Trojaner: dropper generic 2

miKkii · 24.12.2010, 17:33

Hallo,

Habe eine Meldung bekommen das ich das habe, kenne mich wenig aus mit allen,daher melde ich mich auch hier. Werde versuchen alles so zu machen wie ihr es haben wollts bzw. wie ich euch das alles erleichtere.

PHP-Code:

  OTL Extras logfile created on: 24.12.2010 17:09:21 - Run 1

OTL by OldTimer - Version 3.2.18.0     Folder = C:\Users\miKkii\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18999)

Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 39,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 62,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 69,77 Gb Total Space | 10,25 Gb Free Space | 14,69% Space Free | Partition Type: NTFS

Drive D: | 69,52 Gb Total Space | 61,61 Gb Free Space | 88,63% Space Free | Partition Type: NTFS

 

Computer Name: MIKKII-PC | User Name: miKkii | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

 

 

[color=#E56717]========== File Associations ==========[/color]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 

[color=#E56717]========== Shell Spawning ==========[/color]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 

[color=#E56717]========== Security Center Settings ==========[/color]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 

[color=#E56717]========== Firewall Settings ==========[/color]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:UPnP System

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:UPnP System

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:UPnP System

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:UPnP System

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[color=#E56717]========== Authorized Applications List ==========[/color]

 

 

[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{6C8BDA1C-C7C2-43AD-9901-9831E4D2C181}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 

"{791DA2F5-5A8C-492A-930D-7946599D9D2D}" = lport=2869 | protocol=6 | dir=in | app=system | 

 

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{477922EA-D32B-427F-946B-449221714A51}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | 

"{47BC43CE-1E73-4F6A-A27B-30F5EB67C126}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{5A8AD822-A77B-4A4A-A74E-F60164019127}" = dir=in | app=c:\program files\avg\avg9\avgupd.exe | 

"{6808CB70-1C91-4C6B-957B-06E1C39FFC30}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 

"{770B3F89-CF8D-46EA-900C-4147AD562DAC}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 

"{81534665-8CD4-4CA7-B38F-E728533C1128}" = dir=in | app=c:\program files\avg\avg9\avgnsx.exe | 

"{AEC60AF0-B252-4FB5-8BC8-80EAC90CD097}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | 

"{B0935283-F3B2-4E8C-8B1E-F6303FCEDC61}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{B74E8B61-1016-4BBA-8379-AF17744CF776}" = dir=in | app=c:\program files\avg\avg9\avgemc.exe | 

"{D5F8181F-F033-414B-BD0D-B9AA3F2A0F13}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 

"TCP Query User{149591D0-C9CF-4FB9-A56D-296EC0945318}C:\program files\play2p\play2p.exe" = protocol=6 | dir=in | app=c:\program files\play2p\play2p.exe | 

"TCP Query User{22148936-481D-472B-8B22-F9DC1B921D69}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 

"TCP Query User{24927C96-DE49-4D78-83F0-2877BA7B057D}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 

"TCP Query User{517C7225-AE69-48F0-AB12-02D13EB8FBDB}C:\program files\play2p\play2p.exe" = protocol=6 | dir=in | app=c:\program files\play2p\play2p.exe | 

"TCP Query User{5F56F871-466E-41DA-BA71-1F5BA91F4FE2}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | 

"TCP Query User{68A39045-BD09-40BD-8216-41B95ECEE137}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 

"TCP Query User{9FC79C75-3384-47F0-A5B9-987163206F35}C:\program files\vuze\azureus.exe" = protocol=6 | dir=in | app=c:\program files\vuze\azureus.exe | 

"TCP Query User{D420BE1A-67E6-482E-8BEB-61DC89620B3B}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 

"UDP Query User{04C64539-6BBB-4B8E-A3A2-D7204230EE90}C:\program files\play2p\play2p.exe" = protocol=17 | dir=in | app=c:\program files\play2p\play2p.exe | 

"UDP Query User{5A6A8428-C3AD-4229-905E-8D8777A5F554}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | 

"UDP Query User{60610E6E-7A39-4F1F-81BE-D3564B061231}C:\program files\vuze\azureus.exe" = protocol=17 | dir=in | app=c:\program files\vuze\azureus.exe | 

"UDP Query User{65A88E34-6F2C-435F-A18E-5B78A7B8D66A}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 

"UDP Query User{7357F8A0-18EB-4038-A952-2EDE7EC052C3}C:\program files\play2p\play2p.exe" = protocol=17 | dir=in | app=c:\program files\play2p\play2p.exe | 

"UDP Query User{7E63718F-6DB2-4779-96D2-45ABD1FCB584}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 

"UDP Query User{AD08E542-4BFF-4D00-93BA-D1974BBFB552}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 

"UDP Query User{FF518478-E89C-4B2D-ABAD-026807080E68}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe | 

 

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"_{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}" = Corel Painter Essentials 3

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}" = Corel Painter Essentials 3

"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In

"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management

"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12

"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II

"{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3

"{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 23

"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros for Acer Driver v7.3.1.73_Foxconn Installation Program

"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie

"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component

"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker

"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger

"{49B6F667-76EB-4E9D-ACD2-84B7437901C0}" = LG PC Suite II

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack

"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent

"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management

"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053

"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar

"{760B29F2-8663-419B-A025-5A55066E130B}" = Ulead Photo Express 6

 
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync

"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.6.12.174c

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1

"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable

"{A87B11AC-4344-4E5D-8B12-8F471A87DAD9}" = LightScribe  1.4.136.1

"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress

"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support

"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology

"{AC76BA86-7AD7-1031-7B44-A94000000001}" = Adobe Reader 9.4.1 - Deutsch

"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9

"{AEEAE013-92F1-4515-B278-139F1A692A36}" = Acer eDataSecurity Management

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management

"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver

"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management

"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0

"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials

"3GP Video Converter 3" = 3GP Video Converter 3

"AC3Filter" = AC3Filter (remove only)

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Shockwave Player" = Adobe Shockwave Player 11.5

"Agere Systems Soft Modem" = Agere Systems HDA Modem

"AVG9Uninstall" = AVG Free 9.0

"CCleaner" = CCleaner (remove only)

"DivX Setup.divx.com" = DivX-Setup

"DVDFab 6_is1" = DVDFab 6.0.2.0 (June 24, 2009)

"ERUNT_is1" = ERUNT 1.1j

"ExpressBurn" = Express Burn

"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.3

"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 3.2

"Free YouTube Download_is1" = Free YouTube Download 2.3

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.5

"GridVista" = Acer GridVista

"HDMI" = Intel(R) Graphics Media Accelerator Driver

"HijackThis" = HijackThis 2.0.2

"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = Ulead PhotoImpact X3

"InstallShield_{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Messenger Plus! Live" = Messenger Plus! Live

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)

"NSS" = Norton Security Scan

"Pixillion" = Pixillion Image Converter

"RealPlayer 12.0" = RealPlayer

"SUPER ©" = SUPER © Version 2009.bld.36 (June 10, 2009)

"Ulead Photo Express 3.0 SE" = Ulead Photo Express 3.0 SE

"Ultra AVI Converter_is1" = Ultra AVI Converter 4.3.1126

"Uninstall_is1" = Uninstall 1.0.0.1

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinPcapInst" = WinPcap 4.0.2

"WinRAR archiver" = WinRAR

"Xvid_is1" = Xvid 1.2.2 final uninstall

 

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Move Media Player" = Move Media Player

 

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

 

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

 

< End of report >

miKkii · 24.12.2010, 17:34

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 24.12.2010 17:09:21 - Run 1
OTL by OldTimer - Version 3.2.18.0     Folder = C:\Users\miKkii\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18999)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 39,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 62,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69,77 Gb Total Space | 10,25 Gb Free Space | 14,69% Space Free | Partition Type: NTFS
Drive D: | 69,52 Gb Total Space | 61,61 Gb Free Space | 88,63% Space Free | Partition Type: NTFS
 
Computer Name: MIKKII-PC | User Name: miKkii | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010.12.24 17:08:28 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\miKkii\Desktop\OTL.exe
PRC - [2010.11.24 20:23:36 | 002,069,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgtray.exe
PRC - [2010.11.24 20:23:24 | 000,725,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgcsrvx.exe
PRC - [2010.11.10 21:38:53 | 000,233,936 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10l_ActiveX.exe
PRC - [2010.11.02 07:03:13 | 000,638,232 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2010.09.23 19:56:24 | 000,621,920 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgnsx.exe
PRC - [2010.09.01 07:39:18 | 001,164,584 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.07.22 08:06:36 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgemc.exe
PRC - [2010.07.15 19:05:24 | 000,515,424 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgrsx.exe
PRC - [2010.07.15 19:05:18 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgwdsvc.exe
PRC - [2010.07.15 19:05:09 | 001,101,152 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG9\avgchsvx.exe
PRC - [2010.04.04 21:29:34 | 000,040,960 | ---- | M] () -- C:\Programme\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE
PRC - [2010.03.31 19:31:48 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Common Files\Real\Update_OB\realsched.exe
PRC - [2009.08.31 13:25:53 | 000,061,440 | ---- | M] (play2p.com) -- C:\Programme\play2p\play2p.exe
PRC - [2009.08.19 09:32:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2009.08.19 09:32:20 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2009.07.26 15:44:14 | 003,883,840 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe
PRC - [2009.07.13 22:18:12 | 000,071,096 | ---- | M] () -- C:\Programme\CDBurnerXP\NMSAccessU.exe
PRC - [2009.05.19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.09 17:43:28 | 000,323,584 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe
PRC - [2007.12.10 09:23:02 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007.09.10 14:28:18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007.09.06 11:02:04 | 000,393,216 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2007.08.02 20:08:00 | 000,095,504 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Common Files\Ulead Systems\AutoDetector\Monitor.exe
PRC - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe
PRC - [2007.05.22 14:00:04 | 000,753,664 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNMTray.exe
PRC - [2007.05.22 14:00:02 | 000,135,168 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2007.05.16 21:15:22 | 000,163,840 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2007.05.16 17:37:26 | 000,528,384 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2007.04.25 15:34:30 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
PRC - [2007.04.25 15:33:36 | 000,457,216 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
PRC - [2007.03.14 09:52:30 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2006.11.24 11:57:54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
PRC - [2006.10.05 04:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe
PRC - [2005.07.29 14:07:10 | 001,314,816 | ---- | M] (Avocent Inc.) -- C:\Acer\Empowering Technology\admServ.exe
PRC - [1999.07.26 10:37:26 | 000,061,440 | ---- | M] (Ulead Systems, Inc.) -- C:\Programme\Ulead Systems\Ulead Photo Express 3.0 SE\CalCheck.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.12.24 17:08:28 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\miKkii\Desktop\OTL.exe
MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2010.07.15 19:05:23 | 000,012,536 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\System32\avgrsstx.dll
MOD - [2007.05.22 14:00:04 | 000,090,112 | ---- | M] (acer) -- C:\Windows\System32\eNetHook.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\Users\miKkii\AppData\Local\Temp\TFDQZCJT.exe -- (TFDQZCJT)
SRV - File not found [On_Demand | Stopped] -- C:\Users\miKkii\AppData\Local\Temp\QYMHBM.exe -- (QYMHBM)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010.07.22 08:06:36 | 000,921,952 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)
SRV - [2010.07.15 19:05:18 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2009.09.25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.07.13 22:18:12 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Programme\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU)
SRV - [2009.05.19 10:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.12.10 09:23:02 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007.11.06 21:22:26 | 000,092,792 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2007.09.10 14:28:18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2007.05.22 14:00:02 | 000,135,168 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007.05.16 21:15:22 | 000,163,840 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007.04.25 15:34:30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007.03.14 09:52:30 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2006.11.24 11:57:54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2006.10.05 04:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2005.07.29 14:07:10 | 001,314,816 | ---- | M] (Avocent Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\admServ.exe -- (AWService)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - File not found [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pctplsg.sys -- (pctplsg)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010.07.15 19:05:26 | 000,243,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2010.07.15 19:05:10 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010.06.02 18:38:03 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009.07.15 14:30:15 | 000,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2008.06.25 16:33:00 | 002,016,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008.04.19 01:29:00 | 000,894,976 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athrusb.sys -- (athrusb)
DRV - [2008.01.21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 03:23:20 | 000,179,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2008.01.21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007.11.30 14:51:34 | 000,015,392 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2007.11.06 21:22:06 | 000,034,064 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2007.10.01 14:21:08 | 001,129,344 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV - [2007.07.30 21:13:10 | 000,743,424 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007.04.25 15:34:44 | 000,016,680 | ---- | M] (HiTRUST) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PSDNServ.sys -- (PSDNServ)
DRV - [2007.04.25 15:34:40 | 000,060,712 | ---- | M] (HiTRUST) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\psdvdisk.sys -- (psdvdisk)
DRV - [2007.04.25 15:34:38 | 000,020,776 | ---- | M] (HiTRUST) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\psdfilter.sys -- (PSDFilter)
DRV - [2007.03.09 06:56:04 | 001,163,616 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2005.07.19 13:15:14 | 000,011,978 | ---- | M] (OSA Technologies) [Kernel | System | Running] -- C:\Windows\System32\drivers\OsaFsLoc.sys -- (OsaFsLoc)
DRV - [2005.06.30 15:58:24 | 000,007,296 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\osaio.sys -- (osaio)
DRV - [2005.06.24 16:36:16 | 000,039,036 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem)
DRV - [2005.05.26 09:01:36 | 000,038,144 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag)
DRV - [2005.05.26 09:01:18 | 000,021,344 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus)
DRV - [2005.05.02 11:13:42 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETMNT.sys -- (NETMNT)
DRV - [2005.01.14 14:57:16 | 000,004,010 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\osanbm.sys -- (osanbm)
DRV - [2004.06.07 17:32:34 | 000,005,035 | ---- | M] (OSA Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NdisFilt.sys -- (NdisFilt)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://at.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.live.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Searchme"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.searchme.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10615&gct=&gc=1&q="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010.11.24 20:25:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.03.31 19:32:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.12.24 16:14:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.12.24 16:14:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
 
[2009.05.09 14:18:56 | 000,000,000 | ---D | M] -- C:\Users\miKkii\AppData\Roaming\mozilla\Extensions
[2010.11.25 21:49:59 | 000,000,000 | ---D | M] -- C:\Users\miKkii\AppData\Roaming\mozilla\Firefox\Profiles\99cag28i.default\extensions
[2010.05.02 17:01:25 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\miKkii\AppData\Roaming\mozilla\Firefox\Profiles\99cag28i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.02 19:44:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\miKkii\AppData\Roaming\mozilla\Firefox\Profiles\99cag28i.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2009.06.02 22:16:46 | 000,000,681 | ---- | M] () -- C:\Users\miKkii\AppData\Roaming\Mozilla\FireFox\Profiles\99cag28i.default\searchplugins\ask.xml
[2010.12.21 20:57:08 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.06.02 19:35:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.08.29 16:00:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.11.09 10:40:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.21 20:57:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2009.06.18 21:42:43 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions\searchme@searchme.com
[2010.11.12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.11.25 21:38:25 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.11.25 21:38:25 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.11.25 21:38:25 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2009.03.13 10:39:56 | 000,002,494 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\searchme.xml
[2010.11.25 21:38:25 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.11.25 21:38:25 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (no name) - {ee1babcf-cbe2-4c07-8e18-dfe6fc08c30a}  - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O4 - HKLM..\Run: [AutoEJCD_0ACE20FF] C:\Program Files\AutoInstall\ZD1211B_Auto_Install_CD_Only_Gen_0ACE20FF\AutoEJCD.EXE ()
O4 - HKLM..\Run: [AVG9_TRAY] C:\Programme\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (HiTRUST)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Programme\Common Files\Ulead Systems\AutoDetector\Monitor.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -Mozilla\4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident\4.0; Mozilla\4.0 ( File not found
O4 - Startup: C:\Users\miKkii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\miKkii\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/VistaMSNPUpldde-at.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - AppInit_DLLs: (eNetHook.dll) - C:\Windows\System32\eNetHook.dll (acer)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\miKkii\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\miKkii\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{07be4a6c-ba76-11de-9db1-001b38691ace}\Shell - "" = AutoRun
O33 - MountPoints2\{07be4a6c-ba76-11de-9db1-001b38691ace}\Shell\AutoRun\command - "" = F:\LiteAuto.exe -- File not found
O33 - MountPoints2\{08c014ce-3f9b-11de-929b-001b38691ace}\Shell\AutoRun\command - "" = F:\PMB_P.exe -- File not found
O33 - MountPoints2\{49e97699-4020-11df-ac2c-001b38691ace}\Shell - "" = AutoRun
O33 - MountPoints2\{49e97699-4020-11df-ac2c-001b38691ace}\Shell\AutoRun\command - "" = F:\Setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.12.24 17:08:24 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\miKkii\Desktop\OTL.exe
[2010.12.24 16:41:33 | 000,000,000 | ---D | C] -- C:\Users\Public\Desktop\MFtools
[2010.12.21 20:57:03 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.12.21 20:57:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.12.21 20:57:03 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.12.15 20:43:15 | 002,038,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.12.15 20:43:11 | 000,352,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskschd.dll
[2010.12.15 20:43:11 | 000,345,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmicmiplugin.dll
[2010.12.15 20:43:10 | 000,270,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\taskcomp.dll
[2010.12.15 20:43:06 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2010.12.15 20:43:04 | 000,292,352 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.12.15 20:43:03 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.12.15 20:43:03 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.12.15 20:42:58 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.12.15 20:42:56 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.12.15 20:42:55 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.12.15 20:42:55 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.12.15 20:42:55 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.12.15 20:42:55 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.12.15 20:42:54 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.12.15 20:42:54 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.12.15 20:42:54 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.12.15 20:42:54 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.12.15 20:42:54 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.12.15 20:42:54 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.12.15 20:42:53 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.12.15 20:42:53 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.12.15 20:42:53 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.12.15 20:42:53 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010.12.15 20:42:53 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.12.15 20:42:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.11.29 17:38:30 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2010.11.29 17:38:30 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[2009.06.24 12:32:45 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\miKkii\AppData\Roaming\pcouffin.sys
[2009.06.16 13:03:56 | 000,126,976 | ---- | C] ( ) -- C:\Windows\System32\Interop.SHDocVw.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.12.24 17:08:28 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\miKkii\Desktop\OTL.exe
[2010.12.24 16:56:44 | 000,591,320 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.12.24 16:56:42 | 000,623,280 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.12.24 16:56:42 | 000,103,194 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.12.24 16:56:41 | 000,125,378 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.12.24 16:51:55 | 000,004,320 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.12.24 16:51:53 | 000,004,320 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.12.24 16:50:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.12.24 16:50:02 | 2137,014,272 | -HS- | M] () -- C:\hiberfil.sys
[2010.12.24 16:41:36 | 000,050,477 | ---- | M] () -- C:\Users\miKkii\Desktop\defogger.exe
[2010.12.24 16:41:35 | 000,288,107 | ---- | M] () -- C:\Users\miKkii\Desktop\Gmer.zip
[2010.12.24 16:41:00 | 000,472,152 | ---- | M] () -- C:\Users\miKkii\Desktop\Load.exe
[2010.12.24 16:13:46 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.12.24 15:04:23 | 069,305,001 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2010.12.24 09:04:50 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{70F3DFE2-F978-44DB-A638-B671FA9E28E9}.job
[2010.12.20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.12.20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.12.16 22:32:27 | 000,003,284 | ---- | M] () -- C:\Users\miKkii\Dokumente\FB.rtf
[2010.12.16 21:16:29 | 001,668,808 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.12.14 20:55:23 | 000,000,476 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for miKkii.job
[2010.12.11 20:19:20 | 000,000,687 | ---- | M] () -- C:\Users\miKkii\Dokumente\sprüchhhhe.rtf
[2010.12.04 00:04:11 | 000,035,353 | ---- | M] () -- C:\Users\miKkii\Dokumente\JK Kolumne.rtf
[2010.11.29 17:38:30 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2010.11.29 17:38:30 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
 
========== Files Created - No Company Name ==========
 
[2010.12.24 16:41:35 | 000,050,477 | ---- | C] () -- C:\Users\miKkii\Desktop\defogger.exe
[2010.12.24 16:41:34 | 000,288,107 | ---- | C] () -- C:\Users\miKkii\Desktop\Gmer.zip
[2010.12.24 16:40:55 | 000,472,152 | ---- | C] () -- C:\Users\miKkii\Desktop\Load.exe
[2010.12.24 16:13:46 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.12.16 22:32:26 | 000,003,284 | ---- | C] () -- C:\Users\miKkii\Dokumente\FB.rtf
[2010.11.25 23:23:56 | 000,035,353 | ---- | C] () -- C:\Users\miKkii\Dokumente\JK Kolumne.rtf
[2010.03.12 18:55:35 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2010.03.12 18:55:35 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.11.01 12:28:31 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dmcrypto.dll
[2009.11.01 12:26:10 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.11.01 12:26:09 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2009.11.01 12:26:06 | 000,163,840 | ---- | C] () -- C:\Windows\System32\hcwChDB.dll
[2009.11.01 12:25:06 | 000,006,568 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2009.11.01 12:22:59 | 000,066,048 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2009.10.25 19:57:45 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.07.23 14:08:32 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.06.26 20:38:17 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2009.06.24 12:35:46 | 000,001,175 | ---- | C] () -- C:\Users\miKkii\AppData\Roaming\vso_ts_preview.xml
[2009.06.24 12:34:46 | 000,000,034 | ---- | C] () -- C:\Users\miKkii\AppData\Roaming\pcouffin.log
[2009.06.24 12:32:45 | 000,087,608 | ---- | C] () -- C:\Users\miKkii\AppData\Roaming\inst.exe
[2009.06.24 12:32:45 | 000,007,887 | ---- | C] () -- C:\Users\miKkii\AppData\Roaming\pcouffin.cat
[2009.06.24 12:32:45 | 000,001,144 | ---- | C] () -- C:\Users\miKkii\AppData\Roaming\pcouffin.inf
[2009.06.16 13:03:58 | 000,053,248 | ---- | C] () -- C:\Windows\System32\dossec.dll
[2009.06.09 10:25:37 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIMPEG2.dll
[2009.06.09 10:25:37 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIMP3.dll
[2009.06.09 10:25:37 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTICDMK7.dll
[2009.05.03 16:55:21 | 000,000,501 | ---- | C] () -- C:\Windows\ulead32.ini
[2009.04.06 11:38:47 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys
[2009.04.06 11:30:41 | 000,065,536 | ---- | C] () -- C:\Windows\System32\NATTraversal.dll
[2009.04.03 19:07:12 | 000,000,008 | ---- | C] () -- C:\Windows\System32\Desktop_.ini
[2009.04.02 19:12:14 | 000,000,552 | ---- | C] () -- C:\Users\miKkii\AppData\Local\d3d8caps.dat
[2009.04.02 19:09:12 | 000,014,336 | ---- | C] () -- C:\Users\miKkii\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.02 19:03:28 | 000,001,356 | ---- | C] () -- C:\Users\miKkii\AppData\Local\d3d9caps.dat
[2008.06.25 16:34:00 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008.06.25 16:34:00 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008.06.25 16:34:00 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008.06.25 16:34:00 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007.11.06 21:19:28 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2007.04.25 15:33:22 | 000,266,240 | ---- | C] () -- C:\Windows\System32\NotesExtmngr.dll
[2007.04.25 15:32:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\NotesActnMenu.dll
[2007.04.25 15:32:46 | 000,086,016 | ---- | C] () -- C:\Windows\System32\MSNSpook.dll
[2007.04.25 15:31:00 | 000,028,672 | ---- | C] () -- C:\Windows\System32\BatchCrypto.dll
[2007.04.25 15:30:52 | 000,073,728 | ---- | C] () -- C:\Windows\System32\APISlice.dll
[2007.04.25 15:30:44 | 000,063,488 | ---- | C] () -- C:\Windows\System32\ShowErrMsg.dll
[2006.12.25 14:44:48 | 000,022,016 | ---- | C] () -- C:\Windows\System32\MailFormat_U.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.05.02 11:13:42 | 000,009,600 | ---- | C] () -- C:\Windows\System32\drivers\NETMNT.sys
[2001.12.26 14:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll
[2001.09.03 21:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll
[2001.07.30 14:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll
[2001.07.23 20:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll
 
========== LOP Check ==========
 
[2009.04.06 11:33:12 | 000,000,000 | ---D | M] -- C:\Users\miKkii\AppData\Roaming\Acer
[2009.08.31 15:21:05 | 000,000,000 | ---D | M] -- C:\Users\miKkii\AppData\Roaming\Azureus
[2009.08.24 18:42:00 | 000,000,000 | ---D | M] -- C:\Users\miKkii\AppData\Roaming\Canneverbe_Limited
[2009.08.29 16:36:35 | 000,000,000 | ---D | M] -- C:\Users\miKkii\AppData\Roaming\DeepBurner
[2009.07.24 09:49:34 | 000,000,000 | ---D | M] -- C:\Users\miKkii\AppData\Roaming\DeepBurner Pro
[2010.06.02 19:44:00 | 000,000,000 | ---D | M] -- C:\Users\miKkii\AppData\Roaming\DVDVideoSoftIEHelpers
[2009.05.15 16:37:18 | 000,000,000 | ---D | M] -- C:\Users\miKkii\AppData\Roaming\FlySuite
[2009.10.17 00:00:15 | 000,000,000 | ---D | M] -- C:\Users\miKkii\AppData\Roaming\Leadertech
[2009.08.11 16:19:27 | 000,000,000 | ---D | M] -- C:\Users\miKkii\AppData\Roaming\LG Electronics
[2009.09.08 21:22:32 | 000,000,000 | ---D | M] -- C:\Users\miKkii\AppData\Roaming\OpenOffice.org
[2010.12.24 16:52:45 | 000,000,000 | ---D | M] -- C:\Users\miKkii\AppData\Roaming\play2p
[2009.05.15 16:58:31 | 000,000,000 | ---D | M] -- C:\Users\miKkii\AppData\Roaming\Thunderbird
[2009.04.17 07:50:17 | 000,000,000 | ---D | M] -- C:\Users\miKkii\AppData\Roaming\Ulead Systems
[2010.01.20 16:47:23 | 000,000,000 | ---D | M] -- C:\Users\miKkii\AppData\Roaming\Vso
[2010.12.24 16:48:57 | 000,032,582 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.12.24 09:04:50 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{70F3DFE2-F978-44DB-A638-B671FA9E28E9}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 167 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:1CA73D29

< End of report >

--- --- ---

miKkii · 25.12.2010, 19:48

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5363

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

25.12.2010 19:47:34
mbam-log-2010-12-25 (19-47-34).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 140842
Laufzeit: 11 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Trojaner: dropper generic 2

Plagegeister aller Art und deren Bekämpfung: Trojaner: dropper generic 2