Zitat von nici8880
(Beitrag 530018)
mein pc benimmt sich im moment wieder so komisch braucht ewigkeiten bis er richtig hochgefahren ist und bis er mal richtig reagiert dauert es auch ganz lange werde fast verrückt würde mich über eine Auswertung von euch sehr freuen
lg sendet nici8880
OTL Logfile: Code:
OTL logfile created on: 02.06.2010 10:48:05 - Run 3
OTL by OldTimer - Version 3.2.5.3 Folder = C:\Users\nici8880\Downloads
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 47,00% Memory free
10,00 Gb Paging File | 8,00 Gb Available in Paging File | 79,00% Paging File free
Paging file location(s): c:\pagefile.sys 6141 6141 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 581,64 Gb Total Space | 440,32 Gb Free Space | 75,70% Space Free | Partition Type: NTFS
Drive D: | 14,53 Gb Total Space | 1,42 Gb Free Space | 9,79% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: NICI8880-PC
Current User Name: nici8880
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Users\nici8880\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\nici8880\AppData\Local\Temp\OnlineScanner\Anti-Virus\fssm32.exe (F-Secure Corporation)
PRC - C:\Users\nici8880\AppData\Local\Temp\OnlineScanner\Anti-Virus\fsgk32.exe (F-Secure Corporation)
PRC - C:\Users\nici8880\AppData\Local\Temp\fsonlinescanner.exe (F-Secure Corporation)
PRC - C:\Users\nici8880\Downloads\Tralala.exe ()
PRC - C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.)
PRC - C:\Program Files (x86)\IncrediMail\bin\ImApp.exe (IncrediMail, Ltd.)
PRC - C:\Program Files (x86)\Paradiesbar\paradiesbar.exe ()
PRC - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
========== Modules (SafeList) ==========
MOD - C:\Users\nici8880\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\msscript.ocx (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV:64bit: - (SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SRV:64bit: - (osppsvc) -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (BthServ) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
SRV - (TeamViewer5) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2010.03.29 05:42:29 | 000,000,000 | ---D | M]
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
SRV - (cvhsvc) -- C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (MWAgent) -- C:\Program Files (x86)\Common Files\MicroWorld\Agent\MWASER.EXE (MicroWorld Technologies Inc.)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (VSS) -- C:\Windows\SysWOW64\wbem\vss.mof ()
========== Driver Services (SafeList) ==========
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\DRIVERS\klif.sys (Kaspersky Lab)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\Drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\DRIVERS\klim6.sys (Kaspersky Lab)
DRV:64bit: - (phaudlwr) -- C:\Windows\SysNative\DRIVERS\phaudlwr.sys (Philips Applied Technologies)
DRV:64bit: - (KLBG) -- C:\Windows\SysNative\DRIVERS\klbg.sys (Kaspersky Lab)
DRV:64bit: - (gbridge) -- C:\Windows\SysNative\DRIVERS\gbridge64.sys (Gbridge LLC)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\DRIVERS\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\DRIVERS\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (kl1) -- C:\Windows\SysNative\DRIVERS\kl1.sys (Kaspersky Lab)
DRV:64bit: - (bdfsfltr) -- C:\Windows\SysNative\DRIVERS\bdfsfltr.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV:64bit: - (BTHPORT) -- C:\Windows\SysNative\Drivers\BTHport.sys (Microsoft Corporation)
DRV:64bit: - (RFCOMM) Bluetooth-Gerät (RFCOMM-Protokoll-TDI) -- C:\Windows\SysNative\DRIVERS\rfcomm.sys (Microsoft Corporation)
DRV:64bit: - (BthEnum) -- C:\Windows\SysNative\DRIVERS\BthEnum.sys (Microsoft Corporation)
DRV:64bit: - (BTHUSB) -- C:\Windows\SysNative\Drivers\BTHUSB.sys (Microsoft Corporation)
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:64bit: - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\SysNative\drivers\usbaudio.sys (Microsoft Corporation)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation )
DRV:64bit: - (RtNdPt60) -- C:\Windows\SysNative\DRIVERS\RtNdPt60.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (btnetBUs) -- C:\Windows\SysNative\Drivers\btnetBus.sys ()
DRV:64bit: - (UimBus) -- C:\Windows\SysNative\DRIVERS\uimx64.sys (Windows (R) 2000 DDK provider)
DRV:64bit: - (ENTECH64) -- C:\Windows\SysNative\DRIVERS\ENTECH64.sys (EnTech Taiwan)
DRV:64bit: - (SPC1030) USB2.0 PC Camera (SPC1030) -- C:\Windows\SysNative\DRIVERS\spc1030.sys ()
DRV:64bit: - (teamviewervpn) -- C:\Windows\SysNative\DRIVERS\teamviewervpn.sys (TeamViewer GmbH)
DRV:64bit: - (usbvideo) USB-Videogerät (WDM) -- C:\Windows\SysNative\Drivers\usbvideo.sys (Microsoft Corporation)
DRV:64bit: - (BthPan) Bluetooth-Gerät (PAN) -- C:\Windows\SysNative\DRIVERS\bthpan.sys (Microsoft Corporation)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (cpudrv64) -- C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys ()
DRV - (sftplay) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\sftplaylh.sys (Microsoft Corporation)
DRV - (sftvol) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\SftVollh.sys (Microsoft Corporation)
DRV - (sftfs) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\drivers\SftFSlh.sys (Microsoft Corporation)
DRV - (RSUSBSTOR) -- C:\Windows\SysWOW64\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (PCDSRVC{F36B3A4C-F95654BD-06000000}_0) -- c:\Programme\PC-Doctor for Windows\pcdsrvc_x64.pkms (PC-Doctor, Inc.)
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (SPC1030) USB2.0 PC Camera (SPC1030) -- C:\Windows\spc1030.ini ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=93&bd=Presario&pf=cndt
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - Reg Error: Key error. File not found
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 0.0.0.0:80
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.startup.homepage: "hxxp://www.searchqu.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.98
FF - prefs.js..keyword.URL: "hxxp://www.searchqu.com/web?src=ffb&q="
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.05.21 10:09:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.05.28 09:02:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2010.05.25 14:19:00 | 000,000,000 | ---D | M]
[2010.05.21 10:09:11 | 000,000,000 | ---D | M] -- C:\Users\nici8880\AppData\Roaming\mozilla\Extensions
[2010.06.01 20:57:08 | 000,000,000 | ---D | M] -- C:\Users\nici8880\AppData\Roaming\mozilla\Firefox\Profiles\hsb5ds28.default\extensions
[2010.05.22 11:18:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\nici8880\AppData\Roaming\mozilla\Firefox\Profiles\hsb5ds28.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.12 14:01:50 | 000,005,495 | ---- | M] () -- C:\Users\nici8880\AppData\Roaming\Mozilla\FireFox\Profiles\hsb5ds28.default\searchplugins\SearchquWebSearch.xml
[2010.06.01 20:57:08 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010.05.25 09:00:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.05.25 09:00:30 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.12 14:01:50 | 000,005,495 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\SearchquWebSearch.xml
[2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2010.05.25 11:00:40 | 000,394,868 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 13638 more lines...
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\ievkbd.dll (Kaspersky Lab)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKLM..\RunOnce: [removedatamngr] File not found
O4 - HKLM..\RunOnce: [removetoolbar] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\TabbedBrowsing present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 189
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108835
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Advanced\Folder\Hidden\SHOWALL: CheckedValue = 1
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : RF - Formular ausfüllen - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : RF - Formular speichern - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RF - RoboForm-Leiste ein/aus - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 85.216.127.130 82.212.63.122
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\sbhook64.dll (Kaspersky Lab)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\kloehk.dll (Kaspersky Lab)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab)
O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\deskscapes.dll (Stardock Corporation)
O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - Stardock Vista ControlPanel Extension - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll (Stardock)
O22:64bit: - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - StardockDreamController - C:\Program Files (x86)\Stardock\Object Desktop\DeskScapes\DreamControl.dll (Stardock)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2010.06.01 09:05:15 | 000,000,000 | ---- | M] () - C:\Autoexec.bat -- [ NTFS ]
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010.06.02 08:55:11 | 000,085,969 | ---- | C] (GMER) -- C:\Windows\SysWow64\drivers\gmer.sys
[2010.06.02 08:48:07 | 000,000,000 | ---D | C] -- C:\Users\nici8880\AppData\Roaming\SUPERAntiSpyware.com
[2010.06.02 08:48:07 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010.06.02 08:47:30 | 000,000,000 | ---D | C] -- C:\ProgramData\SASCORE
[2010.06.02 08:47:04 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2010.06.02 08:44:18 | 000,000,000 | ---D | C] -- C:\Users\nici8880\AppData\Roaming\EurekaLog
[2010.06.01 23:31:43 | 000,624,640 | ---- | C] (Jan Kolarik & Ondrej Vaverka) -- C:\Windows\Müller® Buttermilch.scr
[2010.06.01 23:31:43 | 000,495,104 | ---- | C] (Jan Kolarik & Ondrej Vaverka) -- C:\Windows\Müller® Buttermilch.exe
[2010.06.01 23:31:42 | 000,000,000 | ---D | C] -- C:\Windows\Müller® Buttermilch Uninstaller
[2010.06.01 09:04:53 | 000,000,000 | ---D | C] -- C:\SMCLPAV
[2010.05.31 15:44:31 | 000,000,000 | ---D | C] -- C:\scc_41
[2010.05.31 15:30:30 | 000,000,000 | ---D | C] -- C:\Users\nici8880\AppData\Roaming\Panda Security
[2010.05.31 15:29:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
[2010.05.28 15:19:29 | 000,000,000 | ---D | C] -- C:\Users\nici8880\Desktop\Schlagerheini präsentiert - WM-Songs 2010
[2010.05.27 09:14:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Searchqu Toolbar
[2010.05.26 19:51:54 | 000,000,000 | ---D | C] -- C:\Users\nici8880\AppData\Roaming\K-Meleon
[2010.05.26 19:51:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Meleon
[2010.05.26 15:30:01 | 000,000,000 | ---D | C] -- C:\Users\nici8880\Desktop\Ich_und_Ich_-_Gute_Reise-DE-2009-MOD
[2010.05.26 12:10:52 | 001,958,944 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2010.05.26 12:10:52 | 001,146,400 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2010.05.26 12:10:52 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2010.05.26 12:10:52 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2010.05.26 12:10:51 | 002,602,016 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2010.05.26 12:10:51 | 000,476,192 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2010.05.26 12:10:51 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2010.05.26 12:10:51 | 000,307,920 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2010.05.26 12:10:49 | 000,330,656 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2010.05.26 11:53:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Publish Data
[2010.05.26 10:18:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Software4u
[2010.05.26 10:18:34 | 000,000,000 | ---D | C] -- C:\Users\nici8880\AppData\Roaming\Software4u
[2010.05.26 10:18:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\S.A.D
[2010.05.26 08:30:46 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ctfmon.exe.backup
[2010.05.25 14:18:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2010.05.25 14:17:02 | 000,353,296 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2010.05.25 13:31:09 | 000,000,000 | ---D | C] -- C:\Users\nici8880\AppData\Roaming\Malwarebytes
[2010.05.25 11:48:54 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW(0)
[2010.05.25 11:14:48 | 000,000,000 | ---D | C] -- C:\Users\nici8880\Documents\My Webcam Recordings
[2010.05.25 10:59:48 | 000,134,656 | ---- | C] (Microsoft Corporation) -- C:\Users\nici8880\Desktop\regedit.exe.back
[2010.05.25 10:51:35 | 000,000,000 | ---D | C] -- C:\Users\nici8880\AppData\Roaming\MessengerDiscovery 2
[2010.05.25 10:51:17 | 000,000,000 | ---D | C] -- C:\ProgramData\MessengerDiscovery 2
[2010.05.25 10:51:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MessengerDiscovery 2
[2010.05.25 09:01:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2010.05.25 09:00:45 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010.05.25 09:00:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010.05.25 09:00:45 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010.05.25 09:00:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2010.05.24 18:46:02 | 000,000,000 | ---D | C] -- C:\Users\nici8880\Desktop\German_Top_100_Single_Charts_17_05_2010
[2010.05.22 10:59:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\F-Secure
[2010.05.22 10:53:57 | 000,000,000 | ---D | C] -- C:\ProgramData\fssg
[2010.05.22 09:12:50 | 000,000,000 | ---D | C] -- C:\Users\nici8880\AppData\Roaming\URSoft
[2010.05.22 09:12:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Your Uninstaller 2010
[2010.05.22 08:13:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Acronis
[2010.05.22 08:13:15 | 000,237,600 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\snman380.sys
[2010.05.22 08:08:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Acronis
[2010.05.21 21:24:20 | 000,000,000 | ---D | C] -- C:\Users\nici8880\Documents\Verlauf
[2010.05.21 13:54:35 | 000,000,000 | ---D | C] -- C:\Users\nici8880\DoctorWeb
[2010.05.21 10:09:03 | 000,000,000 | ---D | C] -- C:\Users\nici8880\AppData\Roaming\Mozilla
[2010.05.20 10:03:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010.05.20 10:03:09 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2010.05.20 10:01:58 | 000,000,000 | ---D | C] -- C:\Users\nici8880\Documents\My Received Files
[2010.05.20 09:54:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FileHippo.com
[2010.05.20 09:34:26 | 000,000,000 | ---D | C] -- C:\Programme\DivX
[2010.05.20 09:33:24 | 000,000,000 | ---D | C] -- C:\ProgramData\DivX
[2010.05.20 09:32:49 | 000,000,000 | ---D | C] -- C:\Users\nici8880\AppData\Local\CrashDumps
[2010.05.20 09:32:04 | 000,000,000 | ---D | C] -- C:\Users\nici8880\AppData\Roaming\DivX
[2010.05.20 08:42:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSECACHE
[2010.05.19 10:28:56 | 032,058,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2010.05.19 09:58:26 | 010,222,080 | ---- | C] (Foxit Corporation) -- C:\Users\nici8880\Desktop\Foxit Reader.exe
[2010.05.19 09:51:36 | 000,499,712 | R--- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp71.dll
[2010.05.18 17:41:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda Security
[2010.05.18 15:19:45 | 000,000,000 | ---D | C] -- C:\Windows\rundll16.exe
[2010.05.18 15:19:45 | 000,000,000 | ---D | C] -- C:\Windows\logo1_.exe
[2010.05.18 15:08:42 | 000,354,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr71.dll
[2010.05.18 15:01:33 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010.05.18 14:37:10 | 000,000,000 | ---D | C] -- C:\!KillBox
[2010.05.18 13:00:53 | 000,000,000 | ---D | C] -- C:\Temp
[2010.05.18 10:21:07 | 000,000,000 | ---D | C] -- C:\Users\nici8880\AppData\Local\GMail Drive
[2010.05.16 18:36:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DrWeb
[2010.05.16 12:29:23 | 000,000,000 | ---D | C] -- C:\Programme\Alwil Software
[2010.05.16 11:27:45 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\N360_BACKUP
[2010.05.16 11:17:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2010.05.16 11:16:41 | 000,000,000 | ---D | C] -- C:\Users\nici8880\AppData\Roaming\Tific
[2010.05.15 23:51:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\make-euros 4.2.1
[2010.05.15 17:19:39 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\ShellExt
[2010.05.15 16:52:22 | 000,000,000 | ---D | C] -- C:\Users\nici8880\Documents\MeineBackups
[2010.05.15 16:35:03 | 001,580,576 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\tdrpm140.sys
[2010.05.15 16:34:30 | 000,880,160 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\timntr.sys
[2010.05.15 16:34:30 | 000,083,488 | ---- | C] (Acronis) -- C:\Windows\SysNative\drivers\tifsfilt.sys
[2010.05.12 21:33:56 | 000,000,000 | ---D | C] -- C:\Users\nici8880\Documents\Backups
[2010.05.12 18:56:27 | 000,000,000 | ---D | C] -- C:\Users\nici8880\Documents\IM
[2010.05.12 18:33:59 | 000,000,000 | ---D | C] -- C:\Programme\Philips
[2010.05.12 18:33:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SPC1030NC
[2010.05.12 18:33:53 | 000,000,000 | ---D | C] -- C:\Windows\Philips
[2010.05.06 18:44:53 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2010.05.06 16:34:31 | 000,000,000 | ---D | C] -- C:\Users\nici8880\AppData\Roaming\NVD
[2010.05.06 16:34:31 | 000,000,000 | ---D | C] -- C:\Users\nici8880\AppData\Local\NVD
[2010.05.06 16:34:05 | 000,000,000 | ---D | C] -- C:\Users\nici8880\AppData\Local\SoftGrid Client
[2010.05.06 16:34:04 | 000,000,000 | ---D | C] -- C:\Users\nici8880\AppData\Roaming\SoftGrid Client
[2010.05.06 16:33:38 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\SoftGrid Client
[2010.05.06 16:32:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
[2010.05.06 16:32:22 | 000,000,000 | ---D | C] -- C:\Users\nici8880\AppData\Roaming\TP
[2010.05.04 11:43:59 | 000,101,888 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysNative\esxcwiad.dll
[2010.05.03 13:13:35 | 000,107,552 | ---- | C] (Realtek Semiconductor Corporation) -- C:\Windows\SysNative\RTNUninst64.dll
[2010.05.03 13:00:47 | 000,086,528 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_IBCBCEE.DLL
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010.06.02 10:53:12 | 008,126,464 | ---- | M] () -- C:\Users\nici8880\ntuser.dat
[2010.06.02 10:28:28 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.06.02 10:28:28 | 000,003,616 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.06.02 10:12:22 | 005,082,883 | ---- | M] () -- C:\Users\nici8880\Desktop\FoxitReader331_enu.zip
[2010.06.02 08:55:11 | 000,884,736 | ---- | M] () -- C:\Windows\gmer.dll
[2010.06.02 08:55:11 | 000,085,969 | ---- | M] (GMER) -- C:\Windows\SysWow64\drivers\gmer.sys
[2010.06.02 08:55:11 | 000,000,080 | ---- | M] () -- C:\Windows\gmer_uninstall.cmd
[2010.06.02 08:55:06 | 000,811,008 | ---- | M] () -- C:\Windows\gmer.exe
[2010.06.02 08:47:30 | 000,001,762 | ---- | M] () -- C:\Users\nici8880\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.06.02 08:33:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.06.02 08:32:14 | 000,001,356 | ---- | M] () -- C:\Users\nici8880\AppData\Local\d3d9caps.dat
[2010.06.02 08:28:40 | 000,035,180 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.06.02 08:28:40 | 000,035,180 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.06.02 08:28:30 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.06.01 23:44:52 | 000,524,288 | -HS- | M] () -- C:\Users\nici8880\ntuser.dat{3f7c4b8c-67c0-11df-89ea-00248ca96ef0}.TMContainer00000000000000000001.regtrans-ms
[2010.06.01 23:44:52 | 000,065,536 | -HS- | M] () -- C:\Users\nici8880\ntuser.dat{3f7c4b8c-67c0-11df-89ea-00248ca96ef0}.TM.blf
[2010.06.01 23:44:35 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.06.01 23:44:17 | 003,134,957 | -H-- | M] () -- C:\Users\nici8880\AppData\Local\IconCache.db
[2010.06.01 23:32:29 | 000,624,640 | ---- | M] (Jan Kolarik & Ondrej Vaverka) -- C:\Windows\Müller® Buttermilch.scr
[2010.06.01 23:32:29 | 000,000,743 | ---- | M] () -- C:\Windows\Müller® Buttermilch.c1
[2010.06.01 09:05:15 | 000,000,000 | ---- | M] () -- C:\Autoexec.bat
[2010.05.31 18:07:13 | 002,364,321 | ---- | M] () -- C:\Users\nici8880\Documents\Foto030.jpg
[2010.05.31 18:06:08 | 002,342,587 | ---- | M] () -- C:\Users\nici8880\Documents\Foto032.jpg
[2010.05.29 08:55:52 | 000,000,130 | ---- | M] () -- C:\Users\nici8880\Desktop\Defjayradio.pls
[2010.05.26 19:51:49 | 000,000,812 | ---- | M] () -- C:\Users\nici8880\Desktop\K-Meleon.lnk
[2010.05.26 12:11:08 | 000,525,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2010.05.26 10:54:35 | 000,446,636 | ---- | M] () -- C:\Users\nici8880\Documents\Foto028.jpg
[2010.05.26 08:30:46 | 000,024,064 | ---- | M] (Gerhard Schlager) -- C:\Windows\SysWow64\ctfmon.exe
[2010.05.25 22:05:07 | 001,428,202 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.05.25 22:05:07 | 000,621,264 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.05.25 22:05:07 | 000,590,040 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.05.25 22:05:07 | 000,124,036 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.05.25 22:05:07 | 000,102,452 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.05.25 21:13:45 | 000,524,288 | -HS- | M] () -- C:\Users\nici8880\ntuser.dat{3f7c4b8c-67c0-11df-89ea-00248ca96ef0}.TMContainer00000000000000000002.regtrans-ms
[2010.05.25 14:28:32 | 000,149,773 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2010.05.25 14:28:32 | 000,106,765 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2010.05.25 14:17:02 | 000,353,296 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2010.05.25 11:56:15 | 000,524,288 | -HS- | M] () -- C:\Users\nici8880\ntuser.dat{e89cff25-3a91-11df-bf04-00248ca96ef0}.TMContainer00000000000000000001.regtrans-ms
[2010.05.25 11:56:15 | 000,065,536 | -HS- | M] () -- C:\Users\nici8880\ntuser.dat{e89cff25-3a91-11df-bf04-00248ca96ef0}.TM.blf
[2010.05.25 11:00:40 | 000,394,868 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2010.05.25 09:00:30 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2010.05.25 09:00:30 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2010.05.25 09:00:30 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2010.05.25 09:00:30 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2010.05.23 21:45:09 | 000,009,728 | ---- | M] () -- C:\Users\nici8880\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.22 16:44:35 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010.05.22 12:07:32 | 000,000,206 | ---- | M] () -- C:\Windows\win.ini
[2010.05.22 11:15:01 | 000,033,920 | ---- | M] () -- C:\Windows\SysWow64\drivers\fsbts.sys
[2010.05.22 11:03:17 | 001,466,430 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.05.22 08:13:25 | 001,580,576 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\tdrpm140.sys
[2010.05.22 08:13:19 | 000,880,160 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\timntr.sys
[2010.05.22 08:13:15 | 000,237,600 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\snman380.sys
[2010.05.21 10:08:58 | 000,001,744 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.05.21 09:57:14 | 003,698,937 | ---- | M] () -- C:\Users\nici8880\Desktop\Firefox 3.6.3 (de) - 2010-05-21.pcv
[2010.05.21 09:49:07 | 000,031,242 | ---- | M] () -- C:\Users\nici8880\Desktop\bookmarks-2010-05-21.json
[2010.05.19 18:59:34 | 000,001,886 | ---- | M] () -- C:\Users\Public\Desktop\IncrediMail.lnk
[2010.05.19 11:20:34 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\regsvr32-vssui.dll
[2010.05.19 11:20:34 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\regsvr32-vss_ps.dll
[2010.05.19 11:20:34 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\regsvr32-stdprov.dll
[2010.05.19 11:20:34 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\regsvr32-es.dll
[2010.05.19 11:20:34 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\regsvr32
[2010.05.19 11:20:34 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\Net
[2010.05.19 11:20:34 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\egsvr32
[2010.05.19 10:56:23 | 001,002,408 | ---- | M] () -- C:\Users\nici8880\Documents\NICI8880-PC_right.html
[2010.05.19 10:56:22 | 000,203,805 | ---- | M] () -- C:\Users\nici8880\Documents\NICI8880-PC_left.html
[2010.05.19 10:56:22 | 000,000,829 | ---- | M] () -- C:\Users\nici8880\Documents\NICI8880-PC.html
[2010.05.19 09:58:26 | 010,222,080 | ---- | M] (Foxit Corporation) -- C:\Users\nici8880\Desktop\Foxit Reader.exe
[2010.05.18 15:22:18 | 024,215,959 | ---- | M] () -- C:\Windows\REGBK01.ZIP
[2010.05.18 15:08:41 | 000,354,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr71.dll
[2010.05.16 22:48:39 | 000,000,129 | ---- | M] () -- C:\Windows\wininit.ini
[2010.05.15 23:51:45 | 000,000,790 | ---- | M] () -- C:\Users\nici8880\Desktop\make-euros.net paid4surf.lnk
[2010.05.15 22:05:00 | 000,000,806 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.msn
[2010.05.15 22:05:00 | 000,000,806 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20100518-164201.backup
[2010.05.15 16:34:30 | 000,083,488 | ---- | M] (Acronis) -- C:\Windows\SysNative\drivers\tifsfilt.sys
[2010.05.14 17:52:44 | 000,000,963 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 5.lnk
[2010.05.13 08:47:54 | 000,087,104 | ---- | M] () -- C:\Users\nici8880\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.05.13 08:47:38 | 000,336,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.05.12 21:35:12 | 000,000,763 | ---- | M] () -- C:\Users\nici8880\Desktop\RegCleaner.lnk
[2010.05.12 19:47:29 | 000,017,920 | ---- | M] () -- C:\Windows\WebFerretUninstall.exe
[2010.05.12 12:57:27 | 000,000,068 | ---- | M] () -- C:\Users\nici8880\Desktop\radiofips.pls
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.06.02 10:12:16 | 005,082,883 | ---- | C] () -- C:\Users\nici8880\Desktop\FoxitReader331_enu.zip
[2010.06.02 08:55:11 | 000,884,736 | ---- | C] () -- C:\Windows\gmer.dll
[2010.06.02 08:55:11 | 000,811,008 | ---- | C] () -- C:\Windows\gmer.exe
[2010.06.02 08:55:11 | 000,000,080 | ---- | C] () -- C:\Windows\gmer_uninstall.cmd
[2010.06.02 08:47:30 | 000,001,762 | ---- | C] () -- C:\Users\nici8880\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010.06.01 23:31:43 | 000,588,987 | ---- | C] () -- C:\Windows\Müller® Buttermilch.swf
[2010.06.01 23:31:43 | 000,480,056 | ---- | C] () -- C:\Windows\Müller® Buttermilch.bmp
[2010.06.01 23:31:43 | 000,002,166 | ---- | C] () -- C:\Windows\Müller® Buttermilch.ico
[2010.06.01 23:31:43 | 000,000,774 | ---- | C] () -- C:\Windows\Müller® Buttermilch.c3
[2010.06.01 23:31:43 | 000,000,743 | ---- | C] () -- C:\Windows\Müller® Buttermilch.c1
[2010.06.01 23:31:43 | 000,000,639 | ---- | C] () -- C:\Windows\Müller® Buttermilch.c4
[2010.06.01 23:31:43 | 000,000,000 | ---- | C] () -- C:\Windows\Müller® Buttermilch.ini
[2010.06.01 09:05:15 | 000,000,000 | ---- | C] () -- C:\Autoexec.bat
[2010.05.31 18:06:34 | 002,364,321 | ---- | C] () -- C:\Users\nici8880\Documents\Foto030.jpg
[2010.05.31 17:40:51 | 002,342,587 | ---- | C] () -- C:\Users\nici8880\Documents\Foto032.jpg
[2010.05.29 08:55:50 | 000,000,130 | ---- | C] () -- C:\Users\nici8880\Desktop\Defjayradio.pls
[2010.05.26 19:51:49 | 000,000,812 | ---- | C] () -- C:\Users\nici8880\Desktop\K-Meleon.lnk
[2010.05.26 10:52:59 | 000,446,636 | ---- | C] () -- C:\Users\nici8880\Documents\Foto028.jpg
[2010.05.25 14:20:32 | 000,149,773 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2010.05.25 14:20:32 | 000,106,765 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2010.05.25 12:00:37 | 000,524,288 | -HS- | C] () -- C:\Users\nici8880\ntuser.dat{3f7c4b8c-67c0-11df-89ea-00248ca96ef0}.TMContainer00000000000000000002.regtrans-ms
[2010.05.25 12:00:37 | 000,524,288 | -HS- | C] () -- C:\Users\nici8880\ntuser.dat{3f7c4b8c-67c0-11df-89ea-00248ca96ef0}.TMContainer00000000000000000001.regtrans-ms
[2010.05.25 12:00:36 | 000,065,536 | -HS- | C] () -- C:\Users\nici8880\ntuser.dat{3f7c4b8c-67c0-11df-89ea-00248ca96ef0}.TM.blf
[2010.05.22 12:13:01 | 000,368,872 | ---- | C] () -- C:\Users\nici8880\AppData\Local\dd_vcredistMSI70ED.txt
[2010.05.22 12:12:52 | 000,018,846 | ---- | C] () -- C:\Users\nici8880\AppData\Local\dd_vcredistUI70ED.txt
[2010.05.22 11:14:51 | 000,033,920 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys
[2010.05.21 10:08:58 | 000,001,744 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.05.21 09:56:56 | 003,698,937 | ---- | C] () -- C:\Users\nici8880\Desktop\Firefox 3.6.3 (de) - 2010-05-21.pcv
[2010.05.21 09:49:07 | 000,031,242 | ---- | C] () -- C:\Users\nici8880\Desktop\bookmarks-2010-05-21.json
[2010.05.20 07:33:06 | 000,371,302 | ---- | C] () -- C:\Users\nici8880\AppData\Local\dd_vcredistMSI7E7B.txt
[2010.05.20 07:33:02 | 000,040,606 | ---- | C] () -- C:\Users\nici8880\AppData\Local\dd_vcredistUI7E7B.txt
[2010.05.19 11:20:34 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\regsvr32-vssui.dll
[2010.05.19 11:20:34 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\regsvr32-vss_ps.dll
[2010.05.19 11:20:34 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\regsvr32-stdprov.dll
[2010.05.19 11:20:34 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\regsvr32-es.dll
[2010.05.19 11:20:34 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\regsvr32
[2010.05.19 11:20:34 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\Net
[2010.05.19 11:20:34 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\egsvr32
[2010.05.19 10:56:23 | 001,002,408 | ---- | C] () -- C:\Users\nici8880\Documents\NICI8880-PC_right.html
[2010.05.19 10:56:22 | 000,203,805 | ---- | C] () -- C:\Users\nici8880\Documents\NICI8880-PC_left.html
[2010.05.19 10:56:22 | 000,000,829 | ---- | C] () -- C:\Users\nici8880\Documents\NICI8880-PC.html
[2010.05.18 15:20:22 | 024,215,959 | ---- | C] () -- C:\Windows\REGBK01.ZIP
[2010.05.16 12:30:52 | 000,369,972 | ---- | C] () -- C:\Users\nici8880\AppData\Local\dd_vcredistMSI2920.txt
[2010.05.16 12:29:51 | 000,732,428 | ---- | C] () -- C:\Users\nici8880\AppData\Local\dd_vcredistUI2920.txt
[2010.05.15 23:51:45 | 000,000,790 | ---- | C] () -- C:\Users\nici8880\Desktop\make-euros.net paid4surf.lnk
[2010.05.12 21:35:12 | 000,000,763 | ---- | C] () -- C:\Users\nici8880\Desktop\RegCleaner.lnk
[2010.05.12 19:57:58 | 000,001,904 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\IncrediMail.lnk
[2010.05.12 19:57:58 | 000,001,647 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ICQ7.1.lnk
[2010.05.12 12:57:26 | 000,000,068 | ---- | C] () -- C:\Users\nici8880\Desktop\radiofips.pls
[2010.05.06 16:33:16 | 001,466,430 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.05.04 10:28:09 | 000,369,778 | ---- | C] () -- C:\Users\nici8880\AppData\Local\dd_vcredistMSI225F.txt
[2010.05.04 10:28:08 | 000,024,034 | ---- | C] () -- C:\Users\nici8880\AppData\Local\dd_vcredistUI225F.txt
[2010.05.03 21:50:42 | 000,001,886 | ---- | C] () -- C:\Users\Public\Desktop\IncrediMail.lnk
[2010.04.29 10:58:19 | 000,135,936 | ---- | C] () -- C:\Windows\SysWow64\ZIPDLL.DLL
[2010.04.29 10:58:19 | 000,130,816 | ---- | C] () -- C:\Windows\SysWow64\UNZDLL.DLL
[2010.04.18 10:59:46 | 000,000,111 | ---- | C] () -- C:\Windows\installation.ini
[2010.04.13 11:31:21 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\NetFerret.dll
[2010.03.06 13:54:54 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2010.02.26 23:20:58 | 000,000,017 | ---- | C] () -- C:\Windows\gd.ini
[2010.02.15 23:16:23 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2010.02.15 23:00:56 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX8400DEFGIPS.ini
[2010.01.27 21:55:27 | 000,000,054 | ---- | C] () -- C:\Windows\Player.INI
[2010.01.19 01:44:43 | 000,000,077 | ---- | C] () -- C:\Windows\nwplayer.ini
[2010.01.07 01:46:14 | 000,000,622 | ---- | C] () -- C:\Windows\DMN.INI
[2009.12.11 02:21:00 | 000,000,106 | ---- | C] () -- C:\Windows\Podcasts.INI
[2009.12.03 13:25:02 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2009.12.03 13:23:26 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.12.02 01:47:02 | 000,000,129 | ---- | C] () -- C:\Windows\wininit.ini
[2009.11.26 23:31:41 | 000,001,120 | ---- | C] () -- C:\Windows\_delis32.ini
[2009.11.07 10:54:01 | 000,000,870 | ---- | C] () -- C:\Windows\disney.ini
[2009.11.07 10:52:58 | 000,000,025 | ---- | C] () -- C:\Windows\Dgs_32.dll
[2009.05.19 06:10:11 | 000,354,816 | ---- | C] () -- C:\Windows\SysWow64\pythoncom26.dll
[2009.05.19 06:10:11 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\pywintypes26.dll
[2009.03.02 12:33:32 | 000,067,584 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009.03.02 12:33:32 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2008.01.21 04:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2007.10.08 17:46:14 | 000,851,968 | ---- | C] () -- C:\Windows\SysWow64\Dll_Volume_Ctrl.dll
[2007.04.27 10:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2006.05.19 10:39:58 | 000,015,497 | ---- | C] () -- C:\Windows\spc1030.ini
[1999.11.11 03:39:00 | 000,481,792 | ---- | C] () -- C:\Windows\SysWow64\RFFTW2dll.dll
[1999.01.27 14:39:06 | 000,065,024 | ---- | C] () -- C:\Windows\SysWow64\indounin.dll
[1997.06.13 08:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\Iyvu9_32.dll
========== Alternate Data Streams ==========
@Alternate Data Stream - 164 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 157 bytes -> C:\ProgramData\Temp:1CE11B51
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:513A4CFC
@Alternate Data Stream - 115 bytes -> C:\ProgramData\Temp:A8ADE5D8
< End of report >
--- --- ---
|
