| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Trojaner_Clicker in sims 2 die HaustiereWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
04.09.2010, 11:08
| #1 |
 |  Trojaner_Clicker in sims 2 die Haustiere Hallöchen! Ich habe seit vorgestern ein Problem und weiß nicht so recht was ich nun davon halten soll. Zu aller erst ich habe Vista Home Kaspersky Security 2010 Vorgestern um 18:34 meldet mein Kaspersky plötzlich einen Trojaner mit dem vorschlag diesen zu neutralisieren, löschen usw hab ich ihm auch tun lassen. Kam die meldung er hätte nichts gefunden. nach dem Wegklicken des Fenster wurde der PC neugestartet (war so in Kasp eingestellt) nach dem hochfahren kam wieder eine Meldung von Kaspersky mit "maleware" und darunter alles neutralisieren habe ich angegklickt. Kaspersky ging wieder normal auf grün für alles sicher. Im Bericht von Kaspersky steht dass folgender Trojaner nicht gefunden wurde: Trojaner_Clicker.Win32.Agent.odw gefunden wurde dieser in der Datei Die Sims2 Haustiere/eauinstall.exe Habe darauf einen 4 stündigen komplett chef von Kaspersky durchführen lassen mit dem Ergebniss das nichts gefunden wurde. Eine Freundin hat mir dann den Typ mit dem Online-Scanner von Norton gegeben, auch der hat nichts gefunden und gemeldet ich sei Trojaner frei. Daraufhin habe ich mir TrojanHunder die 30-Tage kostenlose version heruntergeladen. Weil es schon spät am abend war hab ich nur die Schnelldurchsuchung gemacht - nichts gefunden. Gestern hab ich dann angefangen mit der vollständigen durchsuchung durch TrojaHunter als er die ganzen Datein von Sims durchsucht hatte hat er aber nichts von einen Trojaner gemeldet. TrojanHunter war noch im scannen als um 18:34 wieder Kaspersky schrie Trojaner - genau das gleiche spiel wie gestern .... wieder dieser trojanclicker und wieder in sims hab dann wieder trojanhunter drüber laufen lassen aber nichts .. habe dann gewagt direkt in sims reinzugehen und hab sowohl mit kasp als auch mit trojanhunter die besagte datei durchsucht aber beide meldeten keinen trojaner ..... Ist das jetzt nur ein dummer scherz von Kaspersky, weil wie gesagt 2x um die selbe Zeit ... oder is der trojaner tatsächlich da aber so fies dass 3 Programme diesen nicht finden?! Bin heute ungefär seit halb 11 Vormittag online am pc aber es kam keine Fehlermeldung ... heißt das nun dass wirklich nur ein fehler ist der korregiert wurde oder kommts erst wieder um 18:34 Ich hoffe ihr könnt mir weiterhelfen!! |
|
04.09.2010, 16:20
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Trojaner_Clicker in sims 2 die HaustiereZitat:
Bitte routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Danach OTL: Systemscan mit OTL Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
04.09.2010, 18:12
| #3 |
| | Trojaner_Clicker in sims 2 die Haustiere Habe jetzt erstmal Malware drüber laufen lassen und hier das Ergebnis
__________________Malwarebytes' Anti-Malware 1.46 Malwarebytes Datenbank Version: 4544 Windows 6.0.6001 Service Pack 1 Internet Explorer 8.0.6001.18943 04.09.2010 19:10:49 mbam-log-2010-09-04 (19-10-49).txt Art des Suchlaufs: Quick-Scan Durchsuchte Objekte: 141809 Laufzeit: 15 Minute(n), 4 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 14 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 5 Infizierte Dateien: 8 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\mysearchtoolbar.settingsplugin (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\mysearchtoolbar.settingsplugin.1 (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{014da6ca-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Interface\{014da6cc-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{014da6cb-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\Typelib\{014da6c0-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{014da6c1-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{014da6c1-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{014da6c1-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{014da6cb-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\My Search Uninstall (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{014da6c9-189f-421a-88cd-07cfe51cff10} (Adware.MyWebSearch) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: C:\Program Files\MySearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MySearch\bar (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MySearch\bar\1.bin (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MySearch\bar\Cache (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MySearch\bar\History (Adware.MyWebSearch) -> Quarantined and deleted successfully. Infizierte Dateien: C:\Program Files\MySearch\bar\1.bin\S4FFXTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MySearch\bar\1.bin\S4FFXTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MySearch\bar\1.bin\S4NTSTBR.JAR (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MySearch\bar\1.bin\S4NTSTBR.MANIFEST (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MySearch\bar\Cache\files.ini (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\Program Files\MySearch\bar\History\search2 (Adware.MyWebSearch) -> Quarantined and deleted successfully. C:\ProgramData\Firefox Setup 3.5.2.exe (Trojan.Swizzor) -> Quarantined and deleted successfully. C:\ProgramData\Thunderbird Setup 2.0.0.23.exe (Trojan.Swizzor) -> Quarantined and deleted successfully. |
|
04.09.2010, 18:34
| #4 |
| | Trojaner_Clicker in sims 2 die Haustiere So hier von OTLOTL Logfile: OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 04.09.2010 19:26:06 - Run 1 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\birgit\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 34,00% Memory free 3,00 Gb Paging File | 1,00 Gb Available in Paging File | 24,00% Paging File free Paging file location(s): [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 229,13 Gb Total Space | 122,23 Gb Free Space | 53,34% Space Free | Partition Type: NTFS Drive D: | 228,82 Gb Total Space | 151,62 Gb Free Space | 66,26% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BIRGIT-PC Current User Name: birgit Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\birgit\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com) PRC - C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com) PRC - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\birgit\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia) PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia) PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) PRC - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) PRC - C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe (Nokia) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.) PRC - C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) PRC - C:\Program Files\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe () PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia) PRC - C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Program Files\Avanquest\Print Artist Platinum\ReminderApp.exe () PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe (Kaspersky Lab) PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\ehome\mcupdate.exe (Microsoft Corporation) PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe () PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe (CyberLink Corp.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe () PRC - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink) PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT) PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST) PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\SysMonitor.exe () PRC - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe () ========== Modules (SafeList) ========== MOD - C:\Users\birgit\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (CLTNetCnService) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found SRV - (sp_rssrv) -- C:\Program Files\Spyware Terminator\sp_rsser.exe (Crawler.com) SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe () SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (Boonty Games) -- C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe (BOONTY) SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe () SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (Acer HomeMedia Connect Service) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink) SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT) SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe () ========== Driver Services (SafeList) ========== DRV - (USBModem) -- C:\Windows\System32\DRIVERS\lgusbmodem.sys File not found DRV - (UsbDiag) -- C:\Windows\System32\DRIVERS\lgusbdiag.sys File not found DRV - (usbbus) -- C:\Windows\System32\DRIVERS\lgusbbus.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (sp_rsdrv2) -- C:\Windows\System32\drivers\sp_rsdrv2.sys () DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab) DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation) DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab) DRV - (klbg) -- C:\Windows\system32\drivers\klbg.sys (Kaspersky Lab) DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files\Acer Arcade Live\Acer PlayMovie\000.fcl (Cyberlink Corp.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell) DRV - (PSDNServ) -- C:\Windows\system32\drivers\PSDNServ.sys (HiTRUST) DRV - (psdvdisk) -- C:\Windows\system32\drivers\psdvdisk.sys (HiTRUST) DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (HiTRUST) DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys () DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.) DRV - (PID_0928) Labtec WebCam(PID_0928) -- C:\Windows\System32\drivers\LV561AV.SYS (Labtec Inc.) DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Labtec Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\URLSearchHook: {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\tbMess.dll (Conduit Ltd.) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\tbMess.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.) IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Winamp Search" FF - prefs.js..browser.search.defaulturl: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "chello.at" FF - prefs.js..extensions.enabledItems: {E9A1DEE0-C623-4439-8932-001E7D17607D}:2.1.0.2 FF - prefs.js..extensions.enabledItems: dvscontextmenuy@dvdvideosoft.com:1.0 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10 FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.11.2 FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2 FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.459 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {9b339f6e-ddcd-401b-8764-230adbd01761}:2.6.0.15 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14 FF - prefs.js..keyword.URL: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties" FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.03.08 18:29:28 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.07.24 11:03:39 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.15 18:48:47 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.15 18:48:47 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010.05.05 17:47:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.07.24 11:03:40 | 000,000,000 | ---D | M] [2009.11.28 12:33:47 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\mozilla\Extensions [2009.11.28 12:33:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\birgit\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.08.16 17:22:59 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\mozilla\Firefox\Profiles\wuaw9i8h.default\extensions [2009.12.24 11:05:17 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\birgit\AppData\Roaming\mozilla\Firefox\Profiles\wuaw9i8h.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2009.09.03 17:16:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\birgit\AppData\Roaming\mozilla\Firefox\Profiles\wuaw9i8h.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.08.15 19:24:34 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\birgit\AppData\Roaming\mozilla\Firefox\Profiles\wuaw9i8h.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.06.16 19:49:39 | 000,000,000 | ---D | M] (Messenger Plus Live Toolbar) -- C:\Users\birgit\AppData\Roaming\mozilla\Firefox\Profiles\wuaw9i8h.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761} [2010.07.25 13:08:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\birgit\AppData\Roaming\mozilla\Firefox\Profiles\wuaw9i8h.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2009.04.09 19:09:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\birgit\AppData\Roaming\mozilla\Firefox\Profiles\wuaw9i8h.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2010.05.17 17:14:38 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\birgit\AppData\Roaming\mozilla\Firefox\Profiles\wuaw9i8h.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} [2010.08.29 10:21:01 | 000,000,950 | ---- | M] () -- C:\Users\birgit\AppData\Roaming\Mozilla\FireFox\Profiles\wuaw9i8h.default\searchplugins\icqplugin-1.xml [2009.06.01 03:30:52 | 000,000,950 | ---- | M] () -- C:\Users\birgit\AppData\Roaming\Mozilla\FireFox\Profiles\wuaw9i8h.default\searchplugins\icqplugin-2.xml [2008.07.10 14:07:28 | 000,000,944 | ---- | M] () -- C:\Users\birgit\AppData\Roaming\Mozilla\FireFox\Profiles\wuaw9i8h.default\searchplugins\icqplugin.xml [2010.05.17 17:14:19 | 000,003,915 | ---- | M] () -- C:\Users\birgit\AppData\Roaming\Mozilla\FireFox\Profiles\wuaw9i8h.default\searchplugins\sweetim.xml [2009.12.24 11:05:24 | 000,001,201 | ---- | M] () -- C:\Users\birgit\AppData\Roaming\Mozilla\FireFox\Profiles\wuaw9i8h.default\searchplugins\winamp-search.xml [2010.05.16 09:48:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010.05.16 09:48:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.05.05 17:49:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010.08.15 18:48:41 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.08.15 18:48:41 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.08.15 18:48:41 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.08.15 18:48:41 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.08.15 18:48:41 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml [2009.04.07 15:59:38 | 000,000,872 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Yahooober31161496.gif [2009.11.03 19:25:12 | 000,000,205 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Yahooober31161496.src O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: ::1 localhost O2 - BHO: (Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST) O2 - BHO: (Messenger Plus Live Toolbar) - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\tbMess.dll (Conduit Ltd.) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} - No CLSID value found. O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Messenger Plus Live Toolbar) - {9b339f6e-ddcd-401b-8764-230adbd01761} - C:\Program Files\Messenger_Plus_Live\tbMess.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar mit Pop-Up-Blocker) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Messenger Plus Live Toolbar) - {9B339F6E-DDCD-401B-8764-230ADBD01761} - C:\Program Files\Messenger_Plus_Live\tbMess.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe () O4 - HKLM..\Run: [Acer Tour] File not found O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [PicPick Start] C:\Screenshoots\Picpick\picpick.exe () O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe (CyberLink Corp.) O4 - HKLM..\Run: [PrintArtist] C:\Program Files\Avanquest\Print Artist Platinum\ReminderApp.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe File not found O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [EPSON Stylus DX6000 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe File not found O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe File not found O4 - HKCU..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia) O4 - HKCU..\Run: [SpywareTerminatorUpdate] C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com) O4 - Startup: C:\Users\birgit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O8 - Extra context menu item: Free YouTube Download - C:\Users\birgit\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\birgit\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Save YouTube Video - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} hxxp://ax.emsisoft.com/asquared.cab (a-squared Scanner) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab) O24 - Desktop WallPaper: C:\Users\birgit\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\birgit\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.09.04 19:25:01 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\birgit\Desktop\OTL.exe [2010.09.04 18:54:06 | 000,000,000 | ---D | C] -- C:\Users\birgit\AppData\Roaming\Malwarebytes [2010.09.04 18:53:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.09.04 18:53:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.09.04 18:53:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.09.04 18:53:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.09.04 18:52:49 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\ProgramData\mbam-setup.exe [2010.09.04 16:50:21 | 000,000,000 | ---D | C] -- C:\Users\birgit\AppData\Roaming\Spyware Terminator [2010.09.04 16:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator [2010.09.04 16:50:07 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Terminator [2010.09.02 22:49:31 | 000,000,000 | ---D | C] -- C:\Users\birgit\AppData\Roaming\TrojanHunter [2010.09.02 22:45:41 | 000,000,000 | ---D | C] -- C:\Program Files\TrojanHunter 5.3 [2010.09.02 22:44:19 | 022,489,640 | ---- | C] (Mischel Internet Security ) -- C:\ProgramData\TrojanHunter53Setup.exe [2010.08.22 13:37:51 | 018,088,968 | ---- | C] (DVDVideoSoft Limited. ) -- C:\ProgramData\FreeYouTubeToMp3Converter.exe [2010.08.13 16:38:31 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.08.13 16:38:29 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010.08.13 16:38:29 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.08.13 16:38:29 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010.08.13 16:38:28 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.08.13 16:38:28 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.08.13 16:38:28 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.08.13 16:38:27 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010.08.13 16:38:26 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010.08.13 16:38:24 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010.08.13 16:38:23 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010.08.13 16:38:23 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.08.13 16:38:23 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.08.13 16:38:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.08.13 16:38:22 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.08.13 16:37:50 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll [2010.08.13 16:37:30 | 002,036,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.08.13 16:37:27 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll [2010.08.13 16:37:23 | 003,598,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.08.13 16:37:23 | 003,545,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010.08.10 18:30:21 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualFarm [2010.08.06 20:37:11 | 011,971,973 | ---- | C] (DVDVideoSoft Limited. ) -- C:\ProgramData\FreeVideoToMp3Converter40.exe [2010.08.06 20:03:09 | 000,000,000 | ---D | C] -- C:\Users\birgit\AppData\Local\Deployment [2010.08.06 19:50:03 | 000,000,000 | ---D | C] -- C:\Users\birgit\AppData\Local\Google [2010.05.23 12:57:52 | 007,213,444 | ---- | C] (www.minidvdsoft.com ) -- C:\ProgramData\freedvdcreator.exe [2010.05.22 13:54:22 | 008,062,504 | ---- | C] ( ) -- C:\ProgramData\DVDStyler-1.8.0.3-win32.exe [2010.05.16 13:58:54 | 306,699,456 | ---- | C] (Nero AG) -- C:\ProgramData\multimediasuite-ESD_small-20100412164653105-10.0.13200.nsx.exe [2010.04.17 15:46:40 | 017,776,464 | ---- | C] (pdfforge GbR) -- C:\ProgramData\PDFCreator-0_9_9_setup.exe [2010.03.20 15:58:49 | 003,378,431 | ---- | C] (CoreDownload Free Wallpaper Changer ) -- C:\ProgramData\CoreDownloadFreeWallpaperChangerSetup.exe [2010.02.15 17:29:15 | 003,917,578 | ---- | C] (SCWA-Software ) -- C:\ProgramData\VideoSS.exe [2010.02.06 14:15:26 | 012,109,496 | ---- | C] (ICQ) -- C:\ProgramData\install_icq7.exe [2010.01.24 13:48:19 | 032,047,558 | ---- | C] (Macrovision Corporation) -- C:\ProgramData\JAD8002_BASIC.exe [2010.01.16 14:00:08 | 000,535,576 | ---- | C] (RealNetworks, Inc.) -- C:\ProgramData\RealPlayerSPGold_de.exe [2010.01.01 12:52:26 | 005,176,728 | ---- | C] (Yuna Software) -- C:\ProgramData\MsgPlusLive-483.exe [2009.12.24 10:57:09 | 011,334,424 | ---- | C] (Nullsoft, Inc.) -- C:\ProgramData\winamp5571_full_emusic-7plus_de-de.exe [2009.12.16 21:02:44 | 001,167,688 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\wlsetup-custom.exe [2009.12.06 11:40:58 | 003,184,296 | ---- | C] (Piriform Ltd) -- C:\ProgramData\dfsetup115.exe [2009.12.04 19:08:29 | 002,573,488 | ---- | C] (Karlis Blumentals ) -- C:\ProgramData\scrwon4.exe [2009.11.29 18:22:52 | 007,472,320 | ---- | C] (DVDVideoSoft Limited. ) -- C:\ProgramData\FreeVideoToJPGConverter1.5.1.54.exe [2009.11.19 18:22:56 | 001,067,856 | ---- | C] (Piriform Ltd) -- C:\ProgramData\ccsetup225_slim.exe [2009.11.14 15:39:21 | 001,128,916 | ---- | C] (www.hellopdf.com ) -- C:\ProgramData\pdf2wordsetup.exe [2009.10.26 20:10:17 | 006,113,130 | ---- | C] (InstallShield Software Corporation) -- C:\ProgramData\pci_filerecovery4.exe [2009.10.26 14:21:02 | 015,375,944 | ---- | C] (Any-Video-Converter.com ) -- C:\ProgramData\avc-free.exe [2009.10.03 17:17:53 | 115,904,256 | ---- | C] (Corel Corporation ) -- C:\ProgramData\WinDVDPro2010-TBYB.exe [2009.09.23 17:36:07 | 021,952,661 | ---- | C] (VMesquita ) -- C:\ProgramData\DIKOSetup245.exe [2009.09.21 19:01:09 | 000,073,728 | ---- | C] ( ) -- C:\ProgramData\vdremote.dll [2009.09.21 19:01:09 | 000,069,632 | ---- | C] ( ) -- C:\ProgramData\vdicmdrv.dll [2009.09.21 19:01:09 | 000,069,632 | ---- | C] ( ) -- C:\ProgramData\auxsetup.exe [2009.09.21 19:01:09 | 000,065,536 | ---- | C] ( ) -- C:\ProgramData\vdsvrlnk.dll [2009.09.21 19:01:09 | 000,008,704 | ---- | C] ( ) -- C:\ProgramData\vdub.exe [2009.08.22 14:40:32 | 001,228,240 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\ADBEPHSPCS4_LS4.exe [2009.08.08 19:30:18 | 000,946,119 | ---- | C] (Jodix Technologies Ltd. ) -- C:\ProgramData\free-wma-mp3-converter.exe [2009.07.14 20:20:46 | 000,347,432 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WINWORD.EXE [2009.07.01 18:51:47 | 020,631,848 | ---- | C] (Skype Technologies S.A.) -- C:\ProgramData\SkypeSetupFull.exe [2009.06.16 14:03:56 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\Interop.SHDocVw.dll [2009.01.10 17:36:22 | 016,126,456 | ---- | C] (Macrovision Corporation) -- C:\ProgramData\install_puls4_icq65.exe [2007.05.07 01:07:10 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.09.04 19:31:38 | 005,242,880 | -HS- | M] () -- C:\Users\birgit\ntuser.dat [2010.09.04 19:25:05 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\birgit\Desktop\OTL.exe [2010.09.04 19:15:44 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.09.04 19:15:44 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.09.04 19:15:43 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.09.04 19:15:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.09.04 19:15:35 | 3220,692,992 | -HS- | M] () -- C:\hiberfil.sys [2010.09.04 19:14:18 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.09.04 19:14:13 | 000,524,288 | -HS- | M] () -- C:\Users\birgit\ntuser.dat{c2075e3f-3c6f-11de-8987-001c25881f46}.TMContainer00000000000000000001.regtrans-ms [2010.09.04 19:14:13 | 000,065,536 | -HS- | M] () -- C:\Users\birgit\ntuser.dat{c2075e3f-3c6f-11de-8987-001c25881f46}.TM.blf [2010.09.04 19:14:11 | 003,815,936 | -H-- | M] () -- C:\Users\birgit\AppData\Local\IconCache.db [2010.09.04 19:08:05 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-99989120-414168423-3571821316-1000UA.job [2010.09.04 18:53:55 | 000,000,782 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.04 18:52:59 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\ProgramData\mbam-setup.exe [2010.09.04 16:50:39 | 000,000,883 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator.lnk [2010.09.04 16:50:22 | 000,142,592 | ---- | M] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys [2010.09.03 20:08:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-99989120-414168423-3571821316-1000Core.job [2010.09.02 22:45:48 | 000,059,392 | R--- | M] () -- C:\Windows\System32\streamhlp.dll [2010.09.02 22:44:23 | 022,489,640 | ---- | M] (Mischel Internet Security ) -- C:\ProgramData\TrojanHunter53Setup.exe [2010.09.01 18:08:35 | 001,445,116 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.09.01 18:08:35 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.09.01 18:08:35 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.09.01 18:08:35 | 000,126,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.09.01 18:08:35 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.08.28 11:36:37 | 000,001,179 | ---- | M] () -- C:\Users\birgit\Desktop\Free YouTube to MP3 Converter.lnk [2010.08.28 09:53:57 | 000,001,399 | ---- | M] () -- C:\Users\birgit\Desktop\DivX Movies.lnk [2010.08.28 09:53:38 | 000,000,881 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2010.08.25 18:43:50 | 000,159,744 | ---- | M] () -- C:\Users\birgit\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.22 13:39:11 | 000,000,996 | ---- | M] () -- C:\Users\birgit\Desktop\DVDVideoSoft Free Studio.lnk [2010.08.22 13:37:55 | 018,088,968 | ---- | M] (DVDVideoSoft Limited. ) -- C:\ProgramData\FreeYouTubeToMp3Converter.exe [2010.08.21 10:08:28 | 000,002,051 | ---- | M] () -- C:\Users\birgit\Desktop\Google Chrome.lnk [2010.08.14 10:50:53 | 002,333,320 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.08.07 09:41:18 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.08.06 20:37:43 | 011,971,973 | ---- | M] (DVDVideoSoft Limited. ) -- C:\ProgramData\FreeVideoToMp3Converter40.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.09.04 18:53:55 | 000,000,782 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.04 16:50:39 | 000,000,883 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator.lnk [2010.09.04 16:50:22 | 000,142,592 | ---- | C] () -- C:\Windows\System32\drivers\sp_rsdrv2.sys [2010.09.02 22:45:41 | 000,059,392 | R--- | C] () -- C:\Windows\System32\streamhlp.dll [2010.08.28 11:36:37 | 000,001,179 | ---- | C] () -- C:\Users\birgit\Desktop\Free YouTube to MP3 Converter.lnk [2010.08.09 18:55:24 | 000,000,011 | ---- | C] () -- C:\Users\birgit\AppData\Roaming\NevoSoft Gameslog.txt [2010.08.06 20:04:21 | 000,002,051 | ---- | C] () -- C:\Users\birgit\Desktop\Google Chrome.lnk [2010.08.06 20:03:32 | 000,001,122 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-99989120-414168423-3571821316-1000UA.job [2010.08.06 20:03:31 | 000,001,070 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-99989120-414168423-3571821316-1000Core.job [2010.05.23 11:12:30 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010.05.23 11:08:08 | 008,667,467 | ---- | C] () -- C:\ProgramData\vdm328_free.exe [2010.05.22 11:42:01 | 038,649,247 | ---- | C] () -- C:\ProgramData\FFSetup230.exe [2010.05.16 13:29:29 | 000,256,832 | ---- | C] () -- C:\ProgramData\SoftonicDownloader50481.exe [2010.04.17 15:52:53 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2010.03.20 15:40:48 | 003,932,214 | ---- | C] () -- C:\ProgramData\Wallpaper.bmp [2010.03.20 15:40:39 | 000,000,211 | ---- | C] () -- C:\ProgramData\untitled.wpl [2010.03.20 15:34:19 | 000,034,998 | ---- | C] () -- C:\ProgramData\WPCLogo.bmp [2010.03.20 15:34:19 | 000,015,446 | ---- | C] () -- C:\ProgramData\History.txt [2010.03.20 15:34:19 | 000,010,672 | ---- | C] () -- C:\ProgramData\Readme.txt [2010.03.20 15:34:19 | 000,001,402 | ---- | C] () -- C:\ProgramData\File_id.diz [2010.01.31 12:09:29 | 000,000,156 | ---- | C] () -- C:\Users\birgit\AppData\Roaming\default.rss [2010.01.29 21:00:08 | 034,503,088 | ---- | C] () -- C:\ProgramData\Nokia_PC_Suite_ger_web.exe [2010.01.02 11:34:48 | 000,001,497 | ---- | C] () -- C:\ProgramData\JkDefragGUI.ini [2010.01.02 11:34:07 | 002,575,069 | ---- | C] () -- C:\ProgramData\JkDefragGUI.exe [2010.01.02 11:34:07 | 000,037,170 | ---- | C] () -- C:\ProgramData\ChangeLog.txt [2010.01.02 11:34:07 | 000,001,472 | ---- | C] () -- C:\ProgramData\ReadMeFirst.txt [2009.12.24 11:06:41 | 000,263,115 | ---- | C] () -- C:\ProgramData\Alex7b.wsz [2009.12.04 18:32:52 | 017,363,313 | ---- | C] () -- C:\ProgramData\aol.exe [2009.11.23 19:21:55 | 000,477,527 | ---- | C] () -- C:\ProgramData\DivXInstaller.exe [2009.11.14 15:48:44 | 023,207,088 | ---- | C] () -- C:\ProgramData\PdfGrabber_Setup.exe [2009.11.14 15:27:23 | 000,754,344 | ---- | C] () -- C:\ProgramData\advancedpdf2word_trial.exe [2009.10.26 22:23:45 | 003,267,488 | ---- | C] () -- C:\ProgramData\Pandora211Recovery.exe [2009.10.26 22:17:55 | 000,056,832 | ---- | C] () -- C:\ProgramData\file-recovery-pro-DEMO.exe [2009.10.26 22:17:55 | 000,000,875 | ---- | C] () -- C:\ProgramData\file-recovery-pro-DEMO.ini [2009.10.26 22:17:54 | 011,109,376 | ---- | C] () -- C:\ProgramData\file-recovery-pro-DEMO_German.msi [2009.10.26 22:17:54 | 011,102,720 | ---- | C] () -- C:\ProgramData\file-recovery-pro-DEMO.msi [2009.10.26 22:13:44 | 021,047,280 | ---- | C] () -- C:\ProgramData\file-recovery-pro36-demo.zip [2009.10.10 14:12:51 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2009.10.10 14:09:23 | 012,621,312 | ---- | C] () -- C:\ProgramData\gs870w32.exe [2009.10.10 14:05:10 | 001,720,832 | ---- | C] () -- C:\ProgramData\FreePDF4.02.EXE [2009.10.10 11:49:52 | 000,599,173 | ---- | C] () -- C:\ProgramData\PDFBlenderSetup1.1.2.exe [2009.10.03 17:58:13 | 001,275,896 | ---- | C] () -- C:\ProgramData\setup.exe [2009.10.03 17:30:51 | 000,000,088 | RHS- | C] () -- C:\ProgramData\AD7517B469.sys [2009.10.03 17:30:50 | 000,002,516 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2009.09.29 18:18:31 | 000,000,402 | ---- | C] () -- C:\Users\birgit\AppData\Roaming\wklnhst.dat [2009.09.21 19:01:09 | 000,246,767 | ---- | C] () -- C:\ProgramData\VirtualDub.chm [2009.09.21 19:01:09 | 000,219,510 | ---- | C] () -- C:\ProgramData\VirtualDub.vdi [2009.09.21 19:01:09 | 000,018,321 | ---- | C] () -- C:\ProgramData\copying [2009.09.21 19:01:08 | 002,658,816 | ---- | C] () -- C:\ProgramData\VirtualDub.exe [2009.07.01 18:57:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.06.27 14:58:17 | 076,559,360 | ---- | C] () -- C:\ProgramData\WolfQuest_Win20090606.msi [2009.06.20 15:54:00 | 076,342,784 | ---- | C] () -- C:\ProgramData\WolfQuest_Win20080717.msi [2009.06.16 14:03:58 | 000,053,248 | ---- | C] () -- C:\Windows\System32\dossec.dll [2009.05.21 20:07:42 | 001,048,200 | ---- | C] () -- C:\ProgramData\MoveMediaPlayer_071303000004.exe [2009.04.18 19:32:26 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2009.01.06 15:04:44 | 000,507,904 | ---- | C] () -- C:\ProgramData\pro.exe [2008.12.28 19:19:34 | 004,998,707 | ---- | C] () -- C:\ProgramData\flvplayer_setup.exe [2008.12.25 19:43:22 | 003,659,444 | ---- | C] () -- C:\ProgramData\FileZilla_3.1.3.1_win32-setup.exe [2008.11.22 10:42:54 | 001,471,839 | ---- | C] () -- C:\ProgramData\wrar380d.exe [2008.09.28 15:43:24 | 000,003,688 | ---- | C] () -- C:\Windows\ULEAD32.INI [2008.08.26 19:24:32 | 000,159,744 | ---- | C] () -- C:\Users\birgit\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.06.16 17:35:04 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2008.06.16 17:30:38 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX6000EFDG.ini [2008.05.14 18:12:18 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008.05.14 09:59:10 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini [2008.05.14 09:59:10 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini [2008.05.14 09:30:43 | 000,007,484 | ---- | C] () -- C:\Users\birgit\AppData\Local\d3d9caps.dat [2008.02.04 19:23:10 | 000,693,792 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL [2007.05.07 10:41:16 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2007.05.07 09:22:38 | 000,000,834 | ---- | C] () -- C:\Windows\generic.ini [2007.05.07 09:22:38 | 000,000,132 | ---- | C] () -- C:\Windows\Alaunch.ini [2007.05.07 01:07:10 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll [2007.02.06 23:58:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll [2007.02.06 23:57:58 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll [2007.02.06 23:57:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll [2007.02.06 23:56:30 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll [2007.02.06 23:56:28 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll [2007.02.06 23:52:08 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll [2006.12.25 15:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005.01.19 10:30:54 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_SVXWV4PVSVVVV8N4TFBRVDNPCLPTJBX9Y6LV9TXVVJVFJF5VVJV0 @Alternate Data Stream - 24 bytes -> C:\Windows:28623108D70BB416 @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:1941675B @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:FD444D31 @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:700CD00E @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:3A925163 @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:997E6AF4 @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:79F970BE @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:A94968B5 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:9CB2B6C5 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:51A22C60 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:CBEB737E @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:B83BF1A6 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:6A16A184 @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:4F636E25 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:8EEE3BBB @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:25005EFA @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D2A5A561 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A42A9F39 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:3AE22B1A @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:273A8657 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:128A6DC9 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:E0AE69BE @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:6677D85A @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:3447AB86 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:6A97C459 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:69FD6BF0 @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:E1D818F7 @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:CB0FEE2B @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:22313216 @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A561576B @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:0CC7E693 @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:6BD1DCDD @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:E1F04E8D @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:BE6DC701 @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:77846FFE @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:5216CD26 @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:BAC03849 @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:9446E8B9 @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D88D995C @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:98AE08EA @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:BDF08FAF @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:B14B4A95 @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:87FA5E8A < End of report > --- --- --- OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 04.09.2010 19:26:06 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\birgit\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 34,00% Memory free
3,00 Gb Paging File | 1,00 Gb Available in Paging File | 24,00% Paging File free
Paging file location(s): [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 229,13 Gb Total Space | 122,23 Gb Free Space | 53,34% Space Free | Partition Type: NTFS
Drive D: | 228,82 Gb Total Space | 151,62 Gb Free Space | 66,26% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: BIRGIT-PC
Current User Name: birgit
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{58195146-7937-4E5B-B631-53D1EA7DC5A7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5C829283-EC78-4964-AFCD-0CC74D50B85C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{14474163-F976-4417-A929-6ED79991A1AF}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe |
"{23537FF4-6379-42A4-AD64-8D6D98B61099}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{245EFA32-2FB3-45B4-BBA6-22977DA6B9D7}" = dir=in | app=c:\program files\acer arcade live\slideshow dvd\component\clsldvd.exe |
"{368C9C21-E9BE-475D-AF45-27B410C77590}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3C6E7478-9E43-4471-A35E-561D7468D531}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{401DCC44-0472-4D02-AC29-0D37AD80CF29}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\homemedia connect.exe |
"{40EDBCB3-C9FD-4F1C-B64B-CE1E8C7649A7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4500854C-F9A1-4621-AD42-E7DB18D73E1F}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{4817A58A-55D9-411C-8FA3-CB21DA3FD7A7}" = dir=in | app=c:\program files\acer arcade live\acer playmovie\playmovie.exe |
"{4D96A9C2-4809-44D0-A952-67B1A1C62538}" = protocol=6 | dir=in | app=c:\program files\microsoft games\zoo tycoon 2\zt.exe |
"{610D4256-FBF6-4239-BD64-20FDFE1F9691}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe |
"{6307F449-05C4-4738-BF6B-FD7B228A1DEE}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\dvdivine.exe |
"{646C2F31-F20B-4983-A342-A6C614A9D7CC}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{6D5501BB-FAC2-4083-B55E-96CCB34F9133}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{7B72838B-FCE2-433B-80BE-8BBBEE1F8B56}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{7DC102C7-F547-435A-BCBF-93C5ED6112F0}" = protocol=17 | dir=in | app=c:\program files\microsoft games\zoo tycoon 2\zt.exe |
"{84B89AB2-E7EC-4386-8D64-4E457C99D760}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{8654BA5F-18F7-4D5B-98F0-4B280AEAA52F}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{8A8B73E1-FC09-4031-856E-B75B0FD791CB}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{8DC50D88-BE68-40DC-8025-619166776E73}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{8EFF5ABC-53D2-4063-B4C8-E4FFE1B28D95}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{9126E073-9C9C-4DEE-9274-DD572F147819}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\component\arawp.exe |
"{93AC632B-CD9A-4ACB-AB45-DEC85484F771}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{9539E16F-DD81-4AFA-8F81-DEA72B224B49}" = dir=in | app=c:\program files\acer arcade live\acer playmovie\pmvservice.exe |
"{964E3E73-5BF5-4C36-8C24-32C59E7584D1}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\homemedia.exe |
"{9B2DE5D0-0D7C-45A5-9E49-A18141B64587}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\videomagician.exe |
"{A3676A4C-47A3-4FE1-9E37-8AC53C964C24}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{BBC7285B-A895-48A6-9875-133E7A04E177}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{C836A33E-ADFA-4C4A-9B24-6E902A4DFBE3}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{E89C62B9-2C50-4ED4-982A-023CAE229228}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{EDD331CE-D48E-4AD9-817C-60F7D4B935E6}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{F0429F00-CC5D-4CB5-A7E2-D7C6DD72D2F0}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\component\dvax2process.exe |
"{FEE88076-AC62-4C9B-BD70-53F607AE290D}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{FFECEEBF-54AC-4F7F-ACD1-8A037BC21508}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"TCP Query User{3CD26A1B-EE98-443A-9D18-9FFDD80265EB}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=6 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe |
"UDP Query User{9E5C92E5-C1FB-4F39-AB21-8D3A2F16A2D5}C:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe" = protocol=17 | dir=in | app=c:\programdata\kaspersky lab setup files\kaspersky internet security 2009\german\setup.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01934700-6281-1A4B-8EA8-30C35A261636}" = CCC Help French
"{026C3D27-9BE1-46BE-BEAE-6DE38A0F4FBE}" = RealNetworks - Microsoft Visual C++ 2005 Runtime
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0B04CBF8-F165-CE14-8104-E4897445CBC2}" = CCC Help Dutch
"{0B45E11E-F9F2-4CC7-821A-BB1957EE14D4}" = toolstar* file recovery professional DEMO
"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect
"{1355EDEA-47AF-C760-F679-EF573C74746A}" = Catalyst Control Center Core Implementation
"{1373559F-6DC6-44EA-9079-6ABDCCE8CDAD}" = OviMPlatform
"{13B8311B-4B73-E6D2-EEC2-2AC52EEF1CDD}" = Catalyst Control Center Graphics Previews Vista
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15292416-A464-4FBA-BB96-7298EAACFC07}" = Zoo Tycoon 2 - Ausgestorbene Tierarten
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{197A0218-F4A7-59A5-1BEE-F4D681DDD1E7}" = Catalyst Control Center Graphics Full New
"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{22FA3E58-DB68-A4D1-2DEE-07E876C64D53}" = Skins
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 20
"{29F563F4-8807-4496-8463-441EAA0E96AB}" = PC Connectivity Solution
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2D10FC46-1D96-44C4-8855-85F21B9B011E}" = Ovi Desktop Sync Engine
"{2D269FD4-2164-EA98-771D-EE14F8D46013}" = CCC Help Danish
"{2EB81825-E9EE-44F4-8F51-1240C3898DC6}" = EPSON File Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4817189D-1785-4627-A33C-39FD90919300}" = Die Sims™ 2 Haustiere
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BC2BE31-3DCF-4CF5-AD52-66DB68638EC0}" = Print Artist Platinum
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{4CDDFF57-4026-96AB-CED3-CC5A08A405E8}" = Catalyst Control Center Localization Japanese
"{4DD0182F-1F08-C6BE-3C3A-68B4CB455F50}" = Catalyst Control Center Localization Norwegian
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.1
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5791B7D3-8B34-4218-9750-6A8E45D0AD32}" = pdfforge Toolbar v1.1.2
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5C81B189-5456-40C4-9313-7FE6FA6DD64C}" = Office-Bibliothek
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{622D4708-E468-615A-5F54-C2BCDEBC1A23}" = CCC Help Swedish
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{67ADE9AF-5CD9-4089-8825-55DE4B366799}" = NTI Backup NOW! 4.7
"{67EDD823-135A-4D59-87BD-950616D6E857}" = EPSON Copy Utility 3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AF3D486-C45C-472F-A5C1-99C7A4C18127}" = BROCKHAUS DIE ENZYKLOPÄDIE
"{6BA3A2B0-3E1E-EA79-EC7D-52A61BB51AE1}" = Catalyst Control Center Localization Italian
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75A40056-A32E-1852-4ADC-F795E1446FEF}" = Catalyst Control Center Graphics Light
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{766A7BA9-2A3F-C4D2-CD59-080D8252D700}" = CCC Help Norwegian
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7A27764B-5434-4DAA-BD43-3ACF4FFCD7FE}" = SweetIM Toolbar for Internet Explorer 3.8
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7C32C567-DC0F-4C80-B06C-7873850A2E06}" = Die Sims - Tierisch gut drauf
"{7C8E4518-0FF0-6320-7DF6-A9A590D67D52}" = ccc-core-static
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8070452B-15D6-4169-B9B9-FCC3B54588AD}" = Nokia Ovi Suite
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8DAC1AE4-33D1-4A78-8A42-00E09EDECC3E}" = Camera RAW Plug-In for EPSON Creativity Suite
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{94389919-B0AA-4882-9BE8-9F0B004ECA35}" = Acer Tour
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98076F38-8493-0AF7-41C4-6172F8D1F410}" = ccc-utility
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C244239-ED8E-40f1-937F-51C706CD2160}" = Die Sims™ 2 Deluxe
"{9D85C211-0955-C770-0F73-316D0C5F0B9B}" = CCC Help Italian
"{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"{A0D65C73-F2C5-432F-8788-90F8A2E99B98}" = Nokia Ovi Suite Software Updater
"{A38496BA-B038-5BCF-04DC-73A88FB10CA0}" = CCC Help Finnish
"{A450831D-25F6-4F42-9662-D000B25E0D82}" = Acer PlayMovie
"{A51E4CE7-395C-DCBE-428E-38D061009C59}" = Catalyst Control Center Localization Spanish
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AC76BA86-7AD7-1031-7B44-A92000000001}" = Adobe Reader 9.2 - Deutsch
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine
"{B22094E7-117B-5D18-3A0A-C811937113AD}" = Catalyst Control Center Localization Danish
"{B66E665A-DF96-4C38-9422-C7F74BC1B4E5}" = EPSON Easy Photo Print
"{B6F5B704-06D3-4687-90F3-6195304AD755}" = Die Sims™ 2 Apartment-Leben
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C216A256-CEDD-54F4-C4ED-1F0AA41EE920}" = CCC Help German
"{C2AC4582-FDA5-29A9-1C61-97631871A871}" = Catalyst Control Center Localization Swedish
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C80ABB8D-63D0-6DF1-820A-EF7F2C778EB7}" = CCC Help Spanish
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R)
"{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}" = Microsoft Primary Interoperability Assemblies 2005
"{D3261A3E-9B08-AE79-A3FB-80179A585A5D}" = Catalyst Control Center Graphics Full Existing
"{D3E8C04E-E5B9-3A71-6A64-E774F90B1895}" = Catalyst Control Center Localization German
"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management
"{DD555562-299E-C58A-847B-B6C05957A65E}" = Catalyst Control Center Localization Finnish
"{DF2ECCA9-22C9-640D-0E5E-F5651EB3742C}" = CCC Help English
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = jetAudio Basic VX
"{DF8849AF-F8B8-7466-BA31-7C8F755B0E69}" = Catalyst Control Center Localization Dutch
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E8D4696B-0140-033C-C170-A2FA601DC425}" = Catalyst Control Center Localization French
"{EBA74808-BCCB-C8D5-B119-A96E9C5D45D6}" = CCC Help Japanese
"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F101C58C-15CC-42B3-83D1-536CFB960634}" = Ulead PhotoImpact 8 ESD
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician
"{F727DCA7-4B7B-4CF5-8348-881BF3B0D046}" = SweetIM for Messenger 3.1
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"504244733D18C8F63FF584AEB290E3904E791693" = Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Ask Toolbar_is1" = Ask Toolbar
"Audacity_is1" = Audacity 1.2.6
"AVIConverter" = AVIConverter 2.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"CCleaner" = CCleaner
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CoreDownload Free Wallpaper Changer_is1" = CoreDownload Free Wallpaper Changer 2.1
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"DVDStyler_is1" = DVDStyler v1.8.0.3
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"EPSON Scanner" = EPSON Scan
"ESDX6000_CX5900 Benutzerhandb." = ESDX6000_CX5900 Benutzerhandb.
"FLV Player" = FLV Player 2.0 (build 25)
"FormatFactory" = FormatFactory 2.30
"Fraps" = Fraps
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free DVD Creator (by minidvdsoft)_is1" = Free DVD Creator version 2.0
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"Free Video to JPG Converter_is1" = Free Video to JPG Converter version 1.5
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 4.0
"Free YouTube Download_is1" = Free YouTube Download 2.8
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"FreePDF_XP" = FreePDF (Remove only)
"GamesBar" = GamesBar 1.1.0.5
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"InstallShield_{15292416-A464-4FBA-BB96-7298EAACFC07}" = Zoo Tycoon 2 - Ausgestorbene Tierarten
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{F101C58C-15CC-42B3-83D1-536CFB960634}" = Ulead PhotoImpact 8 ESD
"InstallWIX_{9D8B0949-7C47-476F-9F06-F900D3B078EA}" = Kaspersky Internet Security 2010
"IPIX ActiveX Viewer" = IPIX ActiveX Viewer
"IPIX Netscape Plugin Viewer" = IPIX Netscape Plugin Viewer
"IPIX Viewer" = IPIX Viewer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Messenger_Plus_Live Toolbar" = Messenger_Plus_Live Toolbar
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Nokia Ovi Suite" = Nokia Ovi Suite
"PandoraRecovery" = PandoraRecovery (Remove Only)
"RealPlayer 12.0" = RealPlayer
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"Riva FLV Encoder 2.0_is1" = Riva FLV Encoder 2.0
"Spyware Terminator_is1" = Spyware Terminator
"Switch" = Switch Uninstall
"TrueCrypt" = TrueCrypt
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 0.9.9
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"XMedia Recode" = XMedia Recode 2.1.2.5
"Yahoo! Companion" = Yahoo! Toolbar mit Pop-Up-Blocker
"Yahoo! Toolbar" = Yahoo! Toolbar
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 06.03.2010 09:23:58 | Computer Name = birgit-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung psp.exe, Version 7.0.0.0, Zeitstempel 0x39ae9f3e,
fehlerhaftes Modul Fpxlib.dll, Version 1.1.0.0, Zeitstempel 0x34ecb67e, Ausnahmecode
0xc0000005, Fehleroffset 0x0004e477, Prozess-ID 0x1ca0, Anwendungsstartzeit 01cabd2be290af29.
Error - 08.03.2010 15:03:27 | Computer Name = birgit-PC | Source = EventSystem | ID = 4621
Description =
Error - 09.03.2010 16:02:13 | Computer Name = birgit-PC | Source = EventSystem | ID = 4621
Description =
Error - 10.03.2010 14:09:29 | Computer Name = birgit-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18882, Zeitstempel
0x4b3ed243, fehlerhaftes Modul mghooking.dll_unloaded, Version 0.0.0.0, Zeitstempel
0x4adc6cf1, Ausnahmecode 0xc0000005, Fehleroffset 0x0388454e, Prozess-ID 0x17cc,
Anwendungsstartzeit 01cac07c738d2be1.
Error - 13.03.2010 10:10:26 | Computer Name = birgit-PC | Source = EventSystem | ID = 4621
Description =
Error - 14.03.2010 14:29:22 | Computer Name = birgit-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung msnmsgr.exe, Version 14.0.8089.726, Zeitstempel
0x4a6ce533, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,
Ausnahmecode 0xc0000005, Fehleroffset 0x02980de0, Prozess-ID 0x53c, Anwendungsstartzeit
01cac3a395e1ae78.
Error - 14.03.2010 16:13:05 | Computer Name = birgit-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung firefox.exe, Version 1.9.2.3667, Zeitstempel
0x4b5102f0, fehlerhaftes Modul rpmainbrowserrecordplugin.dll, Version 1.0.1.525,
Zeitstempel 0x4af4c262, Ausnahmecode 0xc0000005, Fehleroffset 0x00003b57, Prozess-ID
0x157c, Anwendungsstartzeit 01cac36f3301b0e8.
Error - 15.03.2010 13:36:15 | Computer Name = birgit-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung avp.exe, Version 8.0.0.521, Zeitstempel 0x4a5e233a,
fehlerhaftes Modul hips.ppl, Version 8.0.0.506, Zeitstempel 0x4919b9de, Ausnahmecode
0xc0000005, Fehleroffset 0x00017303, Prozess-ID 0x664, Anwendungsstartzeit 01cac45b35b7454a.
Error - 16.03.2010 15:24:09 | Computer Name = birgit-PC | Source = EventSystem | ID = 4621
Description =
Error - 18.03.2010 01:40:46 | Computer Name = birgit-PC | Source = EventSystem | ID = 4621
Description =
[ OSession Events ]
Error - 08.05.2010 10:03:30 | Computer Name = birgit-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5316
seconds with 120 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 03.09.2010 12:37:03 | Computer Name = birgit-PC | Source = HTTP | ID = 15016
Description =
Error - 03.09.2010 12:38:33 | Computer Name = birgit-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 03.09.2010 12:39:27 | Computer Name = birgit-PC | Source = DCOM | ID = 10005
Description =
Error - 03.09.2010 12:39:27 | Computer Name = birgit-PC | Source = Service Control Manager | ID = 7009
Description =
Error - 03.09.2010 12:39:27 | Computer Name = birgit-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 04.09.2010 04:21:55 | Computer Name = birgit-PC | Source = HTTP | ID = 15016
Description =
Error - 04.09.2010 04:23:23 | Computer Name = birgit-PC | Source = Service Control Manager | ID = 7000
Description =
Error - 04.09.2010 13:15:42 | Computer Name = birgit-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 80.108.217.177 für die Netzwerkkarte mit der Netzwerkadresse
001C25881F46 wurde durch den DHCP-Server 195.34.134.211 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 04.09.2010 13:15:43 | Computer Name = birgit-PC | Source = HTTP | ID = 15016
Description =
Error - 04.09.2010 13:16:57 | Computer Name = birgit-PC | Source = Service Control Manager | ID = 7000
Description =
< End of report >
|
|
05.09.2010, 15:46
| #5 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner_Clicker in sims 2 die HaustiereZitat:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
05.09.2010, 15:50
| #6 |
| | Trojaner_Clicker in sims 2 die Haustiere hab mir beide Programme von hxxp://www.chip.de/ geholt. heißt das dort hab ich schon länger nen Trojaner sitzen??? |
|
05.09.2010, 16:21
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner_Clicker in sims 2 die Haustiere Eigentlich ist chip.de dafür nicht bekannt. Ich würde mir auch nur in Notfällen davon was runterladen, man sollte generell nur von der Originalseite die Setups herunterladen, gerade von Mozilla => Mozilla | Firefox web browser & Thunderbird email client Dein Rechner ist zugemüllt mit sinnfreier Software. Deinstallier mal alles, was Toolbar im Namen trägt. Die Dinger sind einfach nur oberdämlich-sinnfrei...  Deinstallier auch gleich alle andere Software mit, die Du nicht mehr benötigst. Ein Rechner ist keine Müllhalde 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.09.2010, 16:57
| #8 |
| | Trojaner_Clicker in sims 2 die Haustiere aber heißt das nun dass ich nen Trojaner am rechner hab oder bin ich noch mal davon gekommen? und soll ich die zwei trojanerswizzar komplett löschen und alles andere was maleware gefunden hat??? Wobei Thunderbird hab ich schon länger nicht mehr am PC |
|
05.09.2010, 17:41
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner_Clicker in sims 2 die Haustiere Das sind Setups von alten Versionen. Die können eh gelöscht werden. Ich vermute, dass Malwarebytes da eher einen Fehlalarm hatte. hast Du die ganze Sinnfrei-Software jetzt nun deinstalliert?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.09.2010, 17:45
| #10 |
| | Trojaner_Clicker in sims 2 die Haustiere nein muss ich erst edit: so hab mal alle toolbars gelöscht bezüglich der Programma muss ich erst mal schauen was ich tatsächlich nicht mehr brauche .... aber heißt das, dass auch Kaspersky 2x einen Fehlalarm hatte, denn gestern und heute kam nichts mehr!! Geändert von LadyFreaky (05.09.2010 um 18:00 Uhr) |
|
05.09.2010, 18:17
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner_Clicker in sims 2 die Haustiere Ja, wahrscheinlich waren es Fehlalarme. CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.09.2010, 18:37
| #12 |
| | Trojaner_Clicker in sims 2 die Haustiere So hab mal alles gelöscht was unnötig war an Programmen Hier von OTLOTL Logfile: Code:
ATTFilter OTL logfile created on: 05.09.2010 19:25:50 - Run 2 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\birgit\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 44,00% Memory free 3,00 Gb Paging File | 1,00 Gb Available in Paging File | 37,00% Paging File free Paging file location(s): [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 229,13 Gb Total Space | 120,39 Gb Free Space | 52,54% Space Free | Partition Type: NTFS Drive D: | 228,82 Gb Total Space | 151,62 Gb Free Space | 66,26% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BIRGIT-PC Current User Name: birgit Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\birgit\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\birgit\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia) PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia) PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) PRC - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) PRC - C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe (Nokia) PRC - C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) PRC - C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe () PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia) PRC - C:\Program Files\Windows Media Player\wmplayer.exe (Microsoft Corporation) PRC - C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Program Files\Avanquest\Print Artist Platinum\ReminderApp.exe () PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe (Kaspersky Lab) PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) PRC - C:\Program Files\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe () PRC - C:\Program Files\CoreDownload\CoreDownload Free Wallpaper Changer\CDWC.exe () PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe (CyberLink Corp.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe () PRC - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink) PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT) PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST) PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\SysMonitor.exe () PRC - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe () ========== Modules (SafeList) ========== MOD - C:\Users\birgit\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab) MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (CLTNetCnService) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (Boonty Games) -- C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe (BOONTY) SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe () SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (Acer HomeMedia Connect Service) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink) SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT) SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe () ========== Driver Services (SafeList) ========== DRV - (USBModem) -- C:\Windows\System32\DRIVERS\lgusbmodem.sys File not found DRV - (UsbDiag) -- C:\Windows\System32\DRIVERS\lgusbdiag.sys File not found DRV - (usbbus) -- C:\Windows\System32\DRIVERS\lgusbbus.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab) DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation) DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab) DRV - (klbg) -- C:\Windows\system32\drivers\klbg.sys (Kaspersky Lab) DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files\Acer Arcade Live\Acer PlayMovie\000.fcl (Cyberlink Corp.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell) DRV - (PSDNServ) -- C:\Windows\system32\drivers\PSDNServ.sys (HiTRUST) DRV - (psdvdisk) -- C:\Windows\system32\drivers\psdvdisk.sys (HiTRUST) DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (HiTRUST) DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys () DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.) DRV - (PID_0928) Labtec WebCam(PID_0928) -- C:\Windows\System32\drivers\LV561AV.SYS (Labtec Inc.) DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Labtec Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.) IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Winamp Search" FF - prefs.js..browser.search.defaulturl: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "chello.at" FF - prefs.js..extensions.enabledItems: dvscontextmenuy@dvdvideosoft.com:1.0 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10 FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.11.2 FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2 FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.459 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {9b339f6e-ddcd-401b-8764-230adbd01761}:2.6.0.15 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14 FF - prefs.js..keyword.URL: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties" FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.03.08 18:29:28 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.07.24 11:03:39 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.15 18:48:47 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.15 18:48:47 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010.05.05 17:47:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.07.24 11:03:40 | 000,000,000 | ---D | M] [2009.11.28 12:33:47 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\mozilla\Extensions [2009.11.28 12:33:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\birgit\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.09.05 18:57:26 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\mozilla\Firefox\Profiles\wuaw9i8h.default\extensions [2009.12.24 11:05:17 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\birgit\AppData\Roaming\mozilla\Firefox\Profiles\wuaw9i8h.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2009.09.03 17:16:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\birgit\AppData\Roaming\mozilla\Firefox\Profiles\wuaw9i8h.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.08.15 19:24:34 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\birgit\AppData\Roaming\mozilla\Firefox\Profiles\wuaw9i8h.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.06.16 19:49:39 | 000,000,000 | ---D | M] (Messenger Plus Live Toolbar) -- C:\Users\birgit\AppData\Roaming\mozilla\Firefox\Profiles\wuaw9i8h.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761} [2010.07.25 13:08:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\birgit\AppData\Roaming\mozilla\Firefox\Profiles\wuaw9i8h.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.05.17 17:14:38 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\birgit\AppData\Roaming\mozilla\Firefox\Profiles\wuaw9i8h.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} [2010.09.05 16:24:27 | 000,000,950 | ---- | M] () -- C:\Users\birgit\AppData\Roaming\Mozilla\FireFox\Profiles\wuaw9i8h.default\searchplugins\icqplugin-1.xml [2009.06.01 03:30:52 | 000,000,950 | ---- | M] () -- C:\Users\birgit\AppData\Roaming\Mozilla\FireFox\Profiles\wuaw9i8h.default\searchplugins\icqplugin-2.xml [2008.07.10 14:07:28 | 000,000,944 | ---- | M] () -- C:\Users\birgit\AppData\Roaming\Mozilla\FireFox\Profiles\wuaw9i8h.default\searchplugins\icqplugin.xml [2010.05.17 17:14:19 | 000,003,915 | ---- | M] () -- C:\Users\birgit\AppData\Roaming\Mozilla\FireFox\Profiles\wuaw9i8h.default\searchplugins\sweetim.xml [2009.12.24 11:05:24 | 000,001,201 | ---- | M] () -- C:\Users\birgit\AppData\Roaming\Mozilla\FireFox\Profiles\wuaw9i8h.default\searchplugins\winamp-search.xml [2010.05.16 09:48:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010.05.16 09:48:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.05.05 17:49:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010.08.15 18:48:41 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.08.15 18:48:41 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.08.15 18:48:41 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.08.15 18:48:41 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.08.15 18:48:41 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml [2009.04.07 15:59:38 | 000,000,872 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Yahooober31161496.gif [2009.11.03 19:25:12 | 000,000,205 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Yahooober31161496.src O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: ::1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} - No CLSID value found. O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe () O4 - HKLM..\Run: [Acer Tour] File not found O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [PicPick Start] C:\Screenshoots\Picpick\picpick.exe () O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe (CyberLink Corp.) O4 - HKLM..\Run: [PrintArtist] C:\Program Files\Avanquest\Print Artist Platinum\ReminderApp.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe File not found O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [EPSON Stylus DX6000 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe File not found O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe File not found O4 - HKCU..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia) O4 - Startup: C:\Users\birgit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O8 - Extra context menu item: Free YouTube Download - C:\Users\birgit\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\birgit\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Save YouTube Video - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} hxxp://ax.emsisoft.com/asquared.cab (a-squared Scanner) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab) O24 - Desktop WallPaper: C:\Users\birgit\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\birgit\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010.09.04 19:25:01 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\birgit\Desktop\OTL.exe [2010.09.04 18:54:06 | 000,000,000 | ---D | C] -- C:\Users\birgit\AppData\Roaming\Malwarebytes [2010.09.04 18:53:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.09.04 18:53:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.09.04 18:53:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.09.04 18:53:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.09.04 18:52:49 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\ProgramData\mbam-setup.exe [2010.09.02 22:49:31 | 000,000,000 | ---D | C] -- C:\Users\birgit\AppData\Roaming\TrojanHunter [2010.09.02 22:45:41 | 000,000,000 | ---D | C] -- C:\Program Files\TrojanHunter 5.3 [2010.09.02 22:44:19 | 022,489,640 | ---- | C] (Mischel Internet Security ) -- C:\ProgramData\TrojanHunter53Setup.exe [2010.08.22 13:37:51 | 018,088,968 | ---- | C] (DVDVideoSoft Limited. ) -- C:\ProgramData\FreeYouTubeToMp3Converter.exe [2010.08.13 16:38:31 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2010.08.13 16:38:29 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2010.08.13 16:38:29 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2010.08.13 16:38:29 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2010.08.13 16:38:28 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll [2010.08.13 16:38:28 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2010.08.13 16:38:28 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2010.08.13 16:38:27 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2010.08.13 16:38:26 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2010.08.13 16:38:24 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2010.08.13 16:38:23 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2010.08.13 16:38:23 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2010.08.13 16:38:23 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2010.08.13 16:38:23 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2010.08.13 16:38:22 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2010.08.13 16:37:50 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll [2010.08.13 16:37:30 | 002,036,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2010.08.13 16:37:27 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll [2010.08.13 16:37:23 | 003,598,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2010.08.13 16:37:23 | 003,545,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2010.08.10 18:30:21 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualFarm [2010.08.06 20:37:11 | 011,971,973 | ---- | C] (DVDVideoSoft Limited. ) -- C:\ProgramData\FreeVideoToMp3Converter40.exe [2010.08.06 20:03:09 | 000,000,000 | ---D | C] -- C:\Users\birgit\AppData\Local\Deployment [2010.08.06 19:50:03 | 000,000,000 | ---D | C] -- C:\Users\birgit\AppData\Local\Google [2010.05.23 12:57:52 | 007,213,444 | ---- | C] (www.minidvdsoft.com ) -- C:\ProgramData\freedvdcreator.exe [2010.05.22 13:54:22 | 008,062,504 | ---- | C] ( ) -- C:\ProgramData\DVDStyler-1.8.0.3-win32.exe [2010.05.16 13:58:54 | 306,699,456 | ---- | C] (Nero AG) -- C:\ProgramData\multimediasuite-ESD_small-20100412164653105-10.0.13200.nsx.exe [2010.04.17 15:46:40 | 017,776,464 | ---- | C] (pdfforge GbR) -- C:\ProgramData\PDFCreator-0_9_9_setup.exe [2010.03.20 15:58:49 | 003,378,431 | ---- | C] (CoreDownload Free Wallpaper Changer ) -- C:\ProgramData\CoreDownloadFreeWallpaperChangerSetup.exe [2010.02.15 17:29:15 | 003,917,578 | ---- | C] (SCWA-Software ) -- C:\ProgramData\VideoSS.exe [2010.02.06 14:15:26 | 012,109,496 | ---- | C] (ICQ) -- C:\ProgramData\install_icq7.exe [2010.01.24 13:48:19 | 032,047,558 | ---- | C] (Macrovision Corporation) -- C:\ProgramData\JAD8002_BASIC.exe [2010.01.16 14:00:08 | 000,535,576 | ---- | C] (RealNetworks, Inc.) -- C:\ProgramData\RealPlayerSPGold_de.exe [2010.01.01 12:52:26 | 005,176,728 | ---- | C] (Yuna Software) -- C:\ProgramData\MsgPlusLive-483.exe [2009.12.24 10:57:09 | 011,334,424 | ---- | C] (Nullsoft, Inc.) -- C:\ProgramData\winamp5571_full_emusic-7plus_de-de.exe [2009.12.16 21:02:44 | 001,167,688 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\wlsetup-custom.exe [2009.12.06 11:40:58 | 003,184,296 | ---- | C] (Piriform Ltd) -- C:\ProgramData\dfsetup115.exe [2009.12.04 19:08:29 | 002,573,488 | ---- | C] (Karlis Blumentals ) -- C:\ProgramData\scrwon4.exe [2009.11.29 18:22:52 | 007,472,320 | ---- | C] (DVDVideoSoft Limited. ) -- C:\ProgramData\FreeVideoToJPGConverter1.5.1.54.exe [2009.11.19 18:22:56 | 001,067,856 | ---- | C] (Piriform Ltd) -- C:\ProgramData\ccsetup225_slim.exe [2009.11.14 15:39:21 | 001,128,916 | ---- | C] (www.hellopdf.com ) -- C:\ProgramData\pdf2wordsetup.exe [2009.10.26 20:10:17 | 006,113,130 | ---- | C] (InstallShield Software Corporation) -- C:\ProgramData\pci_filerecovery4.exe [2009.10.26 14:21:02 | 015,375,944 | ---- | C] (Any-Video-Converter.com ) -- C:\ProgramData\avc-free.exe [2009.10.03 17:17:53 | 115,904,256 | ---- | C] (Corel Corporation ) -- C:\ProgramData\WinDVDPro2010-TBYB.exe [2009.09.23 17:36:07 | 021,952,661 | ---- | C] (VMesquita ) -- C:\ProgramData\DIKOSetup245.exe [2009.09.21 19:01:09 | 000,073,728 | ---- | C] ( ) -- C:\ProgramData\vdremote.dll [2009.09.21 19:01:09 | 000,069,632 | ---- | C] ( ) -- C:\ProgramData\vdicmdrv.dll [2009.09.21 19:01:09 | 000,069,632 | ---- | C] ( ) -- C:\ProgramData\auxsetup.exe [2009.09.21 19:01:09 | 000,065,536 | ---- | C] ( ) -- C:\ProgramData\vdsvrlnk.dll [2009.09.21 19:01:09 | 000,008,704 | ---- | C] ( ) -- C:\ProgramData\vdub.exe [2009.08.22 14:40:32 | 001,228,240 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\ADBEPHSPCS4_LS4.exe [2009.08.08 19:30:18 | 000,946,119 | ---- | C] (Jodix Technologies Ltd. ) -- C:\ProgramData\free-wma-mp3-converter.exe [2009.07.14 20:20:46 | 000,347,432 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WINWORD.EXE [2009.07.01 18:51:47 | 020,631,848 | ---- | C] (Skype Technologies S.A.) -- C:\ProgramData\SkypeSetupFull.exe [2009.06.16 14:03:56 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\Interop.SHDocVw.dll [2009.01.10 17:36:22 | 016,126,456 | ---- | C] (Macrovision Corporation) -- C:\ProgramData\install_puls4_icq65.exe [2007.05.07 01:07:10 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010.09.05 19:35:17 | 005,242,880 | -HS- | M] () -- C:\Users\birgit\ntuser.dat [2010.09.05 19:12:37 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.09.05 19:12:37 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.09.05 19:12:36 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.09.05 19:12:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.09.05 19:12:28 | 3220,692,992 | -HS- | M] () -- C:\hiberfil.sys [2010.09.05 19:11:30 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.09.05 19:11:28 | 000,524,288 | -HS- | M] () -- C:\Users\birgit\ntuser.dat{c2075e3f-3c6f-11de-8987-001c25881f46}.TMContainer00000000000000000001.regtrans-ms [2010.09.05 19:11:28 | 000,065,536 | -HS- | M] () -- C:\Users\birgit\ntuser.dat{c2075e3f-3c6f-11de-8987-001c25881f46}.TM.blf [2010.09.05 19:10:38 | 004,442,490 | -H-- | M] () -- C:\Users\birgit\AppData\Local\IconCache.db [2010.09.05 19:08:04 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-99989120-414168423-3571821316-1000UA.job [2010.09.04 20:08:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-99989120-414168423-3571821316-1000Core.job [2010.09.04 19:25:05 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\birgit\Desktop\OTL.exe [2010.09.04 18:53:55 | 000,000,782 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.04 18:52:59 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\ProgramData\mbam-setup.exe [2010.09.02 22:45:48 | 000,059,392 | R--- | M] () -- C:\Windows\System32\streamhlp.dll [2010.09.02 22:44:23 | 022,489,640 | ---- | M] (Mischel Internet Security ) -- C:\ProgramData\TrojanHunter53Setup.exe [2010.09.01 18:08:35 | 001,445,116 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.09.01 18:08:35 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.09.01 18:08:35 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.09.01 18:08:35 | 000,126,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.09.01 18:08:35 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.08.28 11:36:37 | 000,001,179 | ---- | M] () -- C:\Users\birgit\Desktop\Free YouTube to MP3 Converter.lnk [2010.08.28 09:53:57 | 000,001,399 | ---- | M] () -- C:\Users\birgit\Desktop\DivX Movies.lnk [2010.08.28 09:53:38 | 000,000,881 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2010.08.25 18:43:50 | 000,159,744 | ---- | M] () -- C:\Users\birgit\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.22 13:39:11 | 000,000,996 | ---- | M] () -- C:\Users\birgit\Desktop\DVDVideoSoft Free Studio.lnk [2010.08.22 13:37:55 | 018,088,968 | ---- | M] (DVDVideoSoft Limited. ) -- C:\ProgramData\FreeYouTubeToMp3Converter.exe [2010.08.21 10:08:28 | 000,002,051 | ---- | M] () -- C:\Users\birgit\Desktop\Google Chrome.lnk [2010.08.14 10:50:53 | 002,333,320 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.08.07 09:41:18 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.08.06 20:37:43 | 011,971,973 | ---- | M] (DVDVideoSoft Limited. ) -- C:\ProgramData\FreeVideoToMp3Converter40.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.09.04 18:53:55 | 000,000,782 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.02 22:45:41 | 000,059,392 | R--- | C] () -- C:\Windows\System32\streamhlp.dll [2010.08.28 11:36:37 | 000,001,179 | ---- | C] () -- C:\Users\birgit\Desktop\Free YouTube to MP3 Converter.lnk [2010.08.09 18:55:24 | 000,000,011 | ---- | C] () -- C:\Users\birgit\AppData\Roaming\NevoSoft Gameslog.txt [2010.08.06 20:04:21 | 000,002,051 | ---- | C] () -- C:\Users\birgit\Desktop\Google Chrome.lnk [2010.08.06 20:03:32 | 000,001,122 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-99989120-414168423-3571821316-1000UA.job [2010.08.06 20:03:31 | 000,001,070 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-99989120-414168423-3571821316-1000Core.job [2010.05.23 11:12:30 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010.05.23 11:08:08 | 008,667,467 | ---- | C] () -- C:\ProgramData\vdm328_free.exe [2010.05.22 11:42:01 | 038,649,247 | ---- | C] () -- C:\ProgramData\FFSetup230.exe [2010.05.16 13:29:29 | 000,256,832 | ---- | C] () -- C:\ProgramData\SoftonicDownloader50481.exe [2010.04.17 15:52:53 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2010.03.20 15:40:48 | 003,932,214 | ---- | C] () -- C:\ProgramData\Wallpaper.bmp [2010.03.20 15:40:39 | 000,000,211 | ---- | C] () -- C:\ProgramData\untitled.wpl [2010.03.20 15:34:19 | 000,034,998 | ---- | C] () -- C:\ProgramData\WPCLogo.bmp [2010.03.20 15:34:19 | 000,015,446 | ---- | C] () -- C:\ProgramData\History.txt [2010.03.20 15:34:19 | 000,010,672 | ---- | C] () -- C:\ProgramData\Readme.txt [2010.03.20 15:34:19 | 000,001,402 | ---- | C] () -- C:\ProgramData\File_id.diz [2010.01.31 12:09:29 | 000,000,156 | ---- | C] () -- C:\Users\birgit\AppData\Roaming\default.rss [2010.01.29 21:00:08 | 034,503,088 | ---- | C] () -- C:\ProgramData\Nokia_PC_Suite_ger_web.exe [2010.01.02 11:34:48 | 000,001,497 | ---- | C] () -- C:\ProgramData\JkDefragGUI.ini [2010.01.02 11:34:07 | 002,575,069 | ---- | C] () -- C:\ProgramData\JkDefragGUI.exe [2010.01.02 11:34:07 | 000,037,170 | ---- | C] () -- C:\ProgramData\ChangeLog.txt [2010.01.02 11:34:07 | 000,001,472 | ---- | C] () -- C:\ProgramData\ReadMeFirst.txt [2009.12.24 11:06:41 | 000,263,115 | ---- | C] () -- C:\ProgramData\Alex7b.wsz [2009.12.04 18:32:52 | 017,363,313 | ---- | C] () -- C:\ProgramData\aol.exe [2009.11.23 19:21:55 | 000,477,527 | ---- | C] () -- C:\ProgramData\DivXInstaller.exe [2009.11.14 15:48:44 | 023,207,088 | ---- | C] () -- C:\ProgramData\PdfGrabber_Setup.exe [2009.11.14 15:27:23 | 000,754,344 | ---- | C] () -- C:\ProgramData\advancedpdf2word_trial.exe [2009.10.26 22:23:45 | 003,267,488 | ---- | C] () -- C:\ProgramData\Pandora211Recovery.exe [2009.10.26 22:17:55 | 000,056,832 | ---- | C] () -- C:\ProgramData\file-recovery-pro-DEMO.exe [2009.10.26 22:17:55 | 000,000,875 | ---- | C] () -- C:\ProgramData\file-recovery-pro-DEMO.ini [2009.10.26 22:17:54 | 011,109,376 | ---- | C] () -- C:\ProgramData\file-recovery-pro-DEMO_German.msi [2009.10.26 22:17:54 | 011,102,720 | ---- | C] () -- C:\ProgramData\file-recovery-pro-DEMO.msi [2009.10.26 22:13:44 | 021,047,280 | ---- | C] () -- C:\ProgramData\file-recovery-pro36-demo.zip [2009.10.10 14:12:51 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2009.10.10 14:09:23 | 012,621,312 | ---- | C] () -- C:\ProgramData\gs870w32.exe [2009.10.10 14:05:10 | 001,720,832 | ---- | C] () -- C:\ProgramData\FreePDF4.02.EXE [2009.10.10 11:49:52 | 000,599,173 | ---- | C] () -- C:\ProgramData\PDFBlenderSetup1.1.2.exe [2009.10.03 17:58:13 | 001,275,896 | ---- | C] () -- C:\ProgramData\setup.exe [2009.10.03 17:30:51 | 000,000,088 | RHS- | C] () -- C:\ProgramData\AD7517B469.sys [2009.10.03 17:30:50 | 000,002,516 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2009.09.29 18:18:31 | 000,000,402 | ---- | C] () -- C:\Users\birgit\AppData\Roaming\wklnhst.dat [2009.09.21 19:01:09 | 000,246,767 | ---- | C] () -- C:\ProgramData\VirtualDub.chm [2009.09.21 19:01:09 | 000,219,510 | ---- | C] () -- C:\ProgramData\VirtualDub.vdi [2009.09.21 19:01:09 | 000,018,321 | ---- | C] () -- C:\ProgramData\copying [2009.09.21 19:01:08 | 002,658,816 | ---- | C] () -- C:\ProgramData\VirtualDub.exe [2009.07.01 18:57:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.06.27 14:58:17 | 076,559,360 | ---- | C] () -- C:\ProgramData\WolfQuest_Win20090606.msi [2009.06.20 15:54:00 | 076,342,784 | ---- | C] () -- C:\ProgramData\WolfQuest_Win20080717.msi [2009.06.16 14:03:58 | 000,053,248 | ---- | C] () -- C:\Windows\System32\dossec.dll [2009.05.21 20:07:42 | 001,048,200 | ---- | C] () -- C:\ProgramData\MoveMediaPlayer_071303000004.exe [2009.04.18 19:32:26 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2009.01.06 15:04:44 | 000,507,904 | ---- | C] () -- C:\ProgramData\pro.exe [2008.12.28 19:19:34 | 004,998,707 | ---- | C] () -- C:\ProgramData\flvplayer_setup.exe [2008.12.25 19:43:22 | 003,659,444 | ---- | C] () -- C:\ProgramData\FileZilla_3.1.3.1_win32-setup.exe [2008.11.22 10:42:54 | 001,471,839 | ---- | C] () -- C:\ProgramData\wrar380d.exe [2008.09.28 15:43:24 | 000,003,688 | ---- | C] () -- C:\Windows\ULEAD32.INI [2008.08.26 19:24:32 | 000,159,744 | ---- | C] () -- C:\Users\birgit\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.06.16 17:35:04 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2008.06.16 17:30:38 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX6000EFDG.ini [2008.05.14 18:12:18 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008.05.14 09:59:10 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini [2008.05.14 09:59:10 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini [2008.05.14 09:30:43 | 000,007,484 | ---- | C] () -- C:\Users\birgit\AppData\Local\d3d9caps.dat [2008.02.04 19:23:10 | 000,693,792 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL [2007.05.07 10:41:16 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2007.05.07 09:22:38 | 000,000,834 | ---- | C] () -- C:\Windows\generic.ini [2007.05.07 09:22:38 | 000,000,132 | ---- | C] () -- C:\Windows\Alaunch.ini [2007.05.07 01:07:10 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll [2007.02.06 23:58:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll [2007.02.06 23:57:58 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll [2007.02.06 23:57:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll [2007.02.06 23:56:30 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll [2007.02.06 23:56:28 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll [2007.02.06 23:52:08 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll [2006.12.25 15:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005.01.19 10:30:54 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_SVXWV4PVSVVVV8N4TFBRVDNPCLPTJBX9Y6LV9TXVVJVFJF5VVJV0 @Alternate Data Stream - 24 bytes -> C:\Windows:28623108D70BB416 @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:1941675B @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:FD444D31 @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:700CD00E @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:3A925163 @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:997E6AF4 @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:79F970BE @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:A94968B5 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:9CB2B6C5 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:51A22C60 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:CBEB737E @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:B83BF1A6 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:6A16A184 @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:4F636E25 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:8EEE3BBB @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:25005EFA @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D2A5A561 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A42A9F39 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:3AE22B1A @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:273A8657 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:128A6DC9 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:E0AE69BE @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:6677D85A @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:3447AB86 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:6A97C459 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:69FD6BF0 @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:E1D818F7 @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:CB0FEE2B @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:22313216 @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A561576B @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:0CC7E693 @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:6BD1DCDD @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:E1F04E8D @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:BE6DC701 @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:77846FFE @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:5216CD26 @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:BAC03849 @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:9446E8B9 @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D88D995C @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:98AE08EA @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:BDF08FAF @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:B14B4A95 @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:87FA5E8A < End of report > |
|
05.09.2010, 18:44
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner_Clicker in sims 2 die Haustiere Du hast jetzt aber keinen Custom-Scan gemacht! Du solltest den o.g. Text benutzen und in OTL für den Custom Scan reinkopieren!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.09.2010, 19:47
| #14 |
| | Trojaner_Clicker in sims 2 die Haustiere OTL Logfile: Code:
ATTFilter OTL logfile created on: 05.09.2010 20:03:56 - Run 3 OTL by OldTimer - Version 3.2.11.0 Folder = C:\Users\birgit\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18943) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 51,00% Memory free 3,00 Gb Paging File | 1,00 Gb Available in Paging File | 48,00% Paging File free Paging file location(s): [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 229,13 Gb Total Space | 120,34 Gb Free Space | 52,52% Space Free | Partition Type: NTFS Drive D: | 228,82 Gb Total Space | 151,62 Gb Free Space | 66,26% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: BIRGIT-PC Current User Name: birgit Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Minimal Quick Scan ========== Processes (SafeList) ========== PRC - C:\Users\birgit\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) PRC - C:\Program Files\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Users\birgit\AppData\Local\Google\Update\1.2.183.29\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia) PRC - C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe (Nokia) PRC - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) PRC - C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) PRC - C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe (Nokia) PRC - C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) PRC - C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe () PRC - C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia) PRC - C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Program Files\Avanquest\Print Artist Platinum\ReminderApp.exe () PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\CDBurnerXP\NMSAccessU.exe () PRC - C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) PRC - C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe (CyberLink Corp.) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe () PRC - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink) PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT) PRC - C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST) PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\SysMonitor.exe () PRC - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (Acer Inc.) PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe () ========== Modules (SafeList) ========== MOD - C:\Users\birgit\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (CLTNetCnService) -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab) SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.) SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (Boonty Games) -- C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe (BOONTY) SRV - (NMSAccessU) -- C:\Program Files\CDBurnerXP\NMSAccessU.exe () SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (Acer HomeMedia Connect Service) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink) SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe (HiTRSUT) SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.) SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe () ========== Driver Services (SafeList) ========== DRV - (USBModem) -- C:\Windows\System32\DRIVERS\lgusbmodem.sys File not found DRV - (UsbDiag) -- C:\Windows\System32\DRIVERS\lgusbdiag.sys File not found DRV - (usbbus) -- C:\Windows\System32\DRIVERS\lgusbbus.sys File not found DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab) DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation) DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab) DRV - (klbg) -- C:\Windows\system32\drivers\klbg.sys (Kaspersky Lab) DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation) DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Program Files\Acer Arcade Live\Acer PlayMovie\000.fcl (Cyberlink Corp.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.) DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell) DRV - (PSDNServ) -- C:\Windows\system32\drivers\PSDNServ.sys (HiTRUST) DRV - (psdvdisk) -- C:\Windows\system32\drivers\psdvdisk.sys (HiTRUST) DRV - (PSDFilter) -- C:\Windows\system32\DRIVERS\psdfilter.sys (HiTRUST) DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys () DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.) DRV - (PID_0928) Labtec WebCam(PID_0928) -- C:\Windows\System32\drivers\LV561AV.SYS (Labtec Inc.) DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Labtec Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SEARCH PAGE = hxxp://de.rd.yahoo.com/customize/ycomp/defaults/sp/*hxxp://de.yahoo.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.) IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.) IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Winamp Search" FF - prefs.js..browser.search.defaulturl: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "chello.at" FF - prefs.js..extensions.enabledItems: dvscontextmenuy@dvdvideosoft.com:1.0 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10 FF - prefs.js..extensions.enabledItems: {0b38152b-1b20-484d-a11f-5e04a9b0661f}:5.6.11.2 FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2 FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.459 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {9b339f6e-ddcd-401b-8764-230adbd01761}:2.6.0.15 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.3.42 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.0.14 FF - prefs.js..keyword.URL: "hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=" FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "chrome://browser-region/locale/region.properties" FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.03.08 18:29:28 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010.07.24 11:03:39 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.15 18:48:47 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.15 18:48:47 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010.05.05 17:47:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010.07.24 11:03:40 | 000,000,000 | ---D | M] [2009.11.28 12:33:47 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\mozilla\Extensions [2009.11.28 12:33:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\birgit\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010.09.05 18:57:26 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\mozilla\Firefox\Profiles\wuaw9i8h.default\extensions [2009.12.24 11:05:17 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\birgit\AppData\Roaming\mozilla\Firefox\Profiles\wuaw9i8h.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f} [2009.09.03 17:16:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\birgit\AppData\Roaming\mozilla\Firefox\Profiles\wuaw9i8h.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.08.15 19:24:34 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\birgit\AppData\Roaming\mozilla\Firefox\Profiles\wuaw9i8h.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2010.06.16 19:49:39 | 000,000,000 | ---D | M] (Messenger Plus Live Toolbar) -- C:\Users\birgit\AppData\Roaming\mozilla\Firefox\Profiles\wuaw9i8h.default\extensions\{9b339f6e-ddcd-401b-8764-230adbd01761} [2010.07.25 13:08:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\birgit\AppData\Roaming\mozilla\Firefox\Profiles\wuaw9i8h.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.05.17 17:14:38 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\birgit\AppData\Roaming\mozilla\Firefox\Profiles\wuaw9i8h.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847} [2010.09.05 16:24:27 | 000,000,950 | ---- | M] () -- C:\Users\birgit\AppData\Roaming\Mozilla\FireFox\Profiles\wuaw9i8h.default\searchplugins\icqplugin-1.xml [2009.06.01 03:30:52 | 000,000,950 | ---- | M] () -- C:\Users\birgit\AppData\Roaming\Mozilla\FireFox\Profiles\wuaw9i8h.default\searchplugins\icqplugin-2.xml [2008.07.10 14:07:28 | 000,000,944 | ---- | M] () -- C:\Users\birgit\AppData\Roaming\Mozilla\FireFox\Profiles\wuaw9i8h.default\searchplugins\icqplugin.xml [2010.05.17 17:14:19 | 000,003,915 | ---- | M] () -- C:\Users\birgit\AppData\Roaming\Mozilla\FireFox\Profiles\wuaw9i8h.default\searchplugins\sweetim.xml [2009.12.24 11:05:24 | 000,001,201 | ---- | M] () -- C:\Users\birgit\AppData\Roaming\Mozilla\FireFox\Profiles\wuaw9i8h.default\searchplugins\winamp-search.xml [2010.05.16 09:48:59 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010.05.16 09:48:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.05.05 17:49:23 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010.08.15 18:48:41 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.08.15 18:48:41 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml [2010.08.15 18:48:41 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.08.15 18:48:41 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.08.15 18:48:41 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml [2009.04.07 15:59:38 | 000,000,872 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Yahooober31161496.gif [2009.11.03 19:25:12 | 000,000,205 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Yahooober31161496.src O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: ::1 localhost O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\System32\ActiveToolBand.dll (HiTRUST) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} - No CLSID value found. O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST) O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe () O4 - HKLM..\Run: [Acer Tour] File not found O4 - HKLM..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (Acer Inc.) O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [NokiaMServer] C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [PicPick Start] C:\Screenshoots\Picpick\picpick.exe () O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Live\Acer PlayMovie\PMVService.exe (CyberLink Corp.) O4 - HKLM..\Run: [PrintArtist] C:\Program Files\Avanquest\Print Artist Platinum\ReminderApp.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe () O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.) O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe File not found O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [EPSON Stylus DX6000 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe File not found O4 - HKCU..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe File not found O4 - HKCU..\Run: [NokiaOviSuite2] C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia) O4 - Startup: C:\Users\birgit\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O8 - Extra context menu item: Free YouTube Download - C:\Users\birgit\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\birgit\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Save YouTube Video - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} hxxp://ax.emsisoft.com/asquared.cab (a-squared Scanner) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\mzvkbd3.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\mzvkbd3.dll (Kaspersky Lab) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2\kloehk.dll) - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll (Kaspersky Lab) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab) O24 - Desktop WallPaper: C:\Users\birgit\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\birgit\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {00547846-E107-B2B9-8EAC-54D8942F5411} - .NET Framework ActiveX: {05417E94-DCF0-49F0-E27A-BF62EA157293} - Java (Sun) ActiveX: {07D2B31F-619B-FFEE-92A6-C33DF4306B00} - Microsoft VM ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {0D4EB94F-CE8A-10DC-467D-7879639C03B9} - Microsoft Windows Media Player ActiveX: {0D75B237-9C39-461B-565A-4C1B6970F8DB} - ActiveX: {116BC773-3A87-AD0A-3809-4ABCABF00C67} - Browser Customizations ActiveX: {21247E7F-0241-759A-7664-1E3CB8989BE3} - Microsoft Windows Media Player 11.0 ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0.3 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0.3 ActiveX: {2BE790CD-9CC7-BE3D-5338-973A1653A507} - Microsoft Windows Media Player ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2D31D9C2-F89A-516A-F57E-FB0BC983478C} - Adobe Shockwave Director 10.4 ActiveX: {3038510F-76D2-2D05-B1D7-8EFE4A0CDA2C} - Internet Explorer ActiveX: {3203C1AC-B780-7CE0-8CAC-C00043B52026} - Browser Customizations ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {67F0B0E4-59EA-2F60-EBEF-3FFC22969554} - ActiveX: {6B5741A4-7F4C-6461-F598-020676DA4AC8} - Microsoft Windows Media Player 11.0 ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {7F48C047-8F18-FDE7-63E4-9B8F3F5CA809} - ActiveX: {85007E83-D9A5-CF63-B44D-3C987AC99137} - .NET Framework ActiveX: {86DAAA1F-4A32-78AA-57DF-A08718E70A08} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {8A19252E-4DE1-DE6D-B654-F547958B5A61} - ActiveX: {8B4A4E43-18EB-EA03-B1EB-C79FB973E3EA} - ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {ABCD9D8B-235A-8D1D-4004-44FA49ED73D4} - Java (Sun) ActiveX: {C4AEA95C-0E22-E14E-13D0-4B935953FEDD} - Microsoft Windows Media Player ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CA8DDEFA-BF63-BD79-87E3-BA726CDE0A37} - Adobe Shockwave Director 11.0.3 ActiveX: {CB086E09-7BB2-CF22-4506-FBED42AE9F87} - ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {D3F337F1-8FB3-44DE-244D-C7650F3F907D} - Adobe Shockwave Director 10.4 ActiveX: {D5CAAD60-96C9-4A7A-CA13-A901F1F09905} - Microsoft Windows Media Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E3B09ADA-1FAF-B4FE-04C4-D58E6DCF83C4} - Adobe Shockwave Director 10.4 ActiveX: {E4931831-DA99-4B50-901E-D5F090610CFE} - Browser Customizations ActiveX: {E57246B4-7612-81BC-0AA9-A793B1FC2779} - Java (Sun) ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.siren - C:\Windows\System32\sirenacm.dll (Microsoft Corporation) Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L) Drivers32: VIDC.I420 - C:\Windows\System32\lvcodec2.dll (Labtec Inc.) Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com) Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 90 Days ========== [2010.09.04 19:25:01 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\birgit\Desktop\OTL.exe [2010.09.04 18:54:06 | 000,000,000 | ---D | C] -- C:\Users\birgit\AppData\Roaming\Malwarebytes [2010.09.04 18:53:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2010.09.04 18:53:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2010.09.04 18:53:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010.09.04 18:53:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010.09.04 18:52:49 | 006,153,648 | ---- | C] (Malwarebytes Corporation ) -- C:\ProgramData\mbam-setup.exe [2010.09.02 22:49:31 | 000,000,000 | ---D | C] -- C:\Users\birgit\AppData\Roaming\TrojanHunter [2010.09.02 22:45:41 | 000,000,000 | ---D | C] -- C:\Program Files\TrojanHunter 5.3 [2010.09.02 22:44:19 | 022,489,640 | ---- | C] (Mischel Internet Security ) -- C:\ProgramData\TrojanHunter53Setup.exe [2010.08.22 13:37:51 | 018,088,968 | ---- | C] (DVDVideoSoft Limited. ) -- C:\ProgramData\FreeYouTubeToMp3Converter.exe [2010.08.10 18:30:21 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualFarm [2010.08.06 20:37:11 | 011,971,973 | ---- | C] (DVDVideoSoft Limited. ) -- C:\ProgramData\FreeVideoToMp3Converter40.exe [2010.08.06 20:03:09 | 000,000,000 | ---D | C] -- C:\Users\birgit\AppData\Local\Deployment [2010.08.06 19:50:03 | 000,000,000 | ---D | C] -- C:\Users\birgit\AppData\Local\Google [2010.07.25 13:08:09 | 000,000,000 | ---D | C] -- C:\Users\birgit\AppData\Roaming\DVDVideoSoftIEHelpers [2010.07.24 11:18:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Nokia [2010.07.24 11:13:21 | 000,000,000 | ---D | C] -- C:\Users\birgit\AppData\Local\Nokia [2010.07.24 11:13:18 | 000,000,000 | ---D | C] -- C:\Users\birgit\AppData\Local\NokiaAccount [2010.07.24 11:03:24 | 000,018,816 | ---- | C] (Nokia) -- C:\Windows\System32\drivers\pccsmcfd.sys [2010.07.24 11:02:16 | 000,000,000 | ---D | C] -- C:\Program Files\PC Connectivity Solution [2010.07.24 10:52:56 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaInstallerCache [2010.07.13 17:41:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Kristanix Games [2010.07.13 17:07:18 | 000,000,000 | ---D | C] -- C:\ProgramData\FarmFrenzy3_Arctica [2010.06.26 11:11:16 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\EA Games [2010.06.26 11:11:16 | 000,000,000 | ---D | C] -- C:\Users\birgit\Documents\EA Games [2010.06.22 18:09:28 | 000,000,000 | ---D | C] -- C:\Users\birgit\AppData\Roaming\Jane s ZOO [2010.06.22 18:08:05 | 000,000,000 | ---D | C] -- C:\Program Files\Realore [2010.06.22 17:28:30 | 000,000,000 | ---D | C] -- C:\Users\birgit\AppData\Roaming\Oberon Janes ZOO [2010.06.22 16:22:09 | 000,000,000 | ---D | C] -- C:\ProgramData\rionix [2010.06.16 19:49:45 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit [2010.06.16 18:38:32 | 000,000,000 | ---D | C] -- C:\Users\birgit\AppData\Roaming\1morebee [2010.06.16 18:34:47 | 000,000,000 | ---D | C] -- C:\Boonty [2010.05.23 12:57:52 | 007,213,444 | ---- | C] (www.minidvdsoft.com ) -- C:\ProgramData\freedvdcreator.exe [2010.05.22 13:54:22 | 008,062,504 | ---- | C] ( ) -- C:\ProgramData\DVDStyler-1.8.0.3-win32.exe [2010.05.16 13:58:54 | 306,699,456 | ---- | C] (Nero AG) -- C:\ProgramData\multimediasuite-ESD_small-20100412164653105-10.0.13200.nsx.exe [2010.04.17 15:46:40 | 017,776,464 | ---- | C] (pdfforge GbR) -- C:\ProgramData\PDFCreator-0_9_9_setup.exe [2010.03.20 15:58:49 | 003,378,431 | ---- | C] (CoreDownload Free Wallpaper Changer ) -- C:\ProgramData\CoreDownloadFreeWallpaperChangerSetup.exe [2010.02.15 17:29:15 | 003,917,578 | ---- | C] (SCWA-Software ) -- C:\ProgramData\VideoSS.exe [2010.02.06 14:15:26 | 012,109,496 | ---- | C] (ICQ) -- C:\ProgramData\install_icq7.exe [2010.01.24 13:48:19 | 032,047,558 | ---- | C] (Macrovision Corporation) -- C:\ProgramData\JAD8002_BASIC.exe [2010.01.16 14:00:08 | 000,535,576 | ---- | C] (RealNetworks, Inc.) -- C:\ProgramData\RealPlayerSPGold_de.exe [2010.01.01 12:52:26 | 005,176,728 | ---- | C] (Yuna Software) -- C:\ProgramData\MsgPlusLive-483.exe [2009.12.24 10:57:09 | 011,334,424 | ---- | C] (Nullsoft, Inc.) -- C:\ProgramData\winamp5571_full_emusic-7plus_de-de.exe [2009.12.16 21:02:44 | 001,167,688 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\wlsetup-custom.exe [2009.12.06 11:40:58 | 003,184,296 | ---- | C] (Piriform Ltd) -- C:\ProgramData\dfsetup115.exe [2009.12.04 19:08:29 | 002,573,488 | ---- | C] (Karlis Blumentals ) -- C:\ProgramData\scrwon4.exe [2009.11.29 18:22:52 | 007,472,320 | ---- | C] (DVDVideoSoft Limited. ) -- C:\ProgramData\FreeVideoToJPGConverter1.5.1.54.exe [2009.11.19 18:22:56 | 001,067,856 | ---- | C] (Piriform Ltd) -- C:\ProgramData\ccsetup225_slim.exe [2009.11.14 15:39:21 | 001,128,916 | ---- | C] (www.hellopdf.com ) -- C:\ProgramData\pdf2wordsetup.exe [2009.10.26 20:10:17 | 006,113,130 | ---- | C] (InstallShield Software Corporation) -- C:\ProgramData\pci_filerecovery4.exe [2009.10.26 14:21:02 | 015,375,944 | ---- | C] (Any-Video-Converter.com ) -- C:\ProgramData\avc-free.exe [2009.10.03 17:17:53 | 115,904,256 | ---- | C] (Corel Corporation ) -- C:\ProgramData\WinDVDPro2010-TBYB.exe [2009.09.23 17:36:07 | 021,952,661 | ---- | C] (VMesquita ) -- C:\ProgramData\DIKOSetup245.exe [2009.09.21 19:01:09 | 000,073,728 | ---- | C] ( ) -- C:\ProgramData\vdremote.dll [2009.09.21 19:01:09 | 000,069,632 | ---- | C] ( ) -- C:\ProgramData\vdicmdrv.dll [2009.09.21 19:01:09 | 000,069,632 | ---- | C] ( ) -- C:\ProgramData\auxsetup.exe [2009.09.21 19:01:09 | 000,065,536 | ---- | C] ( ) -- C:\ProgramData\vdsvrlnk.dll [2009.09.21 19:01:09 | 000,008,704 | ---- | C] ( ) -- C:\ProgramData\vdub.exe [2009.08.22 14:40:32 | 001,228,240 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\ADBEPHSPCS4_LS4.exe [2009.08.08 19:30:18 | 000,946,119 | ---- | C] (Jodix Technologies Ltd. ) -- C:\ProgramData\free-wma-mp3-converter.exe [2009.07.14 20:20:46 | 000,347,432 | ---- | C] (Microsoft Corporation) -- C:\Program Files\WINWORD.EXE [2009.07.01 18:51:47 | 020,631,848 | ---- | C] (Skype Technologies S.A.) -- C:\ProgramData\SkypeSetupFull.exe [2009.06.16 14:03:56 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\Interop.SHDocVw.dll [2009.01.10 17:36:22 | 016,126,456 | ---- | C] (Macrovision Corporation) -- C:\ProgramData\install_puls4_icq65.exe [2007.05.07 01:07:10 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 90 Days ========== [2010.09.05 20:13:36 | 005,242,880 | -HS- | M] () -- C:\Users\birgit\ntuser.dat [2010.09.05 20:08:01 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-99989120-414168423-3571821316-1000UA.job [2010.09.05 20:08:01 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-99989120-414168423-3571821316-1000Core.job [2010.09.05 19:57:48 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010.09.05 19:57:48 | 000,003,296 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010.09.05 19:57:45 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010.09.05 19:57:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010.09.05 19:57:36 | 3220,692,992 | -HS- | M] () -- C:\hiberfil.sys [2010.09.05 19:11:30 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2010.09.05 19:11:28 | 000,524,288 | -HS- | M] () -- C:\Users\birgit\ntuser.dat{c2075e3f-3c6f-11de-8987-001c25881f46}.TMContainer00000000000000000001.regtrans-ms [2010.09.05 19:11:28 | 000,065,536 | -HS- | M] () -- C:\Users\birgit\ntuser.dat{c2075e3f-3c6f-11de-8987-001c25881f46}.TM.blf [2010.09.05 19:10:38 | 004,442,490 | -H-- | M] () -- C:\Users\birgit\AppData\Local\IconCache.db [2010.09.04 19:25:05 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\birgit\Desktop\OTL.exe [2010.09.04 18:53:55 | 000,000,782 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.04 18:52:59 | 006,153,648 | ---- | M] (Malwarebytes Corporation ) -- C:\ProgramData\mbam-setup.exe [2010.09.02 22:45:48 | 000,059,392 | R--- | M] () -- C:\Windows\System32\streamhlp.dll [2010.09.02 22:44:23 | 022,489,640 | ---- | M] (Mischel Internet Security ) -- C:\ProgramData\TrojanHunter53Setup.exe [2010.09.01 18:08:35 | 001,445,116 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010.09.01 18:08:35 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010.09.01 18:08:35 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010.09.01 18:08:35 | 000,126,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010.09.01 18:08:35 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010.08.28 11:36:37 | 000,001,179 | ---- | M] () -- C:\Users\birgit\Desktop\Free YouTube to MP3 Converter.lnk [2010.08.28 09:53:57 | 000,001,399 | ---- | M] () -- C:\Users\birgit\Desktop\DivX Movies.lnk [2010.08.28 09:53:38 | 000,000,881 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk [2010.08.25 18:43:50 | 000,159,744 | ---- | M] () -- C:\Users\birgit\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.08.22 13:39:11 | 000,000,996 | ---- | M] () -- C:\Users\birgit\Desktop\DVDVideoSoft Free Studio.lnk [2010.08.22 13:37:55 | 018,088,968 | ---- | M] (DVDVideoSoft Limited. ) -- C:\ProgramData\FreeYouTubeToMp3Converter.exe [2010.08.21 10:08:28 | 000,002,051 | ---- | M] () -- C:\Users\birgit\Desktop\Google Chrome.lnk [2010.08.14 10:50:53 | 002,333,320 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2010.08.07 09:41:18 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010.08.06 20:37:43 | 011,971,973 | ---- | M] (DVDVideoSoft Limited. ) -- C:\ProgramData\FreeVideoToMp3Converter40.exe [2010.07.31 12:19:04 | 000,113,933 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat [2010.07.31 12:19:04 | 000,097,549 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat [2010.07.24 11:11:38 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf [2010.07.24 11:07:44 | 000,000,000 | -H-- | M] () -- C:\Windows\wusa.lock [2010.07.24 11:07:07 | 000,001,892 | ---- | M] () -- C:\Users\Public\Desktop\Nokia Ovi Suite.lnk [2010.07.01 15:48:59 | 000,002,056 | ---- | M] () -- C:\Users\Public\Desktop\Die Sims™ 2 Apartment-Leben.lnk [2010.07.01 15:48:59 | 000,001,138 | ---- | M] () -- C:\Users\Public\Desktop\www.thesims3.com.lnk [2010.06.26 11:14:19 | 000,001,977 | ---- | M] () -- C:\Users\Public\Desktop\Die Sims™ 2 Haustiere.lnk [2010.06.16 18:37:41 | 000,000,178 | ---- | M] () -- C:\Users\Public\Desktop\ Download-Spiele.url [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2010.09.04 18:53:55 | 000,000,782 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010.09.02 22:45:41 | 000,059,392 | R--- | C] () -- C:\Windows\System32\streamhlp.dll [2010.08.28 11:36:37 | 000,001,179 | ---- | C] () -- C:\Users\birgit\Desktop\Free YouTube to MP3 Converter.lnk [2010.08.09 18:55:24 | 000,000,011 | ---- | C] () -- C:\Users\birgit\AppData\Roaming\NevoSoft Gameslog.txt [2010.08.06 20:04:21 | 000,002,051 | ---- | C] () -- C:\Users\birgit\Desktop\Google Chrome.lnk [2010.08.06 20:03:32 | 000,001,122 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-99989120-414168423-3571821316-1000UA.job [2010.08.06 20:03:31 | 000,001,070 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-99989120-414168423-3571821316-1000Core.job [2010.07.24 11:11:38 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf [2010.07.24 11:07:44 | 000,000,000 | -H-- | C] () -- C:\Windows\wusa.lock [2010.07.24 11:07:07 | 000,001,892 | ---- | C] () -- C:\Users\Public\Desktop\Nokia Ovi Suite.lnk [2010.07.01 15:48:59 | 000,002,056 | ---- | C] () -- C:\Users\Public\Desktop\Die Sims™ 2 Apartment-Leben.lnk [2010.07.01 15:48:59 | 000,001,138 | ---- | C] () -- C:\Users\Public\Desktop\www.thesims3.com.lnk [2010.06.26 11:14:19 | 000,001,977 | ---- | C] () -- C:\Users\Public\Desktop\Die Sims™ 2 Haustiere.lnk [2010.05.23 11:12:30 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll [2010.05.23 11:08:08 | 008,667,467 | ---- | C] () -- C:\ProgramData\vdm328_free.exe [2010.05.22 11:42:01 | 038,649,247 | ---- | C] () -- C:\ProgramData\FFSetup230.exe [2010.05.16 13:29:29 | 000,256,832 | ---- | C] () -- C:\ProgramData\SoftonicDownloader50481.exe [2010.04.17 15:52:53 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2010.03.20 15:40:48 | 003,932,214 | ---- | C] () -- C:\ProgramData\Wallpaper.bmp [2010.03.20 15:40:39 | 000,000,211 | ---- | C] () -- C:\ProgramData\untitled.wpl [2010.03.20 15:34:19 | 000,034,998 | ---- | C] () -- C:\ProgramData\WPCLogo.bmp [2010.03.20 15:34:19 | 000,015,446 | ---- | C] () -- C:\ProgramData\History.txt [2010.03.20 15:34:19 | 000,010,672 | ---- | C] () -- C:\ProgramData\Readme.txt [2010.03.20 15:34:19 | 000,001,402 | ---- | C] () -- C:\ProgramData\File_id.diz [2010.01.31 12:09:29 | 000,000,156 | ---- | C] () -- C:\Users\birgit\AppData\Roaming\default.rss [2010.01.29 21:00:08 | 034,503,088 | ---- | C] () -- C:\ProgramData\Nokia_PC_Suite_ger_web.exe [2010.01.02 11:34:48 | 000,001,497 | ---- | C] () -- C:\ProgramData\JkDefragGUI.ini [2010.01.02 11:34:07 | 002,575,069 | ---- | C] () -- C:\ProgramData\JkDefragGUI.exe [2010.01.02 11:34:07 | 000,037,170 | ---- | C] () -- C:\ProgramData\ChangeLog.txt [2010.01.02 11:34:07 | 000,001,472 | ---- | C] () -- C:\ProgramData\ReadMeFirst.txt [2009.12.24 11:06:41 | 000,263,115 | ---- | C] () -- C:\ProgramData\Alex7b.wsz [2009.12.04 18:32:52 | 017,363,313 | ---- | C] () -- C:\ProgramData\aol.exe [2009.11.23 19:21:55 | 000,477,527 | ---- | C] () -- C:\ProgramData\DivXInstaller.exe [2009.11.14 15:48:44 | 023,207,088 | ---- | C] () -- C:\ProgramData\PdfGrabber_Setup.exe [2009.11.14 15:27:23 | 000,754,344 | ---- | C] () -- C:\ProgramData\advancedpdf2word_trial.exe [2009.10.26 22:23:45 | 003,267,488 | ---- | C] () -- C:\ProgramData\Pandora211Recovery.exe [2009.10.26 22:17:55 | 000,056,832 | ---- | C] () -- C:\ProgramData\file-recovery-pro-DEMO.exe [2009.10.26 22:17:55 | 000,000,875 | ---- | C] () -- C:\ProgramData\file-recovery-pro-DEMO.ini [2009.10.26 22:17:54 | 011,109,376 | ---- | C] () -- C:\ProgramData\file-recovery-pro-DEMO_German.msi [2009.10.26 22:17:54 | 011,102,720 | ---- | C] () -- C:\ProgramData\file-recovery-pro-DEMO.msi [2009.10.26 22:13:44 | 021,047,280 | ---- | C] () -- C:\ProgramData\file-recovery-pro36-demo.zip [2009.10.10 14:12:51 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll [2009.10.10 14:09:23 | 012,621,312 | ---- | C] () -- C:\ProgramData\gs870w32.exe [2009.10.10 14:05:10 | 001,720,832 | ---- | C] () -- C:\ProgramData\FreePDF4.02.EXE [2009.10.10 11:49:52 | 000,599,173 | ---- | C] () -- C:\ProgramData\PDFBlenderSetup1.1.2.exe [2009.10.03 17:58:13 | 001,275,896 | ---- | C] () -- C:\ProgramData\setup.exe [2009.10.03 17:30:51 | 000,000,088 | RHS- | C] () -- C:\ProgramData\AD7517B469.sys [2009.10.03 17:30:50 | 000,002,516 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2009.09.29 18:18:31 | 000,000,402 | ---- | C] () -- C:\Users\birgit\AppData\Roaming\wklnhst.dat [2009.09.21 19:01:09 | 000,246,767 | ---- | C] () -- C:\ProgramData\VirtualDub.chm [2009.09.21 19:01:09 | 000,219,510 | ---- | C] () -- C:\ProgramData\VirtualDub.vdi [2009.09.21 19:01:09 | 000,018,321 | ---- | C] () -- C:\ProgramData\copying [2009.09.21 19:01:08 | 002,658,816 | ---- | C] () -- C:\ProgramData\VirtualDub.exe [2009.07.01 18:57:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2009.06.27 14:58:17 | 076,559,360 | ---- | C] () -- C:\ProgramData\WolfQuest_Win20090606.msi [2009.06.20 15:54:00 | 076,342,784 | ---- | C] () -- C:\ProgramData\WolfQuest_Win20080717.msi [2009.06.16 14:03:58 | 000,053,248 | ---- | C] () -- C:\Windows\System32\dossec.dll [2009.05.21 20:07:42 | 001,048,200 | ---- | C] () -- C:\ProgramData\MoveMediaPlayer_071303000004.exe [2009.04.18 19:32:26 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2009.01.06 15:04:44 | 000,507,904 | ---- | C] () -- C:\ProgramData\pro.exe [2008.12.28 19:19:34 | 004,998,707 | ---- | C] () -- C:\ProgramData\flvplayer_setup.exe [2008.12.25 19:43:22 | 003,659,444 | ---- | C] () -- C:\ProgramData\FileZilla_3.1.3.1_win32-setup.exe [2008.11.22 10:42:54 | 001,471,839 | ---- | C] () -- C:\ProgramData\wrar380d.exe [2008.09.28 15:43:24 | 000,003,688 | ---- | C] () -- C:\Windows\ULEAD32.INI [2008.08.26 19:24:32 | 000,159,744 | ---- | C] () -- C:\Users\birgit\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.06.16 17:35:04 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2008.06.16 17:30:38 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX6000EFDG.ini [2008.05.14 18:12:18 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll [2008.05.14 09:59:10 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini [2008.05.14 09:59:10 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini [2008.05.14 09:30:43 | 000,007,484 | ---- | C] () -- C:\Users\birgit\AppData\Local\d3d9caps.dat [2008.02.04 19:23:10 | 000,693,792 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL [2007.05.07 10:41:16 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll [2007.05.07 09:22:38 | 000,000,834 | ---- | C] () -- C:\Windows\generic.ini [2007.05.07 09:22:38 | 000,000,132 | ---- | C] () -- C:\Windows\Alaunch.ini [2007.05.07 01:07:10 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll [2007.02.06 23:58:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll [2007.02.06 23:57:58 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll [2007.02.06 23:57:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll [2007.02.06 23:56:30 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll [2007.02.06 23:56:28 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll [2007.02.06 23:52:08 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll [2006.12.25 15:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll [2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2005.01.19 10:30:54 | 000,009,255 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll [2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll [2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll [2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll ========== LOP Check ========== [2010.06.16 18:38:32 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\1morebee [2009.06.13 10:38:22 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Anabel [2009.10.26 14:29:47 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Any Video Converter [2009.07.08 18:48:52 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Ashtons Family Resort [2008.10.14 20:12:03 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\BeachPartyCraze [2008.10.04 18:07:01 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Big Fish Games [2008.12.28 16:00:49 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\BloodTies [2009.12.04 19:09:44 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Blumentals [2009.05.06 17:58:13 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Boolat Games [2009.03.08 21:47:24 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Boomzap [2008.09.25 18:01:15 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Canneverbe_Limited [2010.01.24 13:51:23 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\COWON [2009.09.09 17:50:48 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Developer [2010.05.16 13:33:50 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Droppix [2010.08.22 13:39:16 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\DVDVideoSoftIEHelpers [2008.12.27 22:55:36 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\eGames [2009.05.02 10:23:56 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\EleFun Games [2009.01.06 12:52:34 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\EPSON [2008.12.25 20:06:54 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\FileZilla [2009.03.10 19:56:48 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Flood Light Games [2008.12.26 17:45:17 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Gaijin Ent [2009.03.07 16:34:19 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Gamelab [2009.03.10 17:26:28 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Games [2008.11.08 13:44:33 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Go-Go Gourmet Chef of the Year [2009.09.26 12:54:04 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\gtk-2.0 [2010.08.22 12:24:45 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\ICQ [2009.04.19 12:21:24 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\InterVideo [2008.06.18 20:42:11 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Jane s Hotel Family Hero [2010.06.22 18:10:15 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Jane s ZOO [2008.08.30 09:50:14 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Jasc [2009.12.05 17:11:57 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\LG Electronics [2008.12.14 19:22:06 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Meridian93 [2009.07.30 19:37:02 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Miranda [2009.10.04 09:23:00 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Movienizer [2010.05.22 15:27:31 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\muvee Technologies [2008.06.01 15:37:28 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\MysteryStudio [2010.08.09 18:55:24 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\NevoSoft Games [2010.07.24 11:19:11 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Nokia [2010.01.06 22:28:54 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\oberon [2009.02.19 12:35:21 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Oberon Games [2010.06.22 17:33:24 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Oberon Janes ZOO [2008.09.14 10:21:59 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\OpenOffice.org [2010.01.27 19:09:11 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Opera [2009.10.26 22:24:13 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\PandoraRecovery [2010.07.23 18:34:43 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\PC Suite [2008.12.27 11:10:59 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Pirateville [2009.11.14 16:20:48 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\PixelPlanet [2010.01.20 20:14:41 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\PlayFirst [2010.04.03 16:04:30 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\SPIL Games [2009.09.29 18:18:35 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Template [2009.11.28 12:33:45 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Thunderbird [2010.09.02 22:49:31 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\TrojanHunter [2008.08.26 19:23:57 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\TrueCrypt [2008.12.13 16:47:06 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Valusoft [2010.05.23 11:13:47 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Video DVD Maker FREE [2009.03.08 21:23:03 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\ViquaSoft [2009.02.20 16:41:11 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Wildlife Park 2 - Abenteuer auf der Ranch [2009.02.20 23:02:23 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Wildlife Park 2 - Crazy Zoo [2009.02.20 22:22:38 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Wildlife Park 2 - Marine World [2010.04.03 16:04:40 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\YoudaGames [2010.08.10 18:30:18 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Zylom [2010.09.05 19:11:33 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.06.16 18:38:32 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\1morebee [2009.12.06 16:32:33 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Adobe [2008.05.27 19:32:09 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\AdobeUM [2009.06.13 10:38:22 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Anabel [2009.10.26 14:29:47 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Any Video Converter [2009.04.11 09:24:43 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Apple Computer [2009.07.08 18:48:52 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Ashtons Family Resort [2008.05.14 10:05:09 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\ATI [2008.10.14 20:12:03 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\BeachPartyCraze [2008.10.04 18:07:01 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Big Fish Games [2008.05.31 09:03:15 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\BigFish [2008.12.28 16:00:49 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\BloodTies [2009.12.04 19:09:44 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Blumentals [2009.05.06 17:58:13 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Boolat Games [2009.03.08 21:47:24 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Boomzap [2008.09.25 18:01:15 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Canneverbe_Limited [2009.10.03 17:33:36 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Corel [2010.01.24 13:51:23 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\COWON [2010.06.03 10:56:23 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\CyberLink [2009.09.09 17:50:48 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Developer [2010.06.04 16:31:01 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\DivX [2009.08.22 15:45:11 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Download Manager [2010.05.16 13:33:50 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Droppix [2010.08.26 19:09:02 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\dvdcss [2010.08.22 13:39:16 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\DVDVideoSoftIEHelpers [2008.12.27 22:55:36 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\eGames [2009.05.02 10:23:56 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\EleFun Games [2009.01.06 12:52:34 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\EPSON [2008.12.25 20:06:54 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\FileZilla [2009.03.10 19:56:48 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Flood Light Games [2008.12.26 17:45:17 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Gaijin Ent [2009.03.07 16:34:19 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Gamelab [2009.03.10 17:26:28 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Games [2008.11.08 13:44:33 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Go-Go Gourmet Chef of the Year [2009.09.26 12:54:04 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\gtk-2.0 [2010.08.22 12:24:45 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\ICQ [2010.08.10 18:30:19 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Identities [2008.05.21 19:53:33 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\InstallShield [2009.04.19 12:21:24 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\InterVideo [2008.06.18 20:42:11 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Jane s Hotel Family Hero [2010.06.22 18:10:15 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Jane s ZOO [2008.08.30 09:50:14 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Jasc [2009.12.05 17:11:57 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\LG Electronics [2008.05.31 15:39:26 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Macromedia [2010.09.04 18:54:06 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Malwarebytes [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Media Center Programs [2010.05.23 12:53:30 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Media Player Classic [2008.12.14 19:22:06 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Meridian93 [2010.08.14 11:16:28 | 000,000,000 | --SD | M] -- C:\Users\birgit\AppData\Roaming\Microsoft [2008.09.20 14:49:38 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Microsoft Games [2009.07.30 19:37:02 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Miranda [2009.05.21 20:07:50 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Move Networks [2009.10.04 09:23:00 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Movienizer [2009.11.19 18:34:30 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Mozilla [2010.05.22 15:27:31 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\muvee Technologies [2008.06.01 15:37:28 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\MysteryStudio [2008.09.09 21:55:50 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\NCH Software [2010.05.16 15:09:15 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Nero [2010.08.09 18:55:24 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\NevoSoft Games [2010.07.24 11:19:11 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Nokia [2010.01.06 22:28:54 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\oberon [2009.02.19 12:35:21 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Oberon Games [2010.06.22 17:33:24 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Oberon Janes ZOO [2008.09.14 10:21:59 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\OpenOffice.org [2010.01.27 19:09:11 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Opera [2009.10.26 22:24:13 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\PandoraRecovery [2010.07.23 18:34:43 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\PC Suite [2008.12.27 11:10:59 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Pirateville [2009.11.14 16:20:48 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\PixelPlanet [2010.01.20 20:14:41 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\PlayFirst [2010.03.08 18:30:27 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Real [2008.12.14 14:41:17 | 000,000,000 | RH-D | M] -- C:\Users\birgit\AppData\Roaming\SecuROM [2009.10.08 18:43:07 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\skypePM [2010.04.03 16:04:30 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\SPIL Games [2009.09.29 18:18:35 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Template [2009.11.28 12:33:45 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Thunderbird [2010.09.02 22:49:31 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\TrojanHunter [2008.08.26 19:23:57 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\TrueCrypt [2008.12.13 16:47:06 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Valusoft [2010.05.23 11:13:47 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Video DVD Maker FREE [2009.03.08 21:23:03 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\ViquaSoft [2009.04.09 18:49:17 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\vlc [2009.02.20 16:41:11 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Wildlife Park 2 - Abenteuer auf der Ranch [2009.02.20 23:02:23 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Wildlife Park 2 - Crazy Zoo [2009.02.20 22:22:38 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Wildlife Park 2 - Marine World [2008.11.22 10:46:01 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\WinRAR [2010.04.03 16:04:40 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\YoudaGames [2010.08.10 18:30:18 | 000,000,000 | ---D | M] -- C:\Users\birgit\AppData\Roaming\Zylom < %APPDATA%\*.exe /s > [2008.05.29 08:03:08 | 000,037,176 | ---- | M] () -- C:\Users\birgit\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2009.10.26 22:19:03 | 000,590,336 | R--- | M] () -- C:\Users\birgit\AppData\Roaming\Microsoft\Installer\{0B45E11E-F9F2-4CC7-821A-BB1957EE14D4}\Icon0B45E11E.exe [2009.02.12 20:37:34 | 000,097,144 | ---- | M] () -- C:\Users\birgit\AppData\Roaming\Move Networks\ie_bin\MovePlayerUpgrade.exe [2009.05.21 20:07:50 | 000,034,062 | ---- | M] () -- C:\Users\birgit\AppData\Roaming\Move Networks\ie_bin\Uninst.exe [2007.08.29 16:36:06 | 000,167,424 | ---- | M] () -- C:\Users\birgit\AppData\Roaming\NCH Software\Components\aacdec\aacdec.exe [2007.08.29 16:36:00 | 000,110,592 | ---- | M] () -- C:\Users\birgit\AppData\Roaming\NCH Software\Components\mp3el\mp3enc.exe [2010.03.03 18:20:08 | 000,443,912 | ---- | M] (RealNetworks, Inc.) -- C:\Users\birgit\AppData\Roaming\Real\Update\setup3.10\setup.exe [2010.03.04 18:06:21 | 000,079,368 | ---- | M] (RealNetworks, Inc.) -- C:\Users\birgit\AppData\Roaming\Real\Update\setup3.10\RUP\vista.exe [2010.05.29 18:11:58 | 000,443,912 | ---- | M] (RealNetworks, Inc.) -- C:\Users\birgit\AppData\Roaming\Real\Update\setup3.11\setup.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.19 09:42:25 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: AHCIX86S.SYS > [2006.08.14 12:27:02 | 000,117,760 | ---- | M] (ATI Technologies Inc.) MD5=6241F2C3073FEAB1EB1BCEE7EEE7A95A -- C:\DRV\VGA_ATI_836\Packages\Drivers\SBDrv\SB6xx\RAID\LH\ahcix86s.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.19 09:41:30 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.05.17 09:45:41 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008.05.17 09:45:41 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008.05.17 09:45:40 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTORV.SYS > [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.19 09:42:51 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\System32\netlogon.dll [2008.01.19 09:35:36 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.19 09:42:09 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\System32\scecli.dll [2008.01.19 09:36:19 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2008.05.14 09:35:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=63B4F59D7C89B1BF5277F1FFEFD491CD -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16438_none_cb39bc5b7047127e\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll [2008.05.14 09:35:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=9D9F061EDA75425FC67F0365E3467C86 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20537_none_cbc258dc896598f1\user32.dll [2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2008.01.19 09:36:46 | 000,627,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll < MD5 for: USERINIT.EXE > [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.19 09:33:33 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: WINLOGON.EXE > [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\SoftwareDistribution\Download\cd2b15b1a90e884578188440a1660b12\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\System32\winlogon.exe [2008.01.19 09:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.19 07:56:49 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006.11.02 12:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006.11.02 12:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2007.07.27 23:26:40 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) Unable to obtain MD5 -- C:\Windows\System32\ATIDEMGX.dll [2009.06.16 14:03:58 | 000,053,248 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\dossec.dll [2009.03.08 13:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll [2009.03.08 13:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll [2009.06.16 14:03:56 | 000,126,976 | ---- | M] ( ) Unable to obtain MD5 -- C:\Windows\System32\Interop.SHDocVw.dll [2008.01.19 09:35:15 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\msvbvm60.dll [2008.01.19 09:38:03 | 000,242,744 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll [2008.01.19 09:36:10 | 000,225,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll ========== Alternate Data Streams ========== @Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_SVXWV4PVSVVVV8N4TFBRVDNPCLPTJBX9Y6LV9TXVVJVFJF5VVJV0 @Alternate Data Stream - 24 bytes -> C:\Windows:28623108D70BB416 @Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:1941675B @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:FD444D31 @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:700CD00E @Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:3A925163 @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:997E6AF4 @Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:79F970BE @Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:A94968B5 @Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:9CB2B6C5 @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:51A22C60 @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:CBEB737E @Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:B83BF1A6 @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:6A16A184 @Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:4F636E25 @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:8EEE3BBB @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:25005EFA @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D2A5A561 @Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A42A9F39 @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:3AE22B1A @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:273A8657 @Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:128A6DC9 @Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:E0AE69BE @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:6677D85A @Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:3447AB86 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:6A97C459 @Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:69FD6BF0 @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:E1D818F7 @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:CB0FEE2B @Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:22313216 @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A561576B @Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:0CC7E693 @Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:6BD1DCDD @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:E1F04E8D @Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:BE6DC701 @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:77846FFE @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:5216CD26 @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:BAC03849 @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:9446E8B9 @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D88D995C @Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:98AE08EA @Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:BDF08FAF @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:B14B4A95 @Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:87FA5E8A < End of report > |
|
05.09.2010, 19:58
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner_Clicker in sims 2 die Haustiere Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a} - No CLSID value found.
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe ()
O4 - HKLM..\Run: [Acer Tour] File not found
@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_SVXWV4PVSVVVV8N4TFBRVDNPCLPTJBX9Y6LV9TXVVJVFJF5VVJV0
@Alternate Data Stream - 24 bytes -> C:\Windows:28623108D70BB416
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:1941675B
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:FD444D31
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:700CD00E
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:3A925163
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:997E6AF4
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:79F970BE
@Alternate Data Stream - 142 bytes -> C:\ProgramData\TEMP:A94968B5
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:9CB2B6C5
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:51A22C60
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:CBEB737E
@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:B83BF1A6
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:6A16A184
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:4F636E25
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:8EEE3BBB
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:25005EFA
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:D2A5A561
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:A42A9F39
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:3AE22B1A
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:273A8657
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:128A6DC9
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:E0AE69BE
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:6677D85A
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:3447AB86
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:6A97C459
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:69FD6BF0
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:E1D818F7
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:CB0FEE2B
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:22313216
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:A561576B
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:0CC7E693
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:6BD1DCDD
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:E1F04E8D
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:BE6DC701
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:77846FFE
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:5216CD26
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:BAC03849
@Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:9446E8B9
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D88D995C
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:98AE08EA
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:BDF08FAF
@Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:B14B4A95
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:87FA5E8A
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Trojaner_Clicker in sims 2 die Haustiere |
| bericht, direkt, fehlermeldung, folge, freundin, hochfahren, kommts, komplett, kostenlose, löschen, maleware, meldet, meldung, neu, nicht gefunden, nichts, norton, plötzlich, problem, programme, scannen, scherz, security, trojaner, trojaner nicht gefunden, version, wirklich |
Textbox.
.
Linear-Darstellung
