roaming\WinRAR
[2010.06.19 15:15:55 | 000,000,000 | ---D | C] -- C:\Programme\WinRAR
[2010.05.27 15:09:50 | 000,000,000 | ---D | C] -- C:\Users\Alexander Sentner\Documents\Bewerbung Alex
[2010.05.23 16:44:56 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.05.16 19:52:42 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJScan
[2010.05.07 12:37:58 | 000,228,024 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\System32\klogon.dll
[2010.05.07 12:28:06 | 000,475,224 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2010.05.07 00:19:06 | 000,132,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\kl2.sys
[2010.05.07 00:19:02 | 000,132,184 | ---- | C] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\kl1.sys
[2010.05.06 18:14:56 | 000,000,000 | ---D | C] -- C:\Users\Alexander Sentner\AppData\Local\Mozilla
[2009.06.16 14:03:56 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\Interop.SHDocVw.dll
[2008.01.11 22:05:20 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxdaserv.dll
[2008.01.11 22:05:20 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxdausb1.dll
[2008.01.11 22:05:20 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxdapmui.dll
[2008.01.11 22:05:20 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXDAhcp.dll
[2008.01.11 22:05:20 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxdaprox.dll
[2008.01.11 22:05:20 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxdapplc.dll
[2008.01.11 22:05:19 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxdahbn3.dll
[2008.01.11 22:05:19 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxdacomc.dll
[2008.01.11 22:05:19 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxdacomm.dll
 
========== Files - Modified Within 90 Days ==========
 
[2010.06.28 19:13:24 | 005,505,024 | -HS- | M] () -- C:\Users\Alexander Sentner\ntuser.dat
[2010.06.28 19:06:29 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.28 19:06:29 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.28 18:55:12 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.06.28 18:54:21 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.06.28 18:20:13 | 000,001,166 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1362082009-162089984-658087930-1000UA.job
[2010.06.28 13:16:33 | 000,000,442 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E6B417AA-7A65-4D0B-A342-B9D42C8F8778}.job
[2010.06.28 13:06:38 | 000,016,384 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010.06.28 13:06:25 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.06.28 13:06:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.06.28 08:53:39 | 000,524,288 | -HS- | M] () -- C:\Users\Alexander Sentner\ntuser.dat{4ce5169a-4846-11df-9727-b78f5ed39f11}.TMContainer00000000000000000001.regtrans-ms
[2010.06.28 08:53:39 | 000,065,536 | -HS- | M] () -- C:\Users\Alexander Sentner\ntuser.dat{4ce5169a-4846-11df-9727-b78f5ed39f11}.TM.blf
[2010.06.28 08:53:29 | 002,457,861 | -H-- | M] () -- C:\Users\Alexander Sentner\AppData\Local\IconCache.db
[2010.06.27 21:46:31 | 206,589,324 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.06.27 20:20:02 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1362082009-162089984-658087930-1000Core.job
[2010.06.27 17:00:43 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.27 12:10:43 | 000,000,858 | ---- | M] () -- C:\Users\Alexander Sentner\Desktop\OTL.exe - Verknüpfung.lnk
[2010.06.17 18:19:58 | 001,418,612 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.06.17 18:19:58 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.06.17 18:19:58 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.06.17 18:19:58 | 000,122,442 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.06.17 18:19:58 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.06.14 20:32:58 | 000,053,320 | ---- | M] () -- C:\Users\Alexander Sentner\Documents\Bewerbungsanschreiben Alexander Sentner.pdf
[2010.06.14 20:32:10 | 000,017,754 | ---- | M] () -- C:\Users\Alexander Sentner\Documents\bewerbung alex anschreiben.odt
[2010.06.10 11:16:37 | 000,002,108 | ---- | M] () -- C:\Users\Alexander Sentner\Desktop\Google Chrome.lnk
[2010.06.09 20:26:54 | 000,315,208 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.05.27 21:24:14 | 000,010,485 | ---- | M] () -- C:\Users\Alexander Sentner\Documents\bewerbung email.odt
[2010.05.27 20:35:26 | 000,053,778 | ---- | M] () -- C:\Users\Alexander Sentner\Documents\Bewerbungsanschreiben.pdf
[2010.05.26 20:01:06 | 000,637,952 | ---- | M] () -- C:\Users\Alexander Sentner\Documents\Bewerbung Alex Lebenslauf.doc
[2010.05.25 21:41:09 | 000,635,392 | ---- | M] () -- C:\Users\Alexander Sentner\Documents\Bewerbung Alex Deckblatt.doc
[2010.05.25 18:18:34 | 000,635,392 | ---- | M] () -- C:\Users\Alexander Sentner\Documents\Unbenannt 1.doc
[2010.05.23 16:45:03 | 000,001,676 | ---- | M] () -- C:\Users\Alexander Sentner\Desktop\CCleaner.lnk
[2010.05.16 20:09:24 | 000,006,324 | ---- | M] () -- C:\Users\Alexander Sentner\AppData\Roaming\wklnhst.dat
[2010.05.07 12:37:58 | 000,228,024 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\klogon.dll
[2010.05.07 12:28:06 | 000,475,224 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2010.05.07 00:19:06 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\kl2.sys
[2010.05.07 00:19:02 | 000,132,184 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\System32\drivers\kl1.sys
[2010.05.06 18:14:04 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.05.05 14:28:08 | 000,113,933 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2010.05.05 14:28:08 | 000,097,549 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.26 20:57:16 | 000,020,406 | ---- | M] () -- C:\Users\Alexander Sentner\Documents\ProjektarbeitReferat.odt
[2010.04.15 06:53:00 | 000,524,288 | -HS- | M] () -- C:\Users\Alexander Sentner\ntuser.dat{4ce5169a-4846-11df-9727-b78f5ed39f11}.TMContainer00000000000000000002.regtrans-ms
[2010.04.15 06:49:07 | 000,524,288 | -HS- | M] () -- C:\Users\Alexander Sentner\ntuser.dat{020aa060-a05f-11de-92dc-b7d3e0b053c7}.TMContainer00000000000000000001.regtrans-ms
[2010.04.15 06:49:07 | 000,065,536 | -HS- | M] () -- C:\Users\Alexander Sentner\ntuser.dat{020aa060-a05f-11de-92dc-b7d3e0b053c7}.TM.blf
[2010.04.13 21:29:12 | 000,023,297 | ---- | M] () -- C:\Users\Alexander Sentner\Documents\gb_bezug.odt
 
========== Files Created - No Company Name ==========
 
[2010.06.27 20:46:47 | 206,589,324 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.06.27 17:00:43 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.06.27 12:11:13 | 000,000,858 | ---- | C] () -- C:\Users\Alexander Sentner\Desktop\OTL.exe - Verknüpfung.lnk
[2010.06.19 15:29:15 | 000,244,417 | ---- | C] () -- C:\Windows\System32\odbcjet.hlp
[2010.06.19 15:29:15 | 000,008,198 | ---- | C] () -- C:\Windows\System32\odbcjet.cnt
[2010.06.14 20:14:22 | 000,053,320 | ---- | C] () -- C:\Users\Alexander Sentner\Documents\Bewerbungsanschreiben Alexander Sentner.pdf
[2010.06.07 19:41:30 | 000,017,754 | ---- | C] () -- C:\Users\Alexander Sentner\Documents\bewerbung alex anschreiben.odt
[2010.05.27 21:24:12 | 000,010,485 | ---- | C] () -- C:\Users\Alexander Sentner\Documents\bewerbung email.odt
[2010.05.27 20:35:22 | 000,053,778 | ---- | C] () -- C:\Users\Alexander Sentner\Documents\Bewerbungsanschreiben.pdf
[2010.05.25 22:37:02 | 000,637,952 | ---- | C] () -- C:\Users\Alexander Sentner\Documents\Bewerbung Alex Lebenslauf.doc
[2010.05.25 19:24:52 | 000,635,392 | ---- | C] () -- C:\Users\Alexander Sentner\Documents\Bewerbung Alex Deckblatt.doc
[2010.05.25 18:18:34 | 000,635,392 | ---- | C] () -- C:\Users\Alexander Sentner\Documents\Unbenannt 1.doc
[2010.05.23 16:45:03 | 000,001,676 | ---- | C] () -- C:\Users\Alexander Sentner\Desktop\CCleaner.lnk
[2010.05.06 18:14:04 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.04.26 18:08:32 | 000,020,406 | ---- | C] () -- C:\Users\Alexander Sentner\Documents\ProjektarbeitReferat.odt
[2010.04.15 06:52:56 | 000,524,288 | -HS- | C] () -- C:\Users\Alexander Sentner\ntuser.dat{4ce5169a-4846-11df-9727-b78f5ed39f11}.TMContainer00000000000000000002.regtrans-ms
[2010.04.15 06:52:56 | 000,524,288 | -HS- | C] () -- C:\Users\Alexander Sentner\ntuser.dat{4ce5169a-4846-11df-9727-b78f5ed39f11}.TMContainer00000000000000000001.regtrans-ms
[2010.04.15 06:52:56 | 000,065,536 | -HS- | C] () -- C:\Users\Alexander Sentner\ntuser.dat{4ce5169a-4846-11df-9727-b78f5ed39f11}.TM.blf
[2009.11.14 18:53:46 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.10.30 15:27:49 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2009.06.16 20:22:35 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2009.06.16 14:03:58 | 000,053,248 | ---- | C] () -- C:\Windows\System32\dossec.dll
[2009.06.04 19:09:17 | 000,069,632 | ---- | C] () -- C:\Windows\System32\xmltok.dll
[2009.06.04 19:09:17 | 000,036,864 | ---- | C] () -- C:\Windows\System32\xmlparse.dll
[2008.05.21 10:50:05 | 000,053,248 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2008.04.21 18:01:44 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008.04.21 18:01:44 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2008.04.21 17:54:29 | 000,031,664 | ---- | C] () -- C:\Windows\maxlink.ini
[2008.02.11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008.01.11 22:05:21 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXDAinst.dll
[2008.01.11 22:05:20 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxdautil.dll
[2008.01.01 17:54:07 | 000,000,091 | ---- | C] () -- C:\Windows\LEXSTAT.INI
[2007.11.23 17:05:21 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1329.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.08.11 10:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
 
========== LOP Check ==========
 
[2009.10.29 12:23:09 | 000,000,000 | ---D | M] -- C:\Users\Alexander Sentner\AppData\Roaming\Amazon
[2010.05.16 19:52:42 | 000,000,000 | ---D | M] -- C:\Users\Alexander Sentner\AppData\Roaming\Canon
[2009.10.12 16:13:12 | 000,000,000 | ---D | M] -- C:\Users\Alexander Sentner\AppData\Roaming\eXPert PDF Editor
[2010.06.27 13:47:59 | 000,000,000 | ---D | M] -- C:\Users\Alexander Sentner\AppData\Roaming\ICQ
[2008.01.24 15:39:34 | 000,000,000 | ---D | M] -- C:\Users\Alexander Sentner\AppData\Roaming\ICQ Toolbar
[2008.01.16 14:51:28 | 000,000,000 | ---D | M] -- C:\Users\Alexander Sentner\AppData\Roaming\ICQLite
[2008.07.06 15:25:35 | 000,000,000 | ---D | M] -- C:\Users\Alexander Sentner\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
[2008.08.12 22:59:04 | 000,000,000 | ---D | M] -- C:\Users\Alexander Sentner\AppData\Roaming\Meine Die Schlacht um Mittelerde-Dateien
[2008.05.23 10:31:30 | 000,000,000 | ---D | M] -- C:\Users\Alexander Sentner\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
[2009.12.09 20:44:18 | 000,000,000 | ---D | M] -- C:\Users\Alexander Sentner\AppData\Roaming\OpenOffice.org
[2009.06.16 20:43:12 | 000,000,000 | ---D | M] -- C:\Users\Alexander Sentner\AppData\Roaming\Panasonic
[2009.09.29 22:03:42 | 000,000,000 | ---D | M] -- C:\Users\Alexander Sentner\AppData\Roaming\play2p
[2009.05.10 18:06:00 | 000,000,000 | ---D | M] -- C:\Users\Alexander Sentner\AppData\Roaming\ScanSoft
[2009.10.08 17:33:00 | 000,000,000 | ---D | M] -- C:\Users\Alexander Sentner\AppData\Roaming\Sony
[2008.01.01 18:01:15 | 000,000,000 | ---D | M] -- C:\Users\Alexander Sentner\AppData\Roaming\Template
[2010.06.28 08:53:49 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.06.28 13:16:33 | 000,000,442 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E6B417AA-7A65-4D0B-A342-B9D42C8F8778}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 64 bytes -> C:\Users\Alexander Sentner\Documents\clip0008.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Alexander Sentner\Documents\clip0007.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Alexander Sentner\Documents\clip0006.avi:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Alexander Sentner\Documents\clip0005.avi:TOC.WMV
@Alternate Data Stream - 57110 bytes -> C:\Users\Alexander Sentner\Documents\clip0004.avi:TOC.WMV
< End of report >

--- --- ---

27.06.2010, 13:33	#6
Larusso /// Selecta Jahrusso	Firefox und Kaspersky lassen sich nicht mehr öffnen Wenn OTL gelaufen ist, müssten sich die OTL.txt und Extras.txt dort befinden, wo sich auch die OTL.exe befindet ( im idealfall am Desktop ) Diese bitte mir posten. __________________ --> Firefox und Kaspersky lassen sich nicht mehr öffnen

Firefox und Kaspersky lassen sich nicht mehr öffnen

Log-Analyse und Auswertung: Firefox und Kaspersky lassen sich nicht mehr öffnen