Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   trojanisches Programm Exploit.Java.Agent.bb etc (https://www.trojaner-board.de/89988-trojanisches-programm-exploit-java-agent-bb-etc.html)

Hicke 25.08.2010 20:44
trojanisches Programm Exploit.Java.Agent.bb etc
 
Hallo habe leider Trojaner auf einen Rechner eines bekannten, welche mal entsorgt werden müssten dringend, Problem bin Laie:

anbei die Zeile von Kaspersky Anti Virus:

25.08.2010 21:30:47 Gefunden trojanisches Programm Exploit.Java.Agent.be
c:\users\asus\anwendungsdaten\tuneup software\tuneup utilities\backups\00000021.rcb

25.08.2010 21:30:47 Gefunden trojanisches Programm Exploit.Java.Agent.be

c:\users\asus\anwendungsdaten\tuneup software\tuneup utilities\backups\00000021.rcb

25.08.2010 00:16:27 Infiziert trojanisches Programm Packed.Win32.Krap.ar
C:\Users\Asus\AppData\Roaming\Heicbe\opzew.exe


wie kann ich das löschen, bitte um Hilfe

cosinus 25.08.2010 21:03
Hallo und :hallo:

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lies die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.



Bitte routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Hicke 25.08.2010 21:24
trojanisches Programm Exploit.Java.Agent.bb etc
 
Vielen dank für Deine Hilfe, malware läuft gerad über den rechner und dauert ein wenig:)

Wow das dauert ja ewig mit den Programmprüfungen, werde es heut nacht durchlaufen lassen und morgen posten, ich muss morgen sehr früh an die Arbeit.

Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 4478

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18882

26.08.2010 18:14:28
mbam-log-2010-08-26 (18-14-28).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 262140
Laufzeit: 2 Stunde(n), 59 Minute(n), 16 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

OTL Logfile:
Code:
OTL logfile created on: 26.08.2010 18:33:43 - Run 1
OTL by OldTimer - Version 3.2.10.0    Folder = C:\Users\Asus\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55,89 Gb Total Space | 6,92 Gb Free Space | 12,37% Space Free | Partition Type: NTFS
Drive D: | 49,06 Gb Total Space | 36,42 Gb Free Space | 74,24% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ASUS-PC
Current User Name: Asus
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Asus\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtblfs.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files\Google\Update\1.2.183.27\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\pdfforge Toolbar\SearchSettings.exe (GreenTree Applications, Inc.)
PRC - C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
PRC - C:\Program Files\P4G\BatteryLife.exe (ATK)
PRC - C:\Program Files\ATK Hotkey\Hcontrol.exe (ATK0100)
PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
PRC - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe ()
PRC - C:\Windows\System32\StkCSrv.exe (Syntek America Inc.)
PRC - C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.)
PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK)
PRC - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Asus\Downloads\OTL(2).exe (OldTimer Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (LiveUpdate Notice Ex) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found
SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (LiveUpdate) -- C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (Symantec Corporation)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (spmgr) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
SRV - (StkSSrv) -- C:\Windows\System32\StkCSrv.exe (Syntek America Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (pccsmcfd) -- C:\Windows\System32\DRIVERS\pccsmcfd.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (ipswuio) -- C:\Windows\System32\DRIVERS\ipswuio.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\Windows\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO)
DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (pavboot) -- C:\Windows\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (MODEMCSA) -- C:\Windows\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (SIVDRIVER) -- C:\Windows\System32\drivers\SIVX32.sys (Ray Hinchliffe)
DRV - (WCPU) -- C:\Program Files\P4G\WCPU.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (ghaio) -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys ()
DRV - (StkCMini) -- C:\Windows\System32\drivers\StkCMini.sys (Syntek)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (MIINPazX) -- C:\PROGRA~1\COMMON~1\MARMIK~1\MInfraIS\MIINPazX.SYS (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
DRV - (MTOnlPktAlyX) -- C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (k750bus) Sony Ericsson 750 driver (WDM) -- C:\Windows\System32\drivers\k750bus.sys (MCCI)
DRV - (k750mdfl) -- C:\Windows\System32\drivers\k750mdfl.sys (MCCI)
DRV - (k750mdm) -- C:\Windows\System32\drivers\k750mdm.sys (MCCI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Dailymotion - Online Videos, Musik und Filme. Schau dir gleich die Videos an!
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Scroogle Scraper
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = 192.168.2.1
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://de.ask.com?o=15015&l=dis"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.4.4.118
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.30
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=DVSV5&o=15012&locale=de_DE&apn_uid=184A4C6C-CC3F-4CFE-9488-78D483844C68&apn_ptnrs=U9&apn_sauid=7886F2F4-9FD9-4828-B529-C565E83992E8&apn_dtid=&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.09.12 09:23:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.24 21:25:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.19 20:44:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\THBExt [2010.08.24 23:29:34 | 000,000,000 | ---D | M]
 
[2009.10.12 12:54:59 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\mozilla\Extensions
[2010.08.25 21:43:29 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\mozilla\Firefox\Profiles\id7gz4la.default\extensions
[2010.08.11 21:40:18 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Asus\AppData\Roaming\mozilla\Firefox\Profiles\id7gz4la.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.08.11 21:24:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Asus\AppData\Roaming\mozilla\Firefox\Profiles\id7gz4la.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010.08.11 21:24:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Asus\AppData\Roaming\mozilla\Firefox\Profiles\id7gz4la.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}-trash
[2010.08.10 11:29:41 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\mozilla\Firefox\Profiles\id7gz4la.default\extensions\toolbar@ask.com
[2010.08.25 21:33:32 | 000,002,385 | ---- | M] () -- C:\Users\Asus\AppData\Roaming\Mozilla\FireFox\Profiles\id7gz4la.default\searchplugins\askcom.xml
[2010.08.25 21:43:29 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010.08.24 23:31:46 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\linkfilter@kaspersky.ru
[2010.08.19 20:44:25 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.08.19 20:44:25 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.08.19 20:44:25 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.08.18 11:58:27 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2010.08.19 20:44:25 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.08.19 20:44:25 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe (GreenTree Applications, Inc.)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [ToADiMon.exe] C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: tfguxxawqkggqamzerpsTaskMgr = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: xmihsndpubondhlclybtTaskMgr = 0
O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} hxxp://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab (CKAVWebScan Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1239646001457&h=866862cb450b898fe00bc7775d0b2ba9/&filename=jinstall-6u13-windows-i586-jc.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Landschaft.JPG
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Landschaft.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{34a5b1e8-0fc7-11de-97dc-0018dec42d8b}\Shell\AutoRun\command - "" = F:\programs\nu2menu\nu2menu.exe -- File not found
O33 - MountPoints2\{fa8b216e-0f11-11de-aa13-0018dec42d8b}\Shell\AutoRun\command - "" = F:\programs\nu2menu\nu2menu.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: dfrgconv - (C:\Windows\system32\bitsraid.dll) - C:\Windows\System32\bitsraid.dll File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.25 20:52:31 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010.08.25 20:52:31 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010.08.25 20:52:31 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010.08.24 23:28:34 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2010.08.24 23:27:55 | 000,495,192 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2010.08.24 22:14:05 | 000,000,000 | ---D | C] -- C:\PerfLogs
[2010.08.24 21:47:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2010.08.24 20:36:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010.08.24 20:35:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\Kaspersky Lab
[2010.08.18 10:23:07 | 000,000,000 | ---D | C] -- C:\Users\Asus\Desktop\diverse Fotos
[2010.08.16 20:08:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010.08.16 20:08:40 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010.08.16 20:06:18 | 001,704,744 | ---- | C] (Skype Technologies S.A.) -- C:\Users\Asus\Desktop\SkypeSetup.exe
[2010.08.12 19:40:36 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010.08.12 19:40:36 | 000,511,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010.08.12 19:40:36 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010.08.12 19:40:36 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010.08.12 19:40:35 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010.08.12 19:40:35 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010.08.12 19:40:35 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010.08.12 19:40:34 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010.08.12 19:40:34 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010.08.12 19:40:26 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2010.08.12 19:40:12 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010.08.12 19:40:12 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010.08.12 19:39:16 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2010.08.12 19:39:16 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010.08.12 19:39:16 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2010.08.12 19:39:15 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010.08.12 19:39:13 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010.08.12 19:38:17 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2010.08.12 19:38:12 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010.08.11 22:14:40 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\WindowsUpdate
[2010.08.11 19:10:42 | 000,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2010.08.11 19:10:40 | 000,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2010.08.11 19:10:38 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2010.08.11 19:10:38 | 000,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2010.08.11 19:10:37 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2010.08.11 19:10:33 | 000,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2010.08.11 18:50:34 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2010.08.11 18:50:25 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2010.08.11 18:16:26 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Roaming\Malwarebytes
[2010.08.11 18:14:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.11 18:14:57 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.11 18:14:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.08.11 18:14:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.11 05:58:17 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010.08.11 05:56:00 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010.08.11 05:55:55 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010.08.11 00:31:11 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2010.08.11 00:31:11 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2010.08.11 00:31:10 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2010.08.11 00:31:00 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2010.08.11 00:31:00 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2010.08.11 00:30:59 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2010.08.11 00:30:59 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2010.08.11 00:30:42 | 002,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2010.08.11 00:30:42 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2010.08.11 00:30:19 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.08.11 00:30:19 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.08.11 00:30:18 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.08.11 00:30:17 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.08.11 00:30:16 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.08.11 00:30:15 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.08.11 00:30:14 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.08.11 00:30:14 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.08.11 00:30:13 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.08.11 00:30:12 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.08.11 00:30:12 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.08.11 00:30:12 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.08.11 00:30:11 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.08.11 00:30:11 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.08.11 00:29:06 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2010.08.11 00:29:05 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010.08.11 00:29:04 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2010.08.11 00:29:04 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2010.08.11 00:29:04 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2010.08.11 00:29:04 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2010.08.11 00:29:04 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE
[2010.08.11 00:29:03 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2010.08.11 00:29:03 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2010.08.11 00:24:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.08.11 00:21:50 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2010.08.11 00:21:50 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2010.08.11 00:21:09 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010.08.11 00:20:51 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2010.08.11 00:20:50 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2010.08.11 00:20:50 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2010.08.11 00:20:46 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2010.08.11 00:20:46 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2010.08.11 00:20:36 | 003,598,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.11 00:20:36 | 003,545,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.08.11 00:20:20 | 001,256,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010.08.11 00:20:04 | 002,035,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.08.11 00:19:43 | 000,636,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2010.08.11 00:19:28 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2010.08.11 00:19:28 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2010.08.11 00:19:13 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2010.08.11 00:19:13 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2010.08.11 00:19:13 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2010.08.11 00:19:13 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2010.08.11 00:19:13 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2010.08.11 00:19:01 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.08.11 00:19:01 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.08.11 00:19:01 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.08.11 00:19:00 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2010.08.11 00:18:27 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2010.08.11 00:18:27 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2010.08.11 00:18:20 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.08.11 00:17:27 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010.08.11 00:17:27 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010.08.11 00:07:04 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2010.08.11 00:07:04 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2010.08.11 00:06:27 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2010.08.10 23:56:54 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010.08.10 23:56:53 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010.08.10 23:56:49 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010.08.10 23:56:49 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010.08.10 23:56:48 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2010.08.10 23:56:05 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2010.08.10 23:26:41 | 002,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2010.08.10 23:26:41 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2010.08.10 23:13:33 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2010.08.10 23:13:33 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2010.08.10 23:13:33 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2010.08.10 23:12:54 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2010.08.10 23:12:54 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2010.08.10 22:34:21 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010.08.10 22:11:55 | 000,064,304 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfenlfk.sys
[2010.08.10 17:40:05 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.26 20:09:31 | 003,670,016 | -HS- | M] () -- C:\Users\Asus\NTUSER.DAT
[2010.08.26 19:18:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.26 18:47:04 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.26 18:47:04 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.26 16:47:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.25 21:29:32 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.08.25 21:19:34 | 000,595,506 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.25 21:19:33 | 001,445,774 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.25 21:19:33 | 000,628,436 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.25 21:19:33 | 000,127,056 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.25 21:19:33 | 000,104,940 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.25 21:12:57 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.25 21:12:52 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.25 21:12:07 | 2144,657,408 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.25 21:07:16 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.08.25 21:07:09 | 000,524,288 | -HS- | M] () -- C:\Users\Asus\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.08.25 21:07:09 | 000,065,536 | -HS- | M] () -- C:\Users\Asus\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.08.25 21:06:49 | 003,115,398 | -H-- | M] () -- C:\Users\Asus\AppData\Local\IconCache.db
[2010.08.25 20:56:34 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2010.08.25 06:13:55 | 000,002,489 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.08.24 23:55:55 | 000,113,933 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2010.08.24 23:55:55 | 000,097,549 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2010.08.24 23:27:55 | 000,495,192 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2010.08.24 22:26:06 | 000,000,749 | RH-- | M] () -- C:\Windows\WindowsShell.Manifest
[2010.08.24 22:20:11 | 000,254,480 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.24 21:39:40 | 000,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll
[2010.08.24 21:39:34 | 000,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll
[2010.08.23 18:27:02 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.08.23 18:15:37 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2010.08.21 18:07:16 | 000,074,240 | ---- | M] () -- C:\Users\Asus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.21 13:48:47 | 000,000,104 | ---- | M] () -- C:\Users\Asus\Desktop\Papierkorb - Verknüpfung.lnk
[2010.08.16 20:06:29 | 001,704,744 | ---- | M] (Skype Technologies S.A.) -- C:\Users\Asus\Desktop\SkypeSetup.exe
[2010.08.16 09:23:44 | 000,099,840 | ---- | M] () -- C:\Users\Asus\Desktop\Detailansicht Zwischenhalte.doc
[2010.08.14 22:12:09 | 000,188,928 | ---- | M] () -- C:\Users\Asus\Desktop\Madagascar.doc
[2010.08.14 08:00:43 | 000,056,168 | ---- | M] () -- C:\Users\Asus\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.08.11 19:10:17 | 046,792,704 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2010.08.11 19:10:17 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2010.08.11 19:10:17 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2010.08.11 18:27:36 | 000,004,265 | ---- | M] () -- C:\Users\Asus\AppData\Local\abvpkwql_navps.dat
[2010.08.11 18:27:07 | 000,003,445 | ---- | M] () -- C:\Users\Asus\AppData\Local\abvpkwql.dat
[2010.08.11 18:15:02 | 000,000,825 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.11 18:01:14 | 000,000,090 | ---- | M] () -- C:\Users\Asus\AppData\Local\atvicwjc.bat
[2010.08.10 21:15:47 | 000,248,725 | ---- | M] () -- C:\Users\Asus\AppData\Local\abvpkwql_nav.dat
[2010.08.02 22:07:10 | 000,001,409 | ---- | M] () -- C:\Windows\QTFont.for
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.08.24 23:31:18 | 000,113,933 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2010.08.24 23:31:18 | 000,097,549 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2010.08.21 13:48:47 | 000,000,104 | ---- | C] () -- C:\Users\Asus\Desktop\Papierkorb - Verknüpfung.lnk
[2010.08.16 20:09:14 | 000,002,489 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.08.16 09:23:42 | 000,099,840 | ---- | C] () -- C:\Users\Asus\Desktop\Detailansicht Zwischenhalte.doc
[2010.08.14 22:12:08 | 000,188,928 | ---- | C] () -- C:\Users\Asus\Desktop\Madagascar.doc
[2010.08.11 19:02:31 | 000,196,608 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2010.08.11 19:02:31 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2010.08.11 19:02:30 | 046,792,704 | ---- | C] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2010.08.11 18:15:02 | 000,000,825 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.11 00:19:14 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2010.08.11 00:19:11 | 000,015,181 | ---- | C] () -- C:\Windows\System32\gatherWirelessInfo.vbs
[2010.08.10 18:08:12 | 2144,657,408 | -HS- | C] () -- C:\hiberfil.sys
[2010.08.02 22:07:10 | 000,054,156 | -H-- | C] () -- C:\Windows\QTFont.qfn
[2010.08.02 22:07:10 | 000,001,409 | ---- | C] () -- C:\Windows\QTFont.for
[2010.08.01 22:21:47 | 000,248,725 | ---- | C] () -- C:\Users\Asus\AppData\Local\abvpkwql_nav.dat
[2010.08.01 22:21:47 | 000,004,265 | ---- | C] () -- C:\Users\Asus\AppData\Local\abvpkwql_navps.dat
[2010.08.01 22:21:47 | 000,003,445 | ---- | C] () -- C:\Users\Asus\AppData\Local\abvpkwql.dat
[2010.06.19 23:38:59 | 000,074,240 | ---- | C] () -- C:\Users\Asus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.19 15:00:10 | 000,000,090 | ---- | C] () -- C:\Users\Asus\AppData\Local\atvicwjc.bat
[2010.06.13 22:51:37 | 000,000,032 | ---- | C] () -- C:\Windows\WM2010.INI
[2009.06.11 18:18:27 | 000,000,009 | ---- | C] () -- C:\Users\Asus\AppData\Roaming\mdb.bin
[2009.05.09 21:08:49 | 000,031,007 | ---- | C] () -- C:\Users\Asus\AppData\Roaming\UserTile.png
[2009.04.25 11:24:21 | 000,008,398 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2009.04.12 22:57:52 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.03.29 17:05:16 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2009.03.26 20:30:17 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009.03.22 12:33:06 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.01.05 15:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2007.04.18 11:06:01 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2007.03.06 22:55:03 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.03.09 04:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[1999.04.30 01:00:00 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
< End of report >
--- --- ---


OTL Logfile:
Code:
OTL logfile created on: 26.08.2010 18:33:43 - Run 1
OTL by OldTimer - Version 3.2.10.0    Folder = C:\Users\Asus\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55,89 Gb Total Space | 6,92 Gb Free Space | 12,37% Space Free | Partition Type: NTFS
Drive D: | 49,06 Gb Total Space | 36,42 Gb Free Space | 74,24% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ASUS-PC
Current User Name: Asus
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Asus\Downloads\OTL(2).exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtblfs.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files\Google\Update\1.2.183.27\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\pdfforge Toolbar\SearchSettings.exe (GreenTree Applications, Inc.)
PRC - C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
PRC - C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
PRC - C:\Program Files\P4G\BatteryLife.exe (ATK)
PRC - C:\Program Files\ATK Hotkey\Hcontrol.exe (ATK0100)
PRC - C:\Program Files\ASUS\Splendid\ACMON.exe (ATK)
PRC - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
PRC - C:\Program Files\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Program Files\Wireless Console 2\wcourier.exe ()
PRC - C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files\ATK Hotkey\ATKOSD.exe ()
PRC - C:\Windows\System32\StkCSrv.exe (Syntek America Inc.)
PRC - C:\Program Files\ASUS\ATK Media\DMedia.exe (ASUSTeK Computer INC.)
PRC - C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
PRC - C:\Windows\System32\ACEngSvr.exe (ASUSTeK)
PRC - C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Asus\Downloads\OTL(2).exe (OldTimer Tools)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (LiveUpdate Notice Ex) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found
SRV - (CLTNetCnService) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe File not found
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
SRV - (LiveUpdate Notice Service) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (LiveUpdate) -- C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE (Symantec Corporation)
SRV - (Automatic LiveUpdate Scheduler) -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe (Symantec Corporation)
SRV - (spmgr) -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe ()
SRV - (ASLDRService) -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe ()
SRV - (StkSSrv) -- C:\Windows\System32\StkCSrv.exe (Syntek America Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (pccsmcfd) -- C:\Windows\System32\DRIVERS\pccsmcfd.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (ipswuio) -- C:\Windows\System32\DRIVERS\ipswuio.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\Windows\system32\DRIVERS\kl1.sys (Kaspersky Lab ZAO)
DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.)
DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (pavboot) -- C:\Windows\system32\drivers\pavboot.sys (Panda Security, S.L.)
DRV - (MODEMCSA) -- C:\Windows\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (SIVDRIVER) -- C:\Windows\System32\drivers\SIVX32.sys (Ray Hinchliffe)
DRV - (WCPU) -- C:\Program Files\P4G\WCPU.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (ghaio) -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys ()
DRV - (StkCMini) -- C:\Windows\System32\drivers\StkCMini.sys (Syntek)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel® Corporation)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (MIINPazX) -- C:\PROGRA~1\COMMON~1\MARMIK~1\MInfraIS\MIINPazX.SYS (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
DRV - (MTOnlPktAlyX) -- C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (k750bus) Sony Ericsson 750 driver (WDM) -- C:\Windows\System32\drivers\k750bus.sys (MCCI)
DRV - (k750mdfl) -- C:\Windows\System32\drivers\k750mdfl.sys (MCCI)
DRV - (k750mdm) -- C:\Windows\System32\drivers\k750mdm.sys (MCCI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Dailymotion - Online Videos, Musik und Filme. Schau dir gleich die Videos an!
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Scroogle Scraper
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = 192.168.2.1
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://de.ask.com?o=15015&l=dis"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.4.4.118
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {e001c731-5e37-4538-a5cb-8168736a2360}:0.9.9.30
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.1.400
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=DVSV5&o=15012&locale=de_DE&apn_uid=184A4C6C-CC3F-4CFE-9488-78D483844C68&apn_ptnrs=U9&apn_sauid=7886F2F4-9FD9-4828-B529-C565E83992E8&apn_dtid=&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\bkmrksync@nokia.com: C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\ [2009.09.12 09:23:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.24 21:25:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.19 20:44:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\THBExt [2010.08.24 23:29:34 | 000,000,000 | ---D | M]
 
[2009.10.12 12:54:59 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\mozilla\Extensions
[2010.08.25 21:43:29 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\mozilla\Firefox\Profiles\id7gz4la.default\extensions
[2010.08.11 21:40:18 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Asus\AppData\Roaming\mozilla\Firefox\Profiles\id7gz4la.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.08.11 21:24:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Asus\AppData\Roaming\mozilla\Firefox\Profiles\id7gz4la.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2010.08.11 21:24:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Asus\AppData\Roaming\mozilla\Firefox\Profiles\id7gz4la.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}-trash
[2010.08.10 11:29:41 | 000,000,000 | ---D | M] -- C:\Users\Asus\AppData\Roaming\mozilla\Firefox\Profiles\id7gz4la.default\extensions\toolbar@ask.com
[2010.08.25 21:33:32 | 000,002,385 | ---- | M] () -- C:\Users\Asus\AppData\Roaming\Mozilla\FireFox\Profiles\id7gz4la.default\searchplugins\askcom.xml
[2010.08.25 21:43:29 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010.08.24 23:31:46 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\linkfilter@kaspersky.ru
[2010.08.19 20:44:25 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.08.19 20:44:25 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010.08.19 20:44:25 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.08.18 11:58:27 | 000,002,027 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
[2010.08.19 20:44:25 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.08.19 20:44:25 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (EWPBrowseObject Class) - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Easy-WebPrint) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\WidgiToolbarIE.dll (GreenTree Applications, Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\pdfforge Toolbar\SearchSettings.exe (GreenTree Applications, Inc.)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [ToADiMon.exe] C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKCU..\Run: [PC Suite Tray] C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\NPSWF32_FlashUtil.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: tfguxxawqkggqamzerpsTaskMgr = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: xmihsndpubondhlclybtTaskMgr = 0
O8 - Extra context menu item: Easy-WebPrint - Drucken - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint - Vorschau - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} hxxp://www.kaspersky.com/kos/german/partner/de/kavwebscan_unicode.cab (CKAVWebScan Object)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1239646001457&h=866862cb450b898fe00bc7775d0b2ba9/&filename=jinstall-6u13-windows-i586-jc.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab (ActiveScan 2.0 Installer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~1\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\Windows\system32\klogon.dll - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Landschaft.JPG
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Landschaft.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{34a5b1e8-0fc7-11de-97dc-0018dec42d8b}\Shell\AutoRun\command - "" = F:\programs\nu2menu\nu2menu.exe -- File not found
O33 - MountPoints2\{fa8b216e-0f11-11de-aa13-0018dec42d8b}\Shell\AutoRun\command - "" = F:\programs\nu2menu\nu2menu.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: dfrgconv - (C:\Windows\system32\bitsraid.dll) - C:\Windows\System32\bitsraid.dll File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.25 20:52:31 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010.08.25 20:52:31 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010.08.25 20:52:31 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010.08.24 23:28:34 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab
[2010.08.24 23:27:55 | 000,495,192 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2010.08.24 22:14:05 | 000,000,000 | ---D | C] -- C:\PerfLogs
[2010.08.24 21:47:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2010.08.24 20:36:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010.08.24 20:35:59 | 000,000,000 | ---D | C] -- C:\Windows\System32\Kaspersky Lab
[2010.08.18 10:23:07 | 000,000,000 | ---D | C] -- C:\Users\Asus\Desktop\diverse Fotos
[2010.08.16 20:08:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010.08.16 20:08:40 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010.08.16 20:06:18 | 001,704,744 | ---- | C] (Skype Technologies S.A.) -- C:\Users\Asus\Desktop\SkypeSetup.exe
[2010.08.12 19:40:36 | 000,523,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010.08.12 19:40:36 | 000,511,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010.08.12 19:40:36 | 000,472,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010.08.12 19:40:36 | 000,472,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010.08.12 19:40:35 | 000,347,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010.08.12 19:40:35 | 000,346,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010.08.12 19:40:35 | 000,329,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdrm.dll
[2010.08.12 19:40:34 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010.08.12 19:40:34 | 000,151,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010.08.12 19:40:26 | 000,714,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl
[2010.08.12 19:40:12 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010.08.12 19:40:12 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010.08.12 19:39:16 | 000,428,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2010.08.12 19:39:16 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010.08.12 19:39:16 | 000,217,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisrndr.ax
[2010.08.12 19:39:15 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010.08.12 19:39:13 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010.08.12 19:38:17 | 000,310,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\unregmp2.exe
[2010.08.12 19:38:12 | 008,147,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010.08.11 22:14:40 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Local\WindowsUpdate
[2010.08.11 19:10:42 | 000,097,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardapi.dll
[2010.08.11 19:10:40 | 000,105,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
[2010.08.11 19:10:38 | 000,622,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardagt.exe
[2010.08.11 19:10:38 | 000,037,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\infocardcpl.cpl
[2010.08.11 19:10:37 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\icardres.dll
[2010.08.11 19:10:33 | 000,781,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationNative_v0300.dll
[2010.08.11 18:50:34 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2010.08.11 18:50:25 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2010.08.11 18:16:26 | 000,000,000 | ---D | C] -- C:\Users\Asus\AppData\Roaming\Malwarebytes
[2010.08.11 18:14:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.11 18:14:57 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.11 18:14:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.08.11 18:14:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.11 05:58:17 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010.08.11 05:56:00 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\nshhttp.dll
[2010.08.11 05:55:55 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\httpapi.dll
[2010.08.11 00:31:11 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelinesvc.exe
[2010.08.11 00:31:11 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
[2010.08.11 00:31:10 | 000,183,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdohlp.dll
[2010.08.11 00:31:00 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasrecst.dll
[2010.08.11 00:31:00 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasdatastore.dll
[2010.08.11 00:30:59 | 000,054,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iasads.dll
[2010.08.11 00:30:59 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\printfilterpipelineprxy.dll
[2010.08.11 00:30:42 | 002,868,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2010.08.11 00:30:42 | 002,386,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMVCORE.DLL
[2010.08.11 00:30:19 | 000,594,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.08.11 00:30:19 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.08.11 00:30:18 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.08.11 00:30:17 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.08.11 00:30:16 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.08.11 00:30:15 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.08.11 00:30:14 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.08.11 00:30:14 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.08.11 00:30:13 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.08.11 00:30:12 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.08.11 00:30:12 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.08.11 00:30:12 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.08.11 00:30:11 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.08.11 00:30:11 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.08.11 00:29:06 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netiohlp.dll
[2010.08.11 00:29:05 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netevent.dll
[2010.08.11 00:29:04 | 000,027,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\NETSTAT.EXE
[2010.08.11 00:29:04 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ARP.EXE
[2010.08.11 00:29:04 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ROUTE.EXE
[2010.08.11 00:29:04 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\finger.exe
[2010.08.11 00:29:04 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TCPSVCS.EXE
[2010.08.11 00:29:03 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MRINFO.EXE
[2010.08.11 00:29:03 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\HOSTNAME.EXE
[2010.08.11 00:24:21 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.08.11 00:21:50 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amxread.dll
[2010.08.11 00:21:50 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\apilogen.dll
[2010.08.11 00:21:09 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010.08.11 00:20:51 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2010.08.11 00:20:50 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2010.08.11 00:20:50 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2010.08.11 00:20:46 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.tlb
[2010.08.11 00:20:46 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\amcompat.tlb
[2010.08.11 00:20:36 | 003,598,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.11 00:20:36 | 003,545,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.08.11 00:20:20 | 001,256,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010.08.11 00:20:04 | 002,035,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.08.11 00:19:43 | 000,636,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\localspl.dll
[2010.08.11 00:19:28 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2010.08.11 00:19:28 | 000,053,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2010.08.11 00:19:13 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlansec.dll
[2010.08.11 00:19:13 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanmsm.dll
[2010.08.11 00:19:13 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\L2SecHC.dll
[2010.08.11 00:19:13 | 000,068,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanhlp.dll
[2010.08.11 00:19:13 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wlanapi.dll
[2010.08.11 00:19:01 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.08.11 00:19:01 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.08.11 00:19:01 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.08.11 00:19:00 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dciman32.dll
[2010.08.11 00:18:27 | 000,562,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdtcprx.dll
[2010.08.11 00:18:27 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xolehlp.dll
[2010.08.11 00:18:20 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.08.11 00:17:27 | 000,220,672 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codecp.acm
[2010.08.11 00:17:27 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010.08.11 00:07:04 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\raschap.dll
[2010.08.11 00:07:04 | 000,244,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rastls.dll
[2010.08.11 00:06:27 | 000,351,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WSDApi.dll
[2010.08.10 23:56:54 | 000,091,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010.08.10 23:56:53 | 001,314,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010.08.10 23:56:49 | 000,123,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msvfw32.dll
[2010.08.10 23:56:49 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010.08.10 23:56:48 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avicap32.dll
[2010.08.10 23:56:05 | 000,604,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMSPDMOD.DLL
[2010.08.10 23:26:41 | 002,421,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2010.08.10 23:26:41 | 000,044,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2010.08.10 23:13:33 | 000,575,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2010.08.10 23:13:33 | 000,087,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2010.08.10 23:13:33 | 000,035,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2010.08.10 23:12:54 | 000,171,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2010.08.10 23:12:54 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2010.08.10 22:34:21 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010.08.10 22:11:55 | 000,064,304 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfenlfk.sys
[2010.08.10 17:40:05 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.26 20:09:31 | 003,670,016 | -HS- | M] () -- C:\Users\Asus\NTUSER.DAT
[2010.08.26 19:18:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.26 18:47:04 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.26 18:47:04 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.26 16:47:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.25 21:29:32 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010.08.25 21:19:34 | 000,595,506 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.25 21:19:33 | 001,445,774 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.25 21:19:33 | 000,628,436 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.25 21:19:33 | 000,127,056 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.25 21:19:33 | 000,104,940 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.25 21:12:57 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.25 21:12:52 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.25 21:12:07 | 2144,657,408 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.25 21:07:16 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.08.25 21:07:09 | 000,524,288 | -HS- | M] () -- C:\Users\Asus\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.08.25 21:07:09 | 000,065,536 | -HS- | M] () -- C:\Users\Asus\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.08.25 21:06:49 | 003,115,398 | -H-- | M] () -- C:\Users\Asus\AppData\Local\IconCache.db
[2010.08.25 20:56:34 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2010.08.25 06:13:55 | 000,002,489 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.08.24 23:55:55 | 000,113,933 | ---- | M] () -- C:\Windows\System32\drivers\klin.dat
[2010.08.24 23:55:55 | 000,097,549 | ---- | M] () -- C:\Windows\System32\drivers\klick.dat
[2010.08.24 23:27:55 | 000,495,192 | ---- | M] (Kaspersky Lab) -- C:\Windows\System32\drivers\klif.sys
[2010.08.24 22:26:06 | 000,000,749 | RH-- | M] () -- C:\Windows\WindowsShell.Manifest
[2010.08.24 22:20:11 | 000,254,480 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.24 21:39:40 | 000,101,888 | ---- | M] (Infineon Technologies AG) -- C:\Windows\System32\ifxcardm.dll
[2010.08.24 21:39:34 | 000,082,432 | ---- | M] (Gemalto, Inc.) -- C:\Windows\System32\axaltocm.dll
[2010.08.23 18:27:02 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.08.23 18:15:37 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2010.08.21 18:07:16 | 000,074,240 | ---- | M] () -- C:\Users\Asus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.21 13:48:47 | 000,000,104 | ---- | M] () -- C:\Users\Asus\Desktop\Papierkorb - Verknüpfung.lnk
[2010.08.16 20:06:29 | 001,704,744 | ---- | M] (Skype Technologies S.A.) -- C:\Users\Asus\Desktop\SkypeSetup.exe
[2010.08.16 09:23:44 | 000,099,840 | ---- | M] () -- C:\Users\Asus\Desktop\Detailansicht Zwischenhalte.doc
[2010.08.14 22:12:09 | 000,188,928 | ---- | M] () -- C:\Users\Asus\Desktop\Madagascar.doc
[2010.08.14 08:00:43 | 000,056,168 | ---- | M] () -- C:\Users\Asus\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.08.11 19:10:17 | 046,792,704 | ---- | M] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2010.08.11 19:10:17 | 000,196,608 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2010.08.11 19:10:17 | 000,065,536 | ---- | M] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2010.08.11 18:27:36 | 000,004,265 | ---- | M] () -- C:\Users\Asus\AppData\Local\abvpkwql_navps.dat
[2010.08.11 18:27:07 | 000,003,445 | ---- | M] () -- C:\Users\Asus\AppData\Local\abvpkwql.dat
[2010.08.11 18:15:02 | 000,000,825 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.11 18:01:14 | 000,000,090 | ---- | M] () -- C:\Users\Asus\AppData\Local\atvicwjc.bat
[2010.08.10 21:15:47 | 000,248,725 | ---- | M] () -- C:\Users\Asus\AppData\Local\abvpkwql_nav.dat
[2010.08.02 22:07:10 | 000,001,409 | ---- | M] () -- C:\Windows\QTFont.for
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.08.24 23:31:18 | 000,113,933 | ---- | C] () -- C:\Windows\System32\drivers\klin.dat
[2010.08.24 23:31:18 | 000,097,549 | ---- | C] () -- C:\Windows\System32\drivers\klick.dat
[2010.08.21 13:48:47 | 000,000,104 | ---- | C] () -- C:\Users\Asus\Desktop\Papierkorb - Verknüpfung.lnk
[2010.08.16 20:09:14 | 000,002,489 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.08.16 09:23:42 | 000,099,840 | ---- | C] () -- C:\Users\Asus\Desktop\Detailansicht Zwischenhalte.doc
[2010.08.14 22:12:08 | 000,188,928 | ---- | C] () -- C:\Users\Asus\Desktop\Madagascar.doc
[2010.08.11 19:02:31 | 000,196,608 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.perf
[2010.08.11 19:02:31 | 000,065,536 | ---- | C] () -- C:\Windows\ocsetup_cbs_install_NetFx3.dpx
[2010.08.11 19:02:30 | 046,792,704 | ---- | C] () -- C:\Windows\ocsetup_install_NetFx3.etl
[2010.08.11 18:15:02 | 000,000,825 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.11 00:19:14 | 002,501,921 | ---- | C] () -- C:\Windows\System32\wlan.tmf
[2010.08.11 00:19:11 | 000,015,181 | ---- | C] () -- C:\Windows\System32\gatherWirelessInfo.vbs
[2010.08.10 18:08:12 | 2144,657,408 | -HS- | C] () -- C:\hiberfil.sys
[2010.08.02 22:07:10 | 000,054,156 | -H-- | C] () -- C:\Windows\QTFont.qfn
[2010.08.02 22:07:10 | 000,001,409 | ---- | C] () -- C:\Windows\QTFont.for
[2010.08.01 22:21:47 | 000,248,725 | ---- | C] () -- C:\Users\Asus\AppData\Local\abvpkwql_nav.dat
[2010.08.01 22:21:47 | 000,004,265 | ---- | C] () -- C:\Users\Asus\AppData\Local\abvpkwql_navps.dat
[2010.08.01 22:21:47 | 000,003,445 | ---- | C] () -- C:\Users\Asus\AppData\Local\abvpkwql.dat
[2010.06.19 23:38:59 | 000,074,240 | ---- | C] () -- C:\Users\Asus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.19 15:00:10 | 000,000,090 | ---- | C] () -- C:\Users\Asus\AppData\Local\atvicwjc.bat
[2010.06.13 22:51:37 | 000,000,032 | ---- | C] () -- C:\Windows\WM2010.INI
[2009.06.11 18:18:27 | 000,000,009 | ---- | C] () -- C:\Users\Asus\AppData\Roaming\mdb.bin
[2009.05.09 21:08:49 | 000,031,007 | ---- | C] () -- C:\Users\Asus\AppData\Roaming\UserTile.png
[2009.04.25 11:24:21 | 000,008,398 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
[2009.04.12 22:57:52 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.03.29 17:05:16 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2009.03.26 20:30:17 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2009.03.22 12:33:06 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.01.05 15:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
[2007.04.18 11:06:01 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2007.03.06 22:55:03 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.03.09 04:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[1999.04.30 01:00:00 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL
< End of report >
--- --- ---

Hicke 26.08.2010 19:20
OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 26.08.2010 18:33:43 - Run 1
OTL by OldTimer - Version 3.2.10.0    Folder = C:\Users\Asus\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 67,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 55,89 Gb Total Space | 6,92 Gb Free Space | 12,37% Space Free | Partition Type: NTFS
Drive D: | 49,06 Gb Total Space | 36,42 Gb Free Space | 74,24% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ASUS-PC
Current User Name: Asus
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\program files\t-online\t-online_software_6\browser\Browser.exe (Deutsche Telekom AG, T-Com)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- C:\program files\t-online\t-online_software_6\browser\Browser.exe "%1" (Deutsche Telekom AG, T-Com)
htmlfile [opennew] -- C:\program files\t-online\t-online_software_6\browser\Browser.exe "%1" (Deutsche Telekom AG, T-Com)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" (Deutsche Telekom AG, T-Com)
https [open] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" (Deutsche Telekom AG, T-Com)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-4186507801-287623148-3281869339-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03C840E1-6D09-4B8F-AF22-819FB0A4E436}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe |
"{35AE24DE-73DD-44A6-A73A-6A1EEDEC1375}" = lport=5358 | protocol=6 | dir=in | app=system |
"{6D54C45A-DF86-45B5-B69B-BB961D899DC8}" = rport=5357 | protocol=6 | dir=out | app=system |
"{9F97E809-318B-480A-9083-5BA796AFA3D2}" = rport=5358 | protocol=6 | dir=out | app=system |
"{A330D298-F6CC-474B-9952-7FDE80617A5F}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe |
"{BD098DFD-DCDA-4E5D-9252-5C95268E06AD}" = lport=5357 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00720277-9EF3-4B46-AFFE-2E26AB78C206}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{00A83F98-6BBD-4805-8773-E83BFC71998E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{01C9F4F9-4E70-41CE-A012-0AE53B1A6A8A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{01F61449-E7EA-4244-983D-D8E43D90DE19}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{032E6D40-5524-4BAC-9A83-45C6EFA5A7F1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0390DB18-080D-424D-BF77-AEC79DF80250}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{04346E7D-EE88-4411-A7CC-A7A8CA4ED9DD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{04441F90-FE19-4EB4-BAFE-7E297AABF8E0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0525C946-33C3-4D2A-963F-881674072034}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{053742BF-DFA3-46B6-AD43-A3F621821171}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{054C37CD-5B4F-4824-884C-62A99A02A15D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{06E44657-A748-4B9E-8C0E-B84F2CEAA7F3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0A50292C-A12C-4F77-8CF4-6DBD122066D1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0A5B8D5C-BC5B-4DF2-B369-7016B24A8243}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0BBA967E-5058-4A35-BF5B-6FF1196304E1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0C77F199-D03B-4F4E-9AA6-A11E96E22BD1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0D53FBDB-E440-4D66-9C21-B34CA2D81E22}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0E21C837-BA50-4D27-A4B9-1601CDE4B512}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0E83D7C2-EEFA-48F5-AC4B-D1A0F27E6D08}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0E95074D-91F6-47C7-A1F6-23079AE806C4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0EB8E580-6DFD-4535-9045-C3D0255E0144}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{0FF7FF4A-77CA-4CBC-94D8-8AE5B4C924E3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{10C4E437-12B2-4C2A-B9F5-407230328980}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{13525866-810F-4B79-A86C-7F3D986BDDBC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{13F18B24-2D32-49E6-8531-2FA8F6DD7BEB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1417E093-4ED2-4196-AAE2-FD92971C248D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1457C2C8-FE89-419D-B745-91B8534C5F8B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{14839761-3EFF-4B0D-92F0-9FCFA8FE2754}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{154D7AD6-C121-437E-8354-D37C8B9A7E84}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{15A89860-3EA3-493F-AC2F-91F132D6FC6B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{161C11E1-D7C3-4EB1-9D13-6DF821C470B3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{165D82BC-101C-44F0-AF02-DFB79958C94F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1761D85D-898F-4895-B1E5-3D947FEACB19}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{17742E11-D90F-4E6E-BBD2-78E56FEE96D6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{179644D6-342D-4802-AB58-B7938EAEA41D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{17A53149-72C5-43BB-8437-B93C3AC76980}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{17DA3619-6518-4D50-A10E-3CDBF2533C23}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1883FB18-E30B-4B2E-8025-E9F46BED1DAF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{18D1F6A5-F89E-48B8-BE37-79F96DF2EC12}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1952A2EF-AF36-4FFC-8BA4-2E2D2F7C412E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{19AF5733-4609-406D-8702-3E7B48FD369A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1A61BBDB-3A49-4C7E-B019-665F5C90D9D3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1A75C0FF-AC0C-4FAD-BF38-72825B7E88BF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1CB509B3-F380-4409-AA96-A8633EF7611B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1CD4799C-A177-4249-AF76-74D564C7D284}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1D46406B-3FC4-4518-A097-9F70D9769EB1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1D468EBC-36DE-4DEF-81A8-1DB85A1E67C9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1D879806-2767-4999-B784-99C80D53FC61}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1E25FF67-4163-4B55-A156-D4778D2D3B7E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1E2F870C-1D60-491F-8CB3-EC4FCCF69C0D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1FA6DFAA-E851-47C2-B36B-02F33A95B742}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{20F3DDDF-78D0-4E5C-A2A2-E04F37710EF2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{21FC70E7-68AC-4BC8-A83A-C21CFF2FB5F9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{22276FB9-9B60-464A-9F2B-8D7D4D6C68FE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{224DD74A-2707-493F-BD56-0A44E087F7B5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{22632337-B4AD-4CD9-8D2A-7AF36A115FD6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{22A08F24-CF4F-4DF2-8E69-ACA4410C553F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{23ED6A51-7093-4D24-BEBA-0D52058D4900}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{24E0E1FE-22A9-404F-9C29-1673774176C4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{24ED6634-2CEE-4B99-B561-94953E5966B4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{255FFD29-B129-422E-A928-0383FA4695C3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{257F616B-5232-48F2-BF66-09B6F09F656B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{25DB294B-2ED4-4023-ABC4-EE890C15456B}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{277D8791-85E0-476B-A88B-2D811D316052}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2822C565-A5D4-4563-98E2-A5BDD01A14E7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{291FB1E2-1D8B-4445-AB09-AD026332E313}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2A32797A-420E-4B39-B08D-C12622F29F6A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2B43B7A5-C30B-4CD4-9CC4-BE57CECDD9AC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2D1CABF4-DA68-4EE5-A116-6D39E389A5EE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2D7F0BFB-9075-46CF-8ACD-2888B3DD34EF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2EFAD313-605C-4692-B706-91421F3C91B4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2F499DCC-0726-4A4D-B828-53F25B2C8E4B}" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"{2F5D7372-5DC8-4865-AC23-8F45BEB738A3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{2F9DB0A6-AD4F-46A7-8345-F1F73F54F39F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{300DB12E-529B-42F2-BFF2-A12A0E65B5BC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{304C7F34-E8A5-4419-A761-860CE972B477}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{31689600-8154-48E4-8B09-CAC47ECFCFEE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{31860250-480E-4558-B80D-7A4FBEBBD0A2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{32BB1CD4-0FA4-4F0E-B71F-2004582C45C5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{330D650E-EC04-4AC3-A1C8-9E4D033C6819}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3388AD78-3129-407B-94E7-3533A6794C7D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3443BFC3-123C-441D-9545-17ADF5D4FA84}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{34E88E95-1CC5-49DD-B984-602D702E8854}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{351F8495-20F2-4DCF-8653-B0B78C9AE70C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{35532C3F-AB84-46CA-8D50-6D959433176B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{35E73602-2F9F-4F78-B4E9-A0D15061CCD6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{368CCE6C-78F6-4BED-BD67-AAB61A06BE25}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{36B90168-7179-418C-8D54-E6AFF862F1C9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{37366850-79F5-48BE-B52D-2A15EADEAD53}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3818C9AB-9F5C-4FF2-AD40-0A0767992A8B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3858C36E-777E-4CB8-B70F-E92852AAFEB6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{38B73A8C-CFBB-4182-868C-F42B5AC815FB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{392EBD88-A9ED-468F-A880-98F6C6EFF8B6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{39E48A82-0783-4238-A599-35674E3F33A4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3B4A86A0-F603-4A5A-9798-4CA68CCD764C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3B98C9C1-BF93-47E7-9282-E0DC9C978213}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3BAF7F26-C4EC-4C56-A56D-88485B27EC45}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3C0A7896-7758-4A41-A9BF-E37122AC51E7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3C109712-107C-4E90-885F-9C860953742F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3C1EC37C-9A19-496C-A719-5D542BC867BB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3D30AC8C-F9A8-42F7-B74C-891DB70EDF7A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3DF22A44-9716-489E-8009-D2560DF5E444}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3E9FAD93-0D9D-4DD3-A113-3A02F41D97BE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3F1F88D4-BB32-494E-A1E9-835E6701529C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{3F375E3D-C917-4E0B-A32C-D66FE0F875D2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{40682C3B-76FF-429A-BBB9-6A7D83D28C75}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{408501D4-2CE8-4D93-AAB1-0F33FA64D50F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{418C5845-0D0F-4D83-874A-193A50C41075}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4257FC0C-54FF-46F8-AACB-D0ACDD9388F9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{43BA3497-DBF6-4A37-A63D-19E11E10B182}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4481602D-CEA2-4182-8599-27727C1957B1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{44882A48-C165-46B9-B108-57980F033A9F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{44BFC552-FD5E-4733-9BD3-A4367EF14387}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4526CE59-DD6F-4A0E-A0BC-C4D825C61251}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{46075448-5D76-4FAF-B1AC-50A6B85FBAB4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{474D6A14-CFB7-45CA-9CB7-61D4E6ECA4F7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{484A5919-D4D4-4DB4-9DEC-A4993FC90DE4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{48F50CA9-6A1C-4037-AD93-514DBFE614D8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{49393AE5-176F-4EE0-BB50-EE84966AE178}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{49AD0793-37EB-4E6B-B134-6FAE98FE9F01}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4A1E9C8C-6658-42B1-AE39-CC7E2C4719EF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4A447A50-8DBE-4258-8E81-F7E946909E8D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4ACCC427-BA27-4E10-B292-1E7F3E4EBC44}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4B96BFE5-2738-441C-9616-AA7921BA8894}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4CDC0D38-A490-47C9-9406-295347EAB884}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4D8CAA52-C212-4591-9126-5118D5975866}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4DD5B33E-9095-4D30-AB03-AE1B22CFE71E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4E7FD545-6238-44F5-9759-6EB5E4023A7F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4EC8242A-4CFE-4DB4-BE97-D78591F24A61}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{4F0A675D-6CC0-4075-A0A4-BB36E4C56F3F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{50D9D611-C273-48BF-9367-E70BB7A85FA7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{50ED2F58-004E-4677-B46B-FE3A68A43561}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{51588849-F2DE-4BB6-A83D-C9F9BF29C963}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{529ABF98-8A4E-432D-8D50-D585FC5ECA85}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{529E813F-EDC1-44DB-9891-73E2AFA6FECB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{544E1737-DB95-4C54-81EA-0C54C08AFD13}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{55917BA6-B51E-415C-83C0-33C2CA3AB77E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{55C76C16-2477-4EED-8546-32FB59B19E91}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{578FDB9B-B7D2-4ABD-9A89-3D8BF8E2BF35}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{57CC1B59-437A-4B6A-91D9-1B119196AD2B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{58034C27-5832-45AE-8283-466350CB602B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5A8C71F9-1590-46C8-B28E-B2B89CF236E2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5C18D2ED-28EE-4410-940B-B7BED7D15A72}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5C1D611F-AC87-4DE9-B8BD-0F065B40014C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5C6BBC88-5267-4798-9B34-EEB0739F426F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5D65AFA4-33A0-406B-9214-30F94F0E2AC9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5E51E3D2-22D9-4A0D-8EDA-C16CC48D417E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5E6B0CC1-0389-4FE8-9C00-B40A6D9228B4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5F8ED060-E6B2-4B65-9064-2833835F9D73}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{5FA26B9F-8D7A-427D-908D-87AECA69DEDE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{61410024-1917-4CCA-8CF3-85A53845AA52}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{618ECD92-EDA4-4918-A3DF-517AC0B89E64}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{632C4C35-3566-4E33-9332-5B3E6901CFF9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{64C1608B-4A1B-4CD6-8726-1DDAB50F59D4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6590E0E3-0FF7-473E-8CF1-6E08F769A426}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{66A416BE-52AE-41DF-A846-18A613A16768}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{67014F78-2A3A-488E-93CC-360B243C3D8C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6800940B-5FBD-41BD-B147-5D3FCAAE20C3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{688324C5-CFF1-4F7E-A895-AB477075E0CC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{694C5738-430E-4A62-94C2-7BD84E2D4BF1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6999F104-347C-4AFD-A460-51521599B8CB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6A3DDBB2-AE88-4FBA-AA50-33A0EE1545A8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6B335A5F-AF6A-4160-A0EC-6F4FF3D11E1D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6B68AFBF-925B-48D8-82B1-EF4286606C7E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6C353571-5893-48D5-9479-A2810DF9910E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6C8EE939-5E74-4983-9545-552277FC6FF5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6D2F86BA-7E27-43EE-811C-EAE2062984D0}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6F9B8A89-69FF-4C0E-B4B5-AE602A3380A1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{6FFCF464-B4D0-4837-A0A0-3BB6D2A0D3ED}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{701A2C02-13EA-4097-BE7E-B62B461697AF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{704C39CF-D400-47E3-80D2-71FEB7FE8756}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{707D54B9-879E-4FB6-9124-BD0C610918D7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{725C69F9-EE65-41EA-A9BB-39A4412D73C7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{727E36A5-2A89-4CA5-B483-C03F14D9AEF5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{72E85F2E-C539-47A3-8FAB-0104C0226719}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{75857E90-3B52-40CE-8D0A-1F49836104E1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{75C577A2-3CFF-4873-9AE5-53B3FBEE4FA5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7619315E-D8A8-4B7D-9875-6EE728F5D3E5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{76D962A5-E1DD-4041-9217-9C641995DB15}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{77EF34DD-8AB2-4391-8966-3C8981D51255}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{77FFCEF7-5F80-4E0A-B77D-7E4429386013}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{78D9EB35-DDCE-4372-8589-12F1DB58BD8A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7AE8DC95-CC91-412C-9BCE-0E0A8D99A0A9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7B97F76A-FE3B-4E35-8DD2-7A8329E1A131}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe |
"{7BAA20AF-ECED-4FFE-8823-A72B7EF900C5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7CC2B4DA-B19B-445E-877F-07C7FDA5C38C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7CE89BE4-15E0-4300-8D61-086181892D78}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7D152493-CEF3-4BA5-8174-82013ED336DD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7ECCA9A1-B35A-4026-97A9-C2482E3A4286}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7F5BF052-E589-4C32-9D67-D8A87D415930}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7FEEFDB0-B624-4E7A-B5B4-8077E0558E2A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{801660AB-2F1A-4FAC-A31A-E3BF5B7F4559}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{81A0ADEA-5AB4-45FC-83FF-37EA78CFCCB7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8326033A-4ECE-44B3-8344-00165E0DE6FC}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{83BDB8AA-0BD1-4B43-BBE6-06C0E902A79E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{83F7457C-A7E4-41AB-99FC-8FD30AF5C639}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{84450271-3650-43C0-85DB-C7B996953C55}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{852A0DF0-B953-42DD-B21B-FE924D3395B6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{852C4BE7-9BF8-43B2-B9EE-8B515CB96D86}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{85317A9F-0FA4-44AC-B73C-B86FCFDAFE2C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{859FC994-6C20-4FAC-AFD2-6243B0D42694}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{85CA5FF0-CB8C-4207-9FDF-06EC88021A0A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{860703B3-5C88-4F96-A286-C42064699260}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{87AFEF98-E09D-4623-B9E9-C63729B3A61C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{88F4FD84-9FCD-4CE4-81C9-4BF5DF3D0DD7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{89A051B8-0085-4947-9FB3-38A84708F9CC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8A03816C-2987-48D0-8DF9-859EBBA8D563}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8A1E974D-C1CA-4D88-B3B3-A6F5278CE237}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8A794A40-6212-4C79-8533-F968E6C7FC86}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8A9676BF-9C58-4112-A08D-D4DDD3A00BBC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8B41D03A-0A16-4DD3-81B7-32381C207965}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8BC6210F-49EF-4D24-A8E1-B7743F306AF8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8D258EAE-43F8-4525-B364-3E46A975BDB1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8DF8FF24-E5E8-41B1-B98E-969124AA1DA8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8DFB1C3A-0B19-458E-AAB0-4522AD0FF6CD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8E09D456-E3C9-4EAB-9CE1-F0A6E86EBA06}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8E2898B5-C4A2-48C0-8F99-8C7922DDEE4E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8F2A50B8-405A-4712-AC38-D9FF0AF61A79}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8FC5428B-028A-444E-9E86-68103487BE02}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{8FF2A616-89D0-40F1-8C71-DF359BEB7935}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9010A5B2-D889-42D9-ABD3-176597B9AA82}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{912278D3-91D2-465C-83BA-9F17151A21E8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{924BC85F-F135-4CED-8D94-79A5F73EEE1B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{92AF094B-578E-4245-91C6-438C5F24DD30}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{92C17B53-B64B-4366-B7F7-AE81B43B3DE8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{93D24255-B602-4C0F-8C31-5A4C957E3642}" = dir=in | app=c:\program files\skype\plugin manager\skypepm.exe |
"{9423D51C-9483-4AA5-8AC1-CAE1E3F203E5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9439B06E-A57A-4795-AB7D-2A6CA399EA4E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{949A5B5E-9D13-43DF-8D91-2520033CCE09}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{95C66314-B359-4694-91DE-ECB5A109E288}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{964C0E5D-5FE2-4AC3-97B0-3E911FB296EA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{966C2895-590A-4332-BFC5-F4DFCD01BC28}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{99783F6B-4C52-45DF-8267-00AA1531BE33}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9995A054-1B5C-486B-926C-172B09CDA14F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{99AFA6E8-6927-4598-A311-397A9095ADA4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9AB930E5-89E2-498B-A627-82C9D45650E5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9AFE69ED-D3C8-4CBB-87CA-80CE2D1CCDE9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9C8C7AAC-EDCF-4FC9-AA27-12CBC582665C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9D196AE4-3003-408A-AE5B-D644EC4C540A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9D731346-A772-46B7-AE74-C3A9BF631A12}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9DAB34AB-B7AF-4036-9863-C125D6097D49}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9E98D406-4988-4A61-B29E-4359458F97FE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{9F033CD6-B943-4020-BD6A-73D654684A36}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A0305448-4D8F-4EDA-B8AE-0684DC047B84}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A06F2427-BB4A-45B5-85BE-0E4E105204BE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A0C2DBE1-BB2F-4628-9D42-7E6362719FFD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A268C1F6-6E59-4B14-9B70-0701E3911CF6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A2A5B439-2D5D-4380-B4B3-79410E47538B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A2E4EE00-0C3B-4BDF-9F8E-9A02F0AA4B9A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A36A2D26-2FC2-44D4-BEC8-2BE75E31EE4C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A38A7F04-2411-47CA-A2CC-EBD59930F9AD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A3ADEA32-14A6-4258-A797-4AAAC2610408}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A3D78E95-19CF-48E7-ADC9-139AA6283170}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A426E5F8-3B7A-449B-A041-4BA113580B95}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A44BB390-4D4F-4D7F-871F-4D832F331954}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A46BC364-80DD-4E01-8789-98BACBB06EF7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A5AE4EE1-C5BD-48D3-9345-14A685C8B722}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A5D6FE0D-6B90-4242-88D6-C47BDA425247}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A66BBC30-AC7C-434E-A48C-3B0AB5A7DCB7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A7B84F07-BB12-4FBC-9953-57B74EAD41C2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A7BA8E4C-3B0C-4C88-B241-873631AFFA6B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{A7E56A3D-154E-4F82-8DF6-40EEE00A3761}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AAB58272-EB47-4E4C-8A3C-10A596086DD3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AAF873E9-B60C-4D53-9BE5-7358701BC452}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ADCBCBF7-16AC-4B79-918D-3B75DDD24E1D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ADDAC003-5B60-4086-AC85-244FC016AF31}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ADE206E1-AB54-43B4-BFBA-21C1180F5888}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AE45DA63-D6FD-4692-888D-A82269AE5103}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AE4D7B33-C905-4E5E-BFB7-9068BCD1DCD7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AF09A85F-D905-4FC3-8975-3C4BB1E1D526}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AFC8CE7B-DEEC-4371-84D5-28609EBC6E53}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AFEDC19E-0B58-4FCD-B7AC-83CBC5C83196}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AFF5871C-9417-4D09-93B7-81670C7DA868}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B1090254-41BD-4928-87F9-5A935128A689}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B2C77BA7-CF30-43D3-8A45-D6B2A9B46152}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B2CF10E5-8EDA-4BDE-B285-F2B80E69E5CB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B3713CC6-FF0B-4D19-9799-FE553EFBA224}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B5534392-64A6-46A9-A214-7D41195384D1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B5B97613-2D84-40CB-8AA2-8F1EC49B729F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B5E310FF-78B2-47A8-A10B-F58DDE18CCDA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B757DE59-7AAD-423B-91CE-B6E57C8BCCDA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B82668DA-C46E-454D-8B24-1CED785CD298}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B83F54C6-96AE-44B8-85B6-D2B5C2270DAB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B86307A8-D518-4A81-84D6-85F42ABEF534}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B8A806F0-166A-4D8D-ABAE-C6DFC3065D3A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B914E78C-65C8-4FFA-A022-E3D7A337185F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B9F118B3-240B-43D2-9BB2-665C3772685E}" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"{BA014862-E34A-4AB6-A8A1-B0CDC8C70B74}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BC8E7EC1-5F10-476E-8DBC-E0734D4F4E03}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BE5B3D3F-16A1-499B-890C-4C72686EA2F9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{BE8BEDF4-D560-4977-A1F0-E01F122C7D7B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C11F63CE-D287-426B-A5DA-656B1997AE92}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C18F1D62-89C4-450D-A841-1074D2F9176D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C3C3EE66-F70D-4159-BD48-EF206F1356A9}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C5888C42-4CB7-4F43-8B2B-70D045515D11}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C5EF8672-A5A8-4194-A949-13485121C041}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C733C410-93BF-4CDF-9589-DF131DC11201}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C7CE7832-BC1E-40A6-AD4B-F3FD2F58790D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C7D499D8-0ACD-4E71-924A-A92D4BCA2778}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{C99783C1-1E20-4A69-845E-5E3F3E9D70A8}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CB20BD0F-04FF-427A-ABD7-1E661D2E7C9F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CC73278F-95EF-4C88-ACB6-F3387A1AA377}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CCC96AA5-8D7F-41EE-A7B1-8A300A13F4FD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CD305ABB-5A07-4321-BA24-7A475DD1D62F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{CD64D1B4-0BB0-4646-8BDC-704433B9A6A6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D045B449-9F29-4C19-8CD0-8590D56E7E2A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D10A0A1C-E233-48A4-A602-D9E70D88CC8B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D1310F1B-9CB2-489A-BD7E-38EE8B138BD7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D1B203A6-5DD6-4A4C-9845-78B23918E78A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D1C700C3-2B30-4B5D-A360-8209147CE8FA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D47AA842-F79A-4564-9F21-081878F06273}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D569E92E-350B-4069-A444-1D49C92A054D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D5C0ECE2-B094-472C-B84E-9F18A4C1614C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D5DF84D2-DB99-4655-A1D0-BA0BB4C7002F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D69905A9-7E62-48CC-9560-CC2A8FA9C4F5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D6B8DF9C-1F24-4119-BB01-13AD521F5128}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D723C27A-2D38-49EC-910E-F9D5922BD8B3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D74771B7-0DE0-4C5E-BCE8-A3D9A76D6C4D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D781F44E-175E-4BBD-83A7-96941A09E279}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D7844045-EF67-4291-9D32-45007876B11F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D88A16E2-62B3-4577-898A-D59082CFB612}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D8F1BD62-D3AB-495A-AB16-C393573F41C3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D95BBADF-ED8D-461A-9DF4-D390A030B1F4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{D9857061-20EB-4967-B0D2-4836FB7B2CD5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DB222F45-3A23-4BE8-B5C6-5EAEC9BA6461}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DBD0FF11-E512-4090-88C7-5608A20987C2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DC25E133-F6C0-4BE9-8465-E38DBB39F596}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DCDA22BF-7B27-44D7-9D27-EB0A99C4255E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DD23A7A1-123D-4D5A-88FB-7DE8A672A03F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DD75358A-7247-409E-BCF6-D9D4DE73B86A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DE89043F-9B69-4632-A37D-7763EECBD246}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DE90282B-D047-4DC5-9498-EF832B6E4CE2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DF9719FB-D311-4EE1-906E-0B3E58D46A02}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{DFAACABB-3A1D-485E-A4B2-2148040C8A5A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E14B74A3-4665-473A-845E-060625C6D05E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E1C1BB0A-8AC0-471B-9236-FA17C7A4B88A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E2056CCE-076C-449C-841E-331317B45BCE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E385A96E-4510-4CEA-9F1C-DAF1BAFEA7A5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E42FB55A-4D8E-496C-83A4-C471E519CEFF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E5331A4E-645B-4DEA-A30F-61A18BB870F1}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E55F0F6B-6E29-48F3-BC12-88DF39961B5B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E5984C6F-B68F-43FD-9C0D-88354ED47399}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E62F4B06-CB9F-4050-9CD6-D7FCD8A7C8C6}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E757C69D-00B8-4BF0-9D72-5368908DD779}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E75FD7F5-CD75-40F3-86A3-B6A8B721BFDA}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E8BD64BF-C07D-405B-9FAC-0A280AB7AB17}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E965E5CD-65B5-464F-B4EE-E0E72E5448FE}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{E9F2ED29-B76A-4C60-B00F-313E5828E9C3}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EA225735-19AD-47DA-A1DD-A558FFD8FDF4}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EC1BA47D-B4E4-4CC3-8CD4-BDB63CFD1C7E}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EC403269-510D-44EA-A384-13F1FCE27026}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{ED455C95-CFED-4A38-A6EC-EC65275B1F4B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EDFB7C35-23A1-4146-97AA-4786573D941D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EE5E7D4B-8E41-4843-9547-E8030BC52EF7}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe |
"{EF4DFBC4-EFF6-428C-9162-B5E5F2D7B126}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{EFDA0447-67A6-456D-9C52-15125FEB266F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F143A550-0335-43E1-B2C0-0D5AB57C2196}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F1ADC63F-B25F-4994-932A-E317C2539B8D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F1C7646A-20CC-4D2C-A7A5-89C0724B0744}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F1EB3FDC-2265-4D59-9677-B7F6A708D185}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F212F993-D645-470D-A6CE-479CA4C0464B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F2A5E555-5E76-4A88-A51D-AB517F0A96E5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F35A1688-754B-4DB7-B7BB-19C7D7770472}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F38AFD69-01CD-476A-B390-9676BFE58DBF}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F4B258FE-FD2B-4BE5-B2AD-0D3A02C2B78A}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F4B9E0E6-9111-416E-804C-9A7A19BA7A95}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F5BDE6F2-4158-4920-BD30-D3F1FDE0E503}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F5E1AA57-1EC5-43CB-8FB7-57D22F24D38D}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F6E418F0-1ED3-4FA7-9356-9DE74E59CF3F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F7BABDFD-302E-4853-9F42-FC96A8038282}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F825AE0E-BC3A-4953-9170-9E3C6FE1CF36}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F83B2F0D-D82C-4355-952F-410DA8463286}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F89BF2BD-56A3-4AF5-B937-C10D937AB166}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F961BF3A-36DC-48D6-AC39-7280D8743571}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{F9A546C3-52EF-4EB9-9031-7AC6D3A0062D}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{FA088EA0-CC13-40B8-A678-D977A1C27B49}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FA89409E-11AF-4C55-9E1E-177F9A9CDDBB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FB2769F8-638D-42C0-B8AD-73922A78BEA7}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FBF9D2DF-489E-43AE-ACC9-6986D6F871E2}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FC8B86AE-EA79-4797-8A7E-3A72113D9FF5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FCA50D3B-B798-4245-885F-5E92BF68625B}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FDAC6247-FCA6-4A3F-AC2E-528FBA10F3D5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FDE92185-DE39-4191-9875-29FE0458A256}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FE178C91-D3E2-4C98-B785-82DE59636E4F}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FE2CF06B-7305-4B87-82CF-DC61429EEB96}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FE80BB63-C770-41DD-BD9B-21C37FC45E38}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FF2CCC15-36D5-469C-BDD5-86348E88E775}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{FFFF7BA9-F010-429F-94F3-61BF768C0E30}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"TCP Query User{1320DA34-1C76-4ED4-82B7-A09E9865D4AD}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{9AFA69A5-78F0-4350-B78E-7DA5DBC2DA20}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{A0FCBA8F-1E5D-4B5D-B482-8CC8E9EA62D5}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{4CCDF7F7-C5C1-43E6-941A-2F657721E340}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{C71B84A6-972C-481C-B689-956E782B317B}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{E5EB674A-3F2D-4BD4-ADFA-41FDD4457110}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04F707AE-1AFD-FCB3-15FB-678EB18E5276}" = Catalyst Control Center Graphics Light
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0B75F2BE-EA34-C35E-795B-14B6AD05EF33}" = CCC Help English
"{0C352FE8-D3C7-5679-3916-94B703AE2568}" = Catalyst Control Center Localization Portuguese
"{0CEF967E-5776-AAB4-24B7-B77B1CFD1F1B}" = ccc-utility
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP3300" = Canon iP3300
"{12127C0A-4364-AF17-890A-161497C7C445}" = CCC Help Polish
"{139B0FFA-187E-4BA1-BCA6-6B56B2B6AB8C}" = ATK Media
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = LifeFrame2
"{1F1D117B-2819-5686-F837-6F573CD98D1B}" = Catalyst Control Center Localization Thai
"{212748BB-0DA5-46DE-82A1-403736DC9F27}" = MSVC80_x86
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java(TM) 6 Update 13
"{26DBD556-77EA-04E4-ED34-9C341ECBCD10}" = Catalyst Control Center Localization Turkish
"{2DE63F00-FDAA-54A5-CB0D-14CE878A6BEB}" = Catalyst Control Center Localization Czech
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{34B92C91-1B7F-CA25-A565-D7B93050A7E5}" = Catalyst Control Center Localization Spanish
"{363AA734-FEDD-B361-AC59-99F8F323881A}" = CCC Help Norwegian
"{36CEB090-7231-0532-59A3-3D5CD5EBB689}" = Catalyst Control Center Graphics Previews Vista
"{3912D529-02BC-4CA8-B5ED-0D0C20EB6003}" = ATK Hotkey
"{3D39E775-DDDA-4327-B747-0BDC5F191331}" = Nokia PC Suite
"{3E46600E-8E92-AE52-F505-2552A0EA1697}" = CCC Help Danish
"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager
"{4385133D-4A33-2565-7B46-80A89EA0E888}" = Catalyst Control Center Localization Italian
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4E5E22C2-1386-47AE-8EDE-32DDCDCD6653}" = QuickTime
"{52D02A2B-03D2-4E34-A358-DC5D951FD296}" = Nokia Connectivity Cable Driver
"{57B15AD4-8C9D-4164-82BB-E33D8644E757}" = ASUS InstantFun
"{5C1DB4ED-E9B4-402D-BB14-D75D97D6C1A6}" = ATKOSD2
"{61F128C7-59EB-98EA-FE59-2BE6332DF04B}" = CCC Help Chinese Traditional
"{6324A1EF-CEF4-43E3-8BCD-9EF3F67317FD}" = NB Probe
"{63B3A1B7-DE32-A193-486A-6A39D08C235C}" = CCC Help Chinese Standard
"{63EC2860-FAC7-5BC0-5F6A-BCE20C0EBC80}" = Catalyst Control Center Localization Norwegian
"{666472B6-06A7-0C3A-6165-9A133013BDB2}" = Catalyst Control Center Localization Chinese Traditional
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6B387AB8-A460-5B93-0517-0A9B0D4318B9}" = Catalyst Control Center Graphics Full New
"{6CF08F61-9C7D-8F20-ADED-7A40AEE6F2B7}" = Catalyst Control Center Localization Chinese Standard
"{6E32B134-CA8D-49DD-B94C-0DB155CE70B5}" = ccc-Branding
"{6E65247F-58F9-41CA-BE69-0316F7907170}" = Disc2Phone
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72DCA752-2EAC-3FC8-60C9-19A0D3884302}" = CCC Help Hungarian
"{7463A3EB-F88E-00FC-6081-AD02FB321C54}" = Catalyst Control Center Localization Swedish
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{780950E3-008C-FE5E-AEE6-5EF77D81B31F}" = Catalyst Control Center Core Implementation
"{7D83D3A4-0F45-8075-0AB6-B6D1106CF1B8}" = CCC Help Dutch
"{83A40382-EA9B-A1DF-C2E9-32D65E0B8C23}" = Catalyst Control Center Localization Hungarian
"{83E06C1E-B97B-2679-5EFA-7D0D7FA1ADF1}" = CCC Help Swedish
"{83F73CB1-7705-49D1-9852-84D839CA2A45}" = Wireless Console 2
"{863373A8-5B31-2CBA-16E2-6780AE724DB4}" = CCC Help Portuguese
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{876FF807-179D-663C-3989-B9E97DD7DF43}" = Catalyst Control Center Localization Russian
"{88F36928-8B64-08CB-983A-8B2042CF15D0}" = Catalyst Control Center Localization Dutch
"{8A8C4EAC-9AB7-45FA-9480-5716FD261031}" = Nero 7 Essentials
"{8CFEBE9C-F29F-4C49-80E0-7106970F8734}" = Power4Gear eXtreme
"{937EC4CC-5B69-2990-FC5B-512E1520D0DA}" = CCC Help Russian
"{93DDECDF-0AA0-B360-6A6F-288099DD2D98}" = CCC Help Finnish
"{99D9B4EB-FE36-8A77-ABA9-1FA02E635E63}" = Catalyst Control Center Localization Danish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = Asus MultiFrame
"{9D6D7811-43B3-463C-BC79-5D1755269989}" = Net4Switch
"{A3103F91-39CE-BEDE-680A-D41F26F97D8F}" = CCC Help Thai
"{A6752CB8-1FA2-070B-C80E-B3B67781603C}" = CCC Help Spanish
"{A7714FC2-BFEC-31A6-AA47-321676B73DFA}" = CCC Help German
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AD757BEF-0720-BA67-FD34-5FB5D950BD60}" = Catalyst Control Center Localization French
"{B01C55C2-37BC-3B95-CAE2-4D12F50FAF8F}" = Catalyst Control Center Localization Korean
"{B021DB07-517A-1FE9-05E1-2FF29870C53D}" = Catalyst Control Center Localization German
"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0
"{B5D76EC0-13E1-DFEE-9DA4-5F8BC9F4C5CF}" = Catalyst Control Center Graphics Previews Common
"{B8B0FC8B-E69B-4215-AF1A-4BDFF20D794B}" = pdfforge Toolbar v1.0
"{C0FC1C14-4824-4A73-87A6-9E888C9C3102}" = ASUS Splendid Video Enhancement Technology
"{C3834E9A-09EE-3809-3479-0A2E0487EB64}" = CCC Help Greek
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD54A3A7-2CE4-CB17-F5BC-ED6F48501AF8}" = CCC Help French
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEF65258-EB04-DA25-3C8B-93E44F2321C6}" = CCC Help Italian
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1371B55-1ABB-113F-980B-5531C9529416}" = CCC Help Czech
"{D36A399D-5F74-F01C-3102-3768514B2383}" = ccc-core-static
"{DB5C6904-E162-3DA7-8D92-9F5D70FA9E7F}" = CCC Help Japanese
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DE10AB76-4756-4913-BE25-55D1C1051F9A}" = WinFlash
"{E0C2FD92-2054-781C-7719-F3FE978B571A}" = Catalyst Control Center Localization Finnish
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe  1.4.124.1
"{E36D7B40-4411-3B38-DAC0-4CF6574C1DB9}" = Skins
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{ED03EBC3-0621-1ED7-11FA-E22D8FC79909}" = Catalyst Control Center Localization Polish
"{F33B21FC-D4B9-522A-5B67-F87A0BAA3268}" = CCC Help Korean
"{F36828A9-4231-579E-2393-E43B299D77B8}" = Catalyst Control Center Localization Japanese
"{F6D1EEB6-544C-7071-DB1B-11FA4A9AC432}" = Catalyst Control Center Graphics Full Existing
"{F7B0939E-58DF-11DF-B3A6-005056806466}" = Google Earth
"{FC9CCB53-0EC6-A64E-52C2-68C70858AA56}" = CCC Help Turkish
"{FF216817-DAE6-3280-28EF-C4F12A88E33F}" = Catalyst Control Center Localization Greek
"abvpkwql" = Favorit
"ActiveScan 2.0" = Panda ActiveScan 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"ATI Uninstaller" = ATI Uninstaller
"Canon iP3300 Benutzerregistrierung" = Canon iP3300 Benutzerregistrierung
"Canon Setup Utility 2.3" = Canon Setup Utility 2.3
"E8A6D621B6D3FC5D43C68C549D959DE76EEF5D84" = Windows-Treiberpaket - Nokia Modem  (06/01/2009 4.1)
"Easy-PhotoPrint" = Canon Utilities Easy-PhotoPrint
"Easy-PrintToolBox" = Canon Utilities Easy-PrintToolBox
"Easy-WebPrint" = Easy-WebPrint
"F779F5541ABD99C95C03B0FD5E3C058B22DA0FF7" = Windows-Treiberpaket - Nokia Modem  (06/01/2009 7.01.0.3)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"FreePDF_XP" = FreePDF XP (Remove only)
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"GPL Ghostscript 8.64" = GPL Ghostscript 8.64
"InstallShield_{4E5E22C2-1386-47AE-8EDE-32DDCDCD6653}" = QuickTime
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Anti-Virus 2011
"Kaspersky Online Scanner" = Kaspersky Online Scanner
"KigoVideoConverter_is1" = KigoVideoConverter 1.1.0
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.11)" = Mozilla Firefox (3.5.11)
"Nokia PC Suite" = Nokia PC Suite
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"SMSERIAL" = Motorola SM56 Speakerphone Modem
"Sony Ericsson" = Sony Ericsson Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"USB2.0 1.3M WebCam" = USB2.0 1.3M WebCam
"WinRAR archiver" = WinRAR
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Messenger" = Yahoo! Messenger
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 02.08.2010 15:29:40 | Computer Name = Asus-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 02.08.2010 15:38:15 | Computer Name = Asus-PC | Source = VSS | ID = 8193
Description =
 
Error - 02.08.2010 15:38:16 | Computer Name = Asus-PC | Source = System Restore | ID = 8193
Description =
 
Error - 02.08.2010 15:38:20 | Computer Name = Asus-PC | Source = VSS | ID = 8193
Description =
 
Error - 02.08.2010 15:38:20 | Computer Name = Asus-PC | Source = System Restore | ID = 8193
Description =
 
Error - 02.08.2010 15:38:32 | Computer Name = Asus-PC | Source = VSS | ID = 8193
Description =
 
Error - 02.08.2010 15:38:32 | Computer Name = Asus-PC | Source = System Restore | ID = 8193
Description =
 
Error - 02.08.2010 15:38:38 | Computer Name = Asus-PC | Source = VSS | ID = 8193
Description =
 
Error - 02.08.2010 15:38:38 | Computer Name = Asus-PC | Source = System Restore | ID = 8193
Description =
 
Error - 02.08.2010 15:39:36 | Computer Name = Asus-PC | Source = VSS | ID = 8193
Description =
 
[ System Events ]
Error - 24.08.2010 18:25:02 | Computer Name = Asus-PC | Source = HTTP | ID = 15016
Description =
 
Error - 24.08.2010 23:32:08 | Computer Name = Asus-PC | Source = Service Control Manager | ID = 7011
Description =
 
Error - 25.08.2010 00:11:51 | Computer Name = Asus-PC | Source = Service Control Manager | ID = 7011
Description =
 
Error - 25.08.2010 12:14:08 | Computer Name = Asus-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 25.08.2010 um 06:55:42 unerwartet heruntergefahren.
 
Error - 25.08.2010 12:14:20 | Computer Name = Asus-PC | Source = HTTP | ID = 15016
Description =
 
Error - 25.08.2010 14:47:47 | Computer Name = Asus-PC | Source = DCOM | ID = 10010
Description =
 
Error - 25.08.2010 14:48:12 | Computer Name = Asus-PC | Source = DCOM | ID = 10010
Description =
 
Error - 25.08.2010 14:56:05 | Computer Name = Asus-PC | Source = HTTP | ID = 15016
Description =
 
Error - 25.08.2010 15:07:06 | Computer Name = Asus-PC | Source = DCOM | ID = 10010
Description =
 
Error - 25.08.2010 15:12:53 | Computer Name = Asus-PC | Source = HTTP | ID = 15016
Description =
 
 
< End of report >
--- --- ---

Hicke 26.08.2010 19:35
So Dateien wären jetzt vorhanden. Jetzt benötige ich Eure Hilfe

cosinus 26.08.2010 20:25
malwarebytes hat wirklich nichts gefunden? Gibt es noch mehr Logs davon?

Hicke 26.08.2010 20:27
Ah da ist er ja:). Hallo, schön guten Abend. Ne mehr gab es da nicht

cosinus 26.08.2010 20:29
Sieht alles recht unauffällig aus.
Noch Probleme oder weitere Funde in der Zwischenzeit?

Hicke 26.08.2010 20:33
Also Probleme insofern das jder Virenscanner maleware meldet und irgendwas retten will. Ich dachte die otl dateien sehen eher komisch aus.
Probleme hinsichtlich hochfahren etc. gibt es eigentlich auch nciht, jedoch meldet der Virenscanner diese 3 anfangs genannten Trojaner..

und die löscht das programm auch nicht. Ich denke ja der PC hat noch Probleme, man kann sie aber einfach so nicht greifen..

Hicke 26.08.2010 20:34
meldeung kaspersky
26.08.2010 21:28:28 Gefunden trojanisches Programm Exploit.Java.Agent.be c:\users\asus\anwendungsdaten\tuneup software\tuneup utilities\backups\00000021.rcb Hoch

cosinus 26.08.2010 20:34
Zitat:
Also Probleme insofern das jder Virenscanner maleware meldet und irgendwas retten will. Ich dachte die otl dateien sehen eher komisch aus.
Malwarebytes hat nichts gefunden!
OTL Logs sind unauffällig!

Was genau wird außer das von Dir zuerst genannte gefunden? Wurde das in Quarantäne verschoben?!

Hicke 26.08.2010 20:45
hi, mist hab das mit der Seite 2 nicht so schnell gesehen:) Mh kenne kaspersky nicht so sehr. in quarantäne ist nichts drin
das jedoch steht unter erkannte bedrohung
26.08.2010 21:43:23 Gefunden trojanisches Programm Exploit.Java.Agent.be c:\users\asus\anwendungsdaten\tuneup software\tuneup utilities\backups\00000021.rcb Hoch

cosinus 26.08.2010 20:54
Lass die Finger von TuneUp! Das Programm ist der allerletzte Müll! Alle Einstellungen rückgängig machen und deinstallieren! => TuneUp: Wundermittel oder Placebo Reloaded | DerFisch.de

Hicke 26.08.2010 20:54
was soll ich nun tun?

Hicke 26.08.2010 20:56
tune up habe ich schon deinstalliert, weil ich dachte der virus hängt darin ggf. irgendwie drin. kann nichts mehr rückgängig machen. bin verwundert, dachte tune up wäre ein gutes programm

cosinus 26.08.2010 21:04
Viele mussten wegen TuneUp ihr System neu aufsetzen, weil es irgendwelche Einstellungen durchgeführt hat (keiner wusste was) und dann das System kaputt war oder in Zeitlupe lief. Das Tool ist reine Geldverschwendung.
Du kannst in so kurzer Zeit nicht den kompletten Artikel von derfisch gelesen haben, lies ihn!!

Außerdem dem Fund in TuneUp noch was anderes?

Hicke 26.08.2010 21:07
26.08.2010 21:43:23 Gefunden trojanisches Programm Exploit.Java.Agent.be c:\users\asus\anwendungsdaten\tuneup software\tuneup utilities\backups\00000021.rcb Hoch


nE ist auch tune up, aber zumindest frisch gefunden. wie bekomme ich das weg?

Hicke 26.08.2010 21:08
25.08.2010 00:16:27 Infiziert trojanisches Programm Packed.Win32.Krap.ar C:\Users\Asus\AppData\Roaming\Heicbe\opzew.exe Hoch

Hicke 26.08.2010 21:15
hab es nun gelesen. macht mich stutzig und nachdenklich.. was räumt denn dann gut den rechner auf?

cosinus 26.08.2010 21:16
Führ erstmal CF aus:


ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
http://saved.im/mtm0nzyzmzd5/cofi.jpg
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Hicke 26.08.2010 22:07
Combofix Logfile:
Code:
ComboFix 10-08-26.02 - Asus 26.08.2010  22:44:11.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6001.1.1252.49.1031.18.2047.1113 [GMT 2:00]
ausgeführt von:: c:\users\Asus\Desktop\cofi.exe\ComboFix.exe
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
SP: McAfee Anti-Virus und Anti-Spyware *disabled* (Updated) {C78B3C70-4777-4742-BB91-9D615CC575E6}
SP: Windows-Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\pdfforge Toolbar\WiDGitoolbarie.dll
c:\users\Asus\AppData\Local\abvpkwql.dat
c:\users\Asus\AppData\Local\abvpkwql_nav.dat
c:\users\Asus\AppData\Local\abvpkwql_navps.dat
c:\users\Asus\AppData\Roaming\MSA

.
(((((((((((((((((((((((  Dateien erstellt von 2010-07-26 bis 2010-08-26  ))))))))))))))))))))))))))))))
.

2010-08-26 20:56 . 2010-08-26 20:56        --------        d-----w-        c:\users\Default\AppData\Local\temp
2010-08-26 20:34 . 2010-08-26 20:34        --------        d-----w-        c:\program files\CCleaner
2010-08-25 18:52 . 2009-11-08 08:55        99176        ----a-w-        c:\windows\system32\PresentationHostProxy.dll
2010-08-25 18:52 . 2009-11-08 08:55        49472        ----a-w-        c:\windows\system32\netfxperf.dll
2010-08-25 18:52 . 2009-11-08 08:55        297808        ----a-w-        c:\windows\system32\mscoree.dll
2010-08-25 18:52 . 2009-11-08 08:55        295264        ----a-w-        c:\windows\system32\PresentationHost.exe
2010-08-25 18:52 . 2009-11-08 08:55        1130824        ----a-w-        c:\windows\system32\dfshim.dll
2010-08-24 21:55 . 2010-08-24 21:55        404152        ----a-w-        c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\mcouas.dll
2010-08-24 21:55 . 2010-08-24 21:55        166584        ----a-w-        c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\klwtblc.dll
2010-08-24 21:55 . 2010-08-24 21:55        125624        ----a-w-        c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\shellex.dll
2010-08-24 21:55 . 2010-08-24 21:55        113336        ----a-w-        c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav11\11.0.1.400\sbstart.exe
2010-08-24 21:55 . 2010-08-24 21:55        129720        ----a-w-        c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400\shellex.dll
2010-08-24 21:55 . 2010-08-24 21:55        113336        ----a-w-        c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400\sbstart.exe
2010-08-24 21:55 . 2010-08-24 21:55        404152        ----a-w-        c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400\mcouas.dll
2010-08-24 21:55 . 2010-08-24 21:55        170680        ----a-w-        c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav11\11.0.1.400\klwtblc.dll
2010-08-24 21:37 . 2010-08-24 21:37        283984        ----a-w-        c:\programdata\Kaspersky Lab\AVP11\Data\Updater\Temporary Files\temporaryFolder\bases\av\kdb\i386\win\avengine.dll
2010-08-24 21:31 . 2010-08-24 21:55        97549        ----a-w-        c:\windows\system32\drivers\klick.dat
2010-08-24 21:31 . 2010-08-24 21:55        113933        ----a-w-        c:\windows\system32\drivers\klin.dat
2010-08-24 21:28 . 2010-08-24 21:28        --------        d-----w-        c:\program files\Kaspersky Lab
2010-08-24 20:14 . 2010-08-24 20:14        --------        d-----w-        C:\PerfLogs
2010-08-24 19:47 . 2010-08-24 19:47        --------        d-----w-        c:\programdata\Kaspersky Lab Setup Files
2010-08-24 18:36 . 2010-08-26 19:43        --------        d-----w-        c:\programdata\Kaspersky Lab
2010-08-24 18:35 . 2010-08-24 18:35        --------        d-----w-        c:\windows\system32\Kaspersky Lab
2010-08-16 18:08 . 2010-08-16 18:08        --------        d-----w-        c:\program files\Common Files\Skype
2010-08-16 18:08 . 2010-08-16 18:08        --------        d-----r-        c:\program files\Skype
2010-08-12 17:40 . 2010-01-25 12:48        472576        ----a-w-        c:\windows\system32\secproc_isv.dll
2010-08-12 17:40 . 2010-01-25 12:48        472064        ----a-w-        c:\windows\system32\secproc.dll
2010-08-12 17:40 . 2010-01-25 08:35        523776        ----a-w-        c:\windows\system32\RMActivate_isv.exe
2010-08-12 17:40 . 2010-01-25 08:34        511488        ----a-w-        c:\windows\system32\RMActivate.exe
2010-08-12 17:40 . 2010-01-25 12:45        329216        ----a-w-        c:\windows\system32\msdrm.dll
2010-08-12 17:40 . 2010-01-25 08:35        346624        ----a-w-        c:\windows\system32\RMActivate_ssp_isv.exe
2010-08-12 17:40 . 2010-01-25 08:34        347136        ----a-w-        c:\windows\system32\RMActivate_ssp.exe
2010-08-12 17:40 . 2010-01-25 12:48        151040        ----a-w-        c:\windows\system32\secproc_ssp_isv.dll
2010-08-12 17:40 . 2010-01-25 12:48        151040        ----a-w-        c:\windows\system32\secproc_ssp.dll
2010-08-12 17:40 . 2009-08-28 12:39        28672        ----a-w-        c:\windows\system32\Apphlpdm.dll
2010-08-12 17:40 . 2009-08-28 10:15        4240384        ----a-w-        c:\windows\system32\GameUXLegacyGDFs.dll
2010-08-12 17:39 . 2009-08-31 13:55        293376        ----a-w-        c:\windows\system32\psisdecd.dll
2010-08-12 17:39 . 2009-08-31 13:55        428544        ----a-w-        c:\windows\system32\EncDec.dll
2010-08-12 17:38 . 2009-09-10 15:21        310784        ----a-w-        c:\windows\system32\unregmp2.exe
2010-08-12 17:38 . 2009-09-10 15:21        8147456        ----a-w-        c:\windows\system32\wmploc.DLL
2010-08-11 20:14 . 2010-08-11 20:14        --------        d-----w-        c:\users\Asus\AppData\Local\WindowsUpdate
2010-08-11 19:24 . 2010-07-26 20:30        705208        ----a-w-        c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\id7gz4la.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-08-11 19:24 . 2010-07-26 20:30        978664        ----a-w-        c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\id7gz4la.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-08-11 18:29 . 2009-08-24 12:16        378368        ----a-w-        c:\windows\system32\winhttp.dll
2010-08-11 17:10 . 2008-06-20 01:17        97800        ----a-w-        c:\windows\system32\infocardapi.dll
2010-08-11 17:10 . 2008-06-20 01:18        105016        ----a-w-        c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2010-08-11 17:10 . 2008-06-20 01:17        622080        ----a-w-        c:\windows\system32\icardagt.exe
2010-08-11 17:10 . 2008-06-20 01:17        11264        ----a-w-        c:\windows\system32\icardres.dll
2010-08-11 17:10 . 2008-06-20 01:18        781344        ----a-w-        c:\windows\system32\PresentationNative_v0300.dll
2010-08-11 16:50 . 2008-07-27 18:00        158720        ----a-w-        c:\windows\system32\mscorier.dll
2010-08-11 16:50 . 2008-07-27 18:00        83968        ----a-w-        c:\windows\system32\mscories.dll
2010-08-11 16:16 . 2010-08-11 16:16        --------        d-----w-        c:\users\Asus\AppData\Roaming\Malwarebytes
2010-08-11 16:14 . 2010-04-29 13:39        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-11 16:14 . 2010-08-11 16:15        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2010-08-11 16:14 . 2010-08-11 16:14        --------        d-----w-        c:\programdata\Malwarebytes
2010-08-11 16:14 . 2010-04-29 13:39        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-08-11 03:58 . 2010-02-12 10:49        293376        ----a-w-        c:\windows\system32\browserchoice.exe
2010-08-11 03:56 . 2010-02-20 23:39        24064        ----a-w-        c:\windows\system32\nshhttp.dll
2010-08-11 03:55 . 2010-02-20 23:37        31232        ----a-w-        c:\windows\system32\httpapi.dll
2010-08-11 03:55 . 2010-02-20 21:18        411136        ----a-w-        c:\windows\system32\drivers\http.sys
2010-08-10 22:31 . 2009-03-03 03:04        666624        ----a-w-        c:\windows\system32\printfilterpipelinesvc.exe
2010-08-10 22:31 . 2009-03-03 02:38        17408        ----a-w-        c:\windows\system32\iashost.exe
2010-08-10 22:31 . 2009-03-03 04:39        183296        ----a-w-        c:\windows\system32\sdohlp.dll
2010-08-10 22:31 . 2009-03-03 04:40        499200        ----a-w-        c:\windows\system32\wbem\WmiPrvSD.dll
2010-08-10 22:31 . 2009-03-03 04:39        551424        ----a-w-        c:\windows\system32\rpcss.dll
2010-08-10 22:31 . 2009-03-03 04:36        615424        ----a-w-        c:\windows\system32\wbem\fastprox.dll
2010-08-10 22:31 . 2009-03-03 04:40        129024        ----a-w-        c:\windows\system32\wbem\WmiDcPrv.dll
2010-08-10 22:31 . 2009-03-03 02:16        247296        ----a-w-        c:\windows\system32\wbem\WmiPrvSE.exe
2010-08-10 22:31 . 2009-03-03 04:37        98304        ----a-w-        c:\windows\system32\iasrecst.dll
2010-08-10 22:31 . 2009-03-03 04:37        44032        ----a-w-        c:\windows\system32\iasdatastore.dll
2010-08-10 22:29 . 2009-08-14 16:29        104960        ----a-w-        c:\windows\system32\netiohlp.dll
2010-08-10 22:29 . 2009-08-14 16:29        17920        ----a-w-        c:\windows\system32\netevent.dll
2010-08-10 22:29 . 2009-08-14 14:16        9728        ----a-w-        c:\windows\system32\TCPSVCS.EXE
2010-08-10 22:29 . 2009-08-14 14:16        17920        ----a-w-        c:\windows\system32\ROUTE.EXE
2010-08-10 22:29 . 2009-08-14 14:16        27136        ----a-w-        c:\windows\system32\NETSTAT.EXE
2010-08-10 22:29 . 2009-08-14 14:16        19968        ----a-w-        c:\windows\system32\ARP.EXE
2010-08-10 22:29 . 2009-08-14 14:16        10240        ----a-w-        c:\windows\system32\finger.exe
2010-08-10 22:29 . 2009-08-14 14:16        11264        ----a-w-        c:\windows\system32\MRINFO.EXE
2010-08-10 22:29 . 2009-08-14 14:16        8704        ----a-w-        c:\windows\system32\HOSTNAME.EXE
2010-08-10 22:25 . 2009-09-10 17:30        213504        ----a-w-        c:\windows\system32\msv1_0.dll
2010-08-10 22:24 . 2010-01-23 09:44        2048        ----a-w-        c:\windows\system32\tzres.dll
2010-08-10 22:21 . 2009-03-17 03:38        13824        ----a-w-        c:\windows\system32\apilogen.dll
2010-08-10 22:21 . 2009-03-17 03:38        24064        ----a-w-        c:\windows\system32\amxread.dll
2010-08-10 22:21 . 2009-07-17 14:35        71680        ----a-w-        c:\windows\system32\atl.dll
2010-08-10 22:19 . 2009-08-10 11:01        1399296        ----a-w-        c:\windows\system32\msxml6.dll
2010-08-10 22:18 . 2009-04-23 12:43        784896        ----a-w-        c:\windows\system32\rpcrt4.dll
2010-08-10 22:18 . 2009-12-11 12:07        301568        ----a-w-        c:\windows\system32\drivers\srv.sys
2010-08-10 22:18 . 2009-12-11 12:07        98304        ----a-w-        c:\windows\system32\drivers\srvnet.sys
2010-08-10 22:18 . 2008-06-06 03:27        38912        ----a-w-        c:\windows\system32\xolehlp.dll
2010-08-10 22:18 . 2008-06-06 03:27        562176        ----a-w-        c:\windows\system32\msdtcprx.dll
2010-08-10 22:18 . 2010-03-05 14:01        420352        ----a-w-        c:\windows\system32\vbscript.dll
2010-08-10 22:18 . 2009-09-14 09:44        144896        ----a-w-        c:\windows\system32\drivers\srv2.sys
2010-08-10 22:18 . 2010-02-23 11:32        78848        ----a-w-        c:\windows\system32\drivers\mrxsmb20.sys
2010-08-10 22:18 . 2010-02-23 11:32        105984        ----a-w-        c:\windows\system32\drivers\mrxsmb.sys
2010-08-10 22:18 . 2010-02-23 11:32        212992        ----a-w-        c:\windows\system32\drivers\mrxsmb10.sys
2010-08-10 22:17 . 2009-06-10 12:12        160256        ----a-w-        c:\windows\system32\wkssvc.dll
2010-08-10 22:17 . 2009-12-23 12:43        171520        ----a-w-        c:\windows\system32\wintrust.dll
2010-08-10 22:17 . 2010-01-15 00:04        98304        ----a-w-        c:\windows\system32\cabview.dll
2010-08-10 22:08 . 2009-09-04 12:24        61440        ----a-w-        c:\windows\system32\msasn1.dll
2010-08-10 22:07 . 2009-10-07 12:41        244224        ----a-w-        c:\windows\system32\rastls.dll
2010-08-10 22:07 . 2009-10-07 12:41        281600        ----a-w-        c:\windows\system32\raschap.dll
2010-08-10 22:06 . 2009-08-10 13:05        351232        ----a-w-        c:\windows\system32\WSDApi.dll
2010-08-10 21:56 . 2009-12-28 12:28        91136        ----a-w-        c:\windows\system32\avifil32.dll
2010-08-10 21:56 . 2009-12-28 12:35        1314816        ----a-w-        c:\windows\system32\quartz.dll
2010-08-10 21:56 . 2009-12-28 12:35        11776        ----a-w-        c:\windows\system32\tsbyuv.dll
2010-08-10 21:56 . 2009-12-28 12:32        22528        ----a-w-        c:\windows\system32\msyuv.dll
2010-08-10 21:56 . 2009-12-28 12:32        31744        ----a-w-        c:\windows\system32\msvidc32.dll
2010-08-10 21:56 . 2009-12-28 12:32        13312        ----a-w-        c:\windows\system32\msrle32.dll
2010-08-10 21:56 . 2009-12-28 12:31        50176        ----a-w-        c:\windows\system32\iyuv_32.dll
2010-08-10 21:56 . 2009-12-28 12:32        123904        ----a-w-        c:\windows\system32\msvfw32.dll
2010-08-10 21:56 . 2009-12-28 12:31        82944        ----a-w-        c:\windows\system32\mciavi32.dll
2010-08-10 21:56 . 2009-12-28 12:28        65024        ----a-w-        c:\windows\system32\avicap32.dll
2010-08-10 21:56 . 2009-04-02 12:37        604672        ----a-w-        c:\windows\system32\WMSPDMOD.DLL
2010-08-10 21:26 . 2009-08-07 02:24        44768        ----a-w-        c:\windows\system32\wups2.dll
2010-08-10 21:26 . 2009-08-07 02:24        53472        ----a-w-        c:\windows\system32\wuauclt.exe
2010-08-10 21:26 . 2009-08-07 01:45        2421760        ----a-w-        c:\windows\system32\wucltux.dll
2010-08-10 21:15 . 2009-08-07 02:23        1929952        ----a-w-        c:\windows\system32\wuaueng.dll
2010-08-10 21:13 . 2009-08-07 02:24        35552        ----a-w-        c:\windows\system32\wups.dll
2010-08-10 21:13 . 2009-08-07 02:23        575704        ----a-w-        c:\windows\system32\wuapi.dll
2010-08-10 21:13 . 2009-08-07 01:44        87552        ----a-w-        c:\windows\system32\wudriver.dll
2010-08-10 21:12 . 2009-08-06 17:23        171608        ----a-w-        c:\windows\system32\wuwebv.dll
2010-08-10 21:12 . 2009-08-06 16:44        33792        ----a-w-        c:\windows\system32\wuapp.exe
2010-08-10 20:34 . 2010-08-10 20:34        --------        d-sh--w-        c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-08-10 20:11 . 2010-05-31 18:32        64304        ----a-w-        c:\windows\system32\drivers\mfenlfk.sys
2010-08-10 15:40 . 2010-08-24 20:22        --------        d-----w-        c:\programdata\McAfee

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-26 20:57 . 2009-05-30 10:56        --------        d-----w-        c:\users\Asus\AppData\Roaming\Skype
2010-08-26 20:54 . 2009-03-25 13:11        --------        d-----w-        c:\program files\pdfforge Toolbar
2010-08-26 20:36 . 2009-03-12 14:45        --------        d-----w-        c:\users\Asus\AppData\Roaming\Media Player Classic
2010-08-26 20:02 . 2009-03-26 16:02        --------        d-----w-        c:\programdata\Google Updater
2010-08-26 14:47 . 2009-03-22 18:22        --------        d-----w-        c:\users\Asus\AppData\Roaming\skypePM
2010-08-25 19:19 . 2007-04-18 09:14        628436        ----a-w-        c:\windows\system32\perfh007.dat
2010-08-25 19:19 . 2007-04-18 09:14        127056        ----a-w-        c:\windows\system32\perfc007.dat
2010-08-25 19:07 . 2007-04-18 08:33        12        ----a-w-        c:\windows\bthservsdp.dat
2010-08-25 19:05 . 2009-03-22 17:31        --------        d-----w-        c:\programdata\TuneUp Software
2010-08-25 18:56 . 2009-03-12 14:49        45056        ----a-w-        c:\windows\system32\acovcnt.exe
2010-08-24 22:23 . 2009-08-27 04:12        --------        d-----w-        c:\users\Asus\AppData\Roaming\Byypz
2010-08-24 22:16 . 2010-02-04 01:27        --------        d-----w-        c:\users\Asus\AppData\Roaming\Heicbe
2010-08-24 21:56 . 2010-06-28 17:47        283984        ----a-w-        c:\programdata\Kaspersky Lab\AVP11\Bases\avengine.dll
2010-08-24 20:15 . 2006-11-02 12:37        --------        d-----w-        c:\program files\Windows Calendar
2010-08-24 20:15 . 2006-11-02 12:37        --------        d-----w-        c:\program files\Windows Sidebar
2010-08-24 20:15 . 2006-11-02 12:37        --------        d-----w-        c:\program files\Windows Journal
2010-08-24 20:15 . 2006-11-02 12:37        --------        d-----w-        c:\program files\Windows Collaboration
2010-08-24 20:15 . 2006-11-02 11:18        --------        d-----w-        c:\program files\Windows Mail
2010-08-24 20:15 . 2006-11-02 12:37        --------        d-----w-        c:\program files\Windows Photo Gallery
2010-08-24 20:15 . 2006-11-02 12:37        --------        d-----w-        c:\program files\Windows Defender
2010-08-24 20:13 . 2006-11-02 10:25        665600        ----a-w-        c:\windows\inf\drvindex.dat
2010-08-24 19:39 . 2006-11-02 10:32        101888        ----a-w-        c:\windows\system32\ifxcardm.dll
2010-08-24 19:39 . 2006-11-02 10:32        82432        ----a-w-        c:\windows\system32\axaltocm.dll
2010-08-16 18:08 . 2009-03-19 14:44        --------        d-----w-        c:\programdata\Skype
2010-08-14 06:00 . 2010-06-21 07:55        56168        ----a-w-        c:\users\Asus\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-11 16:01 . 2010-06-19 13:00        90        ----a-w-        c:\users\Asus\AppData\Local\atvicwjc.bat
2010-08-10 10:14 . 2010-01-04 15:48        --------        d-----w-        c:\users\Asus\AppData\Roaming\Foela
2010-08-10 10:14 . 2009-07-31 22:09        --------        d-----w-        c:\program files\Live-Player
2010-08-10 09:57 . 2009-05-02 06:25        --------        d-----w-        c:\users\Asus\AppData\Roaming\Sysat
2010-08-10 09:29 . 2009-03-26 18:30        --------        d-----w-        c:\program files\PDFCreator
2010-07-22 18:05 . 2009-10-13 18:28        --------        d-----w-        c:\program files\Ask.com
2010-07-16 10:28 . 2009-01-13 21:37        --------        d-----w-        c:\program files\Common Files\Adobe
2010-07-14 18:37 . 2010-07-14 18:34        --------        d-----w-        c:\users\Asus\AppData\Roaming\QuickScan
2010-07-13 15:54 . 2010-07-13 15:54        2944904        ----a-w-        c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\id7gz4la.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
2010-07-06 13:53 . 2010-07-06 13:53        5080112        ----a-w-        c:\programdata\T-Online\T-Online_Software_6\Basis-Software\update\filedistribution\netzmanager_setup.exe
2010-07-01 19:35 . 2010-07-01 19:35        228024        ----a-w-        c:\windows\system32\klogon.dll
2010-07-01 19:14 . 2010-07-01 19:14        92816        ----a-w-        c:\programdata\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2011 11.0.1.400\German\setup.exe
2010-07-01 06:06 . 2010-07-01 06:06        1037648        ----a-w-        c:\programdata\Kaspersky Lab\AVP11\Bases\klavasyswatch.dll
2010-06-30 05:06 . 2010-06-30 05:06        271696        ----a-w-        c:\programdata\Kaspersky Lab\AVP11\Bases\sys_critical_obj.dll
2010-06-23 18:40 . 2010-06-23 18:40        501936        ----a-w-        c:\programdata\Google\Google Toolbar\Update\gtb430B.tmp.exe
2010-06-09 15:43 . 2010-06-09 15:43        11352        ----a-w-        c:\windows\system32\drivers\kl2.sys
2010-06-09 15:43 . 2010-06-09 15:43        132184        ----a-w-        c:\windows\system32\drivers\kl1.sys
2010-05-31 14:34 . 2010-07-14 18:34        702120        ----a-w-        c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\id7gz4la.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}-trash\components\qscanff.dll
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 13:23        1385864        ----a-w-        c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-20 4363504]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-26 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 729088]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-22 815104]
"ToADiMon.exe"="c:\program files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe" [2007-02-15 282624]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2009-01-30 992256]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2008-07-22 357376]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-23 57344]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2011\avp.exe" [2010-07-01 357096]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"InfoCockpit"="c:\program files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE" [2007-01-16 176128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"tfguxxawqkggqamzerpsTaskMgr"= 0 (0x0)
"xmihsndpubondhlclybtTaskMgr"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4186507801-287623148-3281869339-1000]
"EnableNotificationsRef"=dword:00000001

R2 gupdate1c9ae2c6a87a6aa;Google Update Service (gupdate1c9ae2c6a87a6aa);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-26 133104]
R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [x]
R3 MIINPazX;MIINPazX NDIS Protocol Driver;c:\progra~1\COMMON~1\MARMIK~1\MInfraIS\MIINPazX.SYS [2006-10-09 17152]
R3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;c:\progra~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [2006-10-09 17536]
R3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\Drivers\SIVX32.sys [2007-02-24 19944]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2010-06-09 11352]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 22104]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-05-31 64304]
S2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2006-12-10 24576]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 19984]
S3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\Drivers\StkCMini.sys [2006-12-21 1132544]
S3 WCPU;WCPU;c:\program files\P4G\WCPU.sys [2007-01-02 11120]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs        REG_MULTI_SZ          BthServ
.
Inhalt des "geplante Tasks" Ordners

2010-08-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-22 17:03]

2010-08-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-26 16:03]

2010-08-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-26 16:03]

2009-08-01 c:\windows\Tasks\NSSstub.job
- c:\windows\System32\Adobe\Shockwave 11\nssstub.exe [2009-07-30 08:58]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.scroogle.org/cgi-bin/scraper.htm
IE: Easy-WebPrint - Drucken - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Schnelldruck - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint - Vorschau - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Zu Druckliste hinzufügen - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\id7gz4la.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://de.ask.com?o=15015&l=dis
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=DVSV5&o=15012&locale=de_DE&apn_uid=184A4C6C-CC3F-4CFE-9488-78D483844C68&apn_ptnrs=U9&apn_sauid=7886F2F4-9FD9-4828-B529-C565E83992E8&apn_dtid=&q=
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - component: c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\id7gz4la.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.27\npGoogleOneClick8.dll
FF - plugin: c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\id7gz4la.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-08-26 22:56
Windows 6.0.6001 Service Pack 1 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-08-26  23:03:18
ComboFix-quarantined-files.txt  2010-08-26 21:03

Vor Suchlauf: 9.454.903.296 Bytes frei
Nach Suchlauf: 9.981.177.856 Bytes frei

Current=1 Default=1 Failed=0 LastKnownGood=1 Sets=1,2,3,4,5
- - End Of File - - 4AF8A57DBC1BCCB85C17143C39ECEB6E
--- --- ---

Hicke 26.08.2010 22:17
was sagt es aus?

cosinus 27.08.2010 09:22
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Code:
Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"tfguxxawqkggqamzerpsTaskMgr"=-
"xmihsndpubondhlclybtTaskMgr"=-

Dirlook::
c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}

Filelook::
c:\windows\system32\acovcnt.exe

Folder::
c:\users\Asus\AppData\Roaming\Byypz
c:\users\Asus\AppData\Roaming\Heicbe
c:\users\Asus\AppData\Roaming\Foela

File::
c:\users\Asus\AppData\Local\atvicwjc.bat
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Hicke 30.08.2010 23:08
Hi Arne,
nach dem ich das Programm durchlaufen lassen habe, gab es keine Probleme mehr. Ich hab den letzten Schritt jetzt gar nicht mehr gemacht, ist der noch erforderlich. Der Virenscanner und auch malwarebyte hat keine probleme mehr gesehen, ich hab den Rechner als Virenfrei nun eingestuft. War der Schritt zu früh?

cosinus 31.08.2010 08:21
Ja, Du sollst es bitte so ausführen, da muss noch einiges wegescriptet werden!!

Hicke 31.08.2010 08:57
mist nicht ganz einfach hab laptop wieder dem Besitzer übergeben:( Den muss ich jetzt irgendwie erst noch mal zurück holen. Scheisse, dachte der Vorgang wäre abgeschlossen. Aber kein Virenscanner ist drauf angesprungen, der Rechner lief einwandfrei. Shit, muss schauen wie ich es hinbekomme..

cosinus 31.08.2010 09:04
Der Vorgang ist erst abgeschlossen wenn ich das sage! Stand doch dick und fett as Hinweis da! :stirn:

Zitat:
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Hicke 31.08.2010 09:09
werde den Rechner wieder ranholen und dann geht es weiter:)

Hicke 02.09.2010 19:00
Hi Arne,
so Rechner wieder da. ich weiß jetzt nicht ab welchen SChritt ich weitermachen muss hab das Programm combofix wieder runtergeschmissen damals. Wo muss ich jetzt wieder einsteigen? Viele Grüße und Danke für Deine unerschütterliche Hilfe, irgendwie bis Du stets online:)

cosinus 02.09.2010 19:02
Mit Combofix - Scripten

Hicke 02.09.2010 19:13
und wenn ich das combofix nicht mehr drauf hab? DAnn muss ich es doch erst wieder neu installieren?

Hicke 02.09.2010 19:24
Arne da kommt Fehlermeldung combofix hätte viren spyware etc. beim runterladen passiert

cosinus 02.09.2010 19:25
Wieso hast Du das nicht mehr drauf? Wer hat Dir gesagt Du sollst es löschen? Die cofi.exe muss noch auf dem Desktop liegen, wenn nicht neu runterladen wieder als cofi.exe

Hicke 02.09.2010 20:17
Combofix Logfile:
Code:
ComboFix 10-09-01.04 - Asus 02.09.2010  20:53:47.2.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.2047.1181 [GMT 2:00]
ausgeführt von:: c:\users\Asus\Michael\Fotos\CoFi.exe
SP: Windows-Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

(((((((((((((((((((((((  Dateien erstellt von 2010-08-02 bis 2010-09-02  ))))))))))))))))))))))))))))))
.

2010-09-02 19:07 . 2010-09-02 19:07        --------        d-----w-        c:\users\Public\AppData\Local\temp
2010-09-02 19:07 . 2010-09-02 19:07        --------        d-----w-        c:\users\Default\AppData\Local\temp
2010-08-29 06:15 . 2010-08-29 06:15        --------        d-----w-        c:\program files\Windows Portable Devices
2010-08-28 22:17 . 2009-09-10 02:00        92672        ----a-w-        c:\windows\system32\UIAnimation.dll
2010-08-28 22:17 . 2009-09-10 02:01        3023360        ----a-w-        c:\windows\system32\UIRibbon.dll
2010-08-28 22:17 . 2009-09-10 02:00        1164800        ----a-w-        c:\windows\system32\UIRibbonRes.dll
2010-08-28 22:14 . 2009-10-01 01:02        30208        ----a-w-        c:\windows\system32\WPDShextAutoplay.exe
2010-08-28 22:12 . 2009-10-08 21:07        4096        ----a-w-        c:\windows\system32\oleaccrc.dll
2010-08-28 22:12 . 2009-10-08 21:08        555520        ----a-w-        c:\windows\system32\UIAutomationCore.dll
2010-08-28 22:12 . 2009-10-08 21:08        234496        ----a-w-        c:\windows\system32\oleacc.dll
2010-08-28 00:44 . 2010-08-28 00:45        --------        d-----w-        c:\windows\system32\ca-ES
2010-08-28 00:44 . 2010-08-28 00:45        --------        d-----w-        c:\windows\system32\eu-ES
2010-08-28 00:44 . 2010-08-28 00:45        --------        d-----w-        c:\windows\system32\vi-VN
2010-08-27 23:53 . 2010-08-27 23:53        --------        d-----w-        c:\windows\system32\EventProviders
2010-08-27 23:48 . 2010-08-27 23:48        --------        d-----w-        c:\program files\McAfeeMOBK
2010-08-27 23:48 . 2010-04-13 18:10        54776        ----a-w-        c:\windows\system32\drivers\MOBK.sys
2010-08-27 23:48 . 2010-08-27 23:48        --------        d-----w-        c:\program files\McAfee Online Backup
2010-08-27 23:46 . 2010-05-31 18:32        9344        ----a-w-        c:\windows\system32\drivers\mfeclnk.sys
2010-08-27 16:04 . 2010-05-31 18:32        160720        ----a-w-        c:\windows\system32\drivers\mfewfpk.sys
2010-08-27 16:04 . 2010-05-31 18:32        83496        ----a-w-        c:\windows\system32\drivers\mferkdet.sys
2010-08-27 16:04 . 2010-05-31 18:32        51688        ----a-w-        c:\windows\system32\drivers\mfebopk.sys
2010-08-27 16:04 . 2010-05-31 18:32        312616        ----a-w-        c:\windows\system32\drivers\mfefirek.sys
2010-08-27 16:03 . 2010-05-31 18:32        55456        ----a-w-        c:\windows\system32\drivers\cfwids.sys
2010-08-27 16:03 . 2010-05-31 18:32        152320        ----a-w-        c:\windows\system32\drivers\mfeavfk.sys
2010-08-27 16:02 . 2010-08-27 23:46        --------        d-----w-        c:\program files\Common Files\Mcafee
2010-08-27 16:02 . 2010-08-27 16:02        --------        d-----w-        c:\program files\McAfee.com
2010-08-27 16:02 . 2010-08-28 00:52        --------        d-----w-        c:\program files\McAfee
2010-08-26 21:31 . 2008-05-27 04:59        18904        ----a-w-        c:\windows\system32\StructuredQuerySchemaTrivial.bin
2010-08-26 20:42 . 2010-08-26 21:03        --------        d-----w-        C:\ComboFix
2010-08-26 20:34 . 2010-09-02 18:45        --------        d-----w-        c:\program files\CCleaner
2010-08-25 20:55 . 2009-04-11 06:28        291328        ----a-w-        c:\windows\system32\WscEapPr.dll
2010-08-25 20:54 . 2009-04-11 06:32        223208        ----a-w-        c:\windows\system32\drivers\netio.sys
2010-08-25 20:53 . 2009-04-11 06:28        723968        ----a-w-        c:\windows\system32\powercpl.dll
2010-08-25 20:52 . 2009-04-11 06:28        83968        ----a-w-        c:\windows\system32\wbem\wmiutils.dll
2010-08-25 20:52 . 2009-04-11 06:28        744448        ----a-w-        c:\windows\system32\wbem\wbemcore.dll
2010-08-25 20:52 . 2009-04-11 06:28        30208        ----a-w-        c:\windows\system32\wbem\wbemprox.dll
2010-08-25 20:52 . 2009-04-11 06:28        265728        ----a-w-        c:\windows\system32\wbem\repdrvfs.dll
2010-08-25 20:52 . 2009-04-11 06:28        189440        ----a-w-        c:\windows\system32\wbem\mofd.dll
2010-08-25 20:52 . 2009-04-11 06:28        614912        ----a-w-        c:\windows\system32\wbem\fastprox.dll
2010-08-25 20:52 . 2009-04-11 06:28        265728        ----a-w-        c:\windows\system32\wbem\esscli.dll
2010-08-25 20:52 . 2009-04-11 06:28        705536        ----a-w-        c:\windows\system32\SmiEngine.dll
2010-08-25 20:52 . 2009-04-11 06:28        218624        ----a-w-        c:\windows\system32\wdscore.dll
2010-08-25 20:52 . 2009-04-11 06:27        130560        ----a-w-        c:\windows\system32\PkgMgr.exe
2010-08-25 20:51 . 2009-04-11 06:28        247808        ----a-w-        c:\windows\system32\drvstore.dll
2010-08-25 19:56 . 2010-01-29 15:40        738816        ----a-w-        c:\windows\system32\inetcomm.dll
2010-08-25 19:56 . 2010-05-27 20:08        81920        ----a-w-        c:\windows\system32\iccvid.dll
2010-08-25 19:56 . 2010-06-11 16:16        274944        ----a-w-        c:\windows\system32\schannel.dll
2010-08-25 19:56 . 2010-04-05 17:01        67072        ----a-w-        c:\windows\system32\asycfilt.dll
2010-08-25 19:56 . 2010-01-06 15:39        1696256        ----a-w-        c:\windows\system32\gameux.dll
2010-08-25 19:56 . 2010-04-16 16:43        28672        ----a-w-        c:\windows\system32\Apphlpdm.dll
2010-08-25 19:56 . 2010-04-16 14:39        4240384        ----a-w-        c:\windows\system32\GameUXLegacyGDFs.dll
2010-08-25 19:55 . 2010-04-23 14:13        2048        ----a-w-        c:\windows\system32\tzres.dll
2010-08-25 19:55 . 2010-06-21 13:37        2037760        ----a-w-        c:\windows\system32\win32k.sys
2010-08-25 19:54 . 2010-05-26 17:06        34304        ----a-w-        c:\windows\system32\atmlib.dll
2010-08-25 19:54 . 2010-05-26 14:47        289792        ----a-w-        c:\windows\system32\atmfd.dll
2010-08-25 19:54 . 2010-06-18 17:31        36864        ----a-w-        c:\windows\system32\rtutils.dll
2010-08-25 19:54 . 2010-06-08 17:35        3600768        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2010-08-25 19:54 . 2010-06-08 17:35        3548040        ----a-w-        c:\windows\system32\ntoskrnl.exe
2010-08-25 19:54 . 2010-06-11 16:15        1248768        ----a-w-        c:\windows\system32\msxml3.dll
2010-08-25 19:54 . 2010-06-18 15:04        302080        ----a-w-        c:\windows\system32\drivers\srv.sys
2010-08-25 19:54 . 2010-06-18 15:04        144896        ----a-w-        c:\windows\system32\drivers\srv2.sys
2010-08-25 19:53 . 2010-06-16 16:04        905088        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2010-08-25 18:52 . 2009-11-08 08:55        99176        ----a-w-        c:\windows\system32\PresentationHostProxy.dll
2010-08-25 18:52 . 2009-11-08 08:55        49472        ----a-w-        c:\windows\system32\netfxperf.dll
2010-08-25 18:52 . 2009-11-08 08:55        297808        ----a-w-        c:\windows\system32\mscoree.dll
2010-08-25 18:52 . 2009-11-08 08:55        295264        ----a-w-        c:\windows\system32\PresentationHost.exe
2010-08-25 18:52 . 2009-11-08 08:55        1130824        ----a-w-        c:\windows\system32\dfshim.dll
2010-08-24 20:14 . 2010-08-24 20:14        --------        d-----w-        C:\PerfLogs
2010-08-16 18:08 . 2010-08-16 18:08        --------        d-----w-        c:\program files\Common Files\Skype
2010-08-16 18:08 . 2010-08-16 18:08        --------        d-----r-        c:\program files\Skype
2010-08-12 17:40 . 2010-01-25 08:21        526336        ----a-w-        c:\windows\system32\RMActivate_isv.exe
2010-08-12 17:40 . 2010-01-25 08:21        518144        ----a-w-        c:\windows\system32\RMActivate.exe
2010-08-12 17:40 . 2010-01-25 12:00        471552        ----a-w-        c:\windows\system32\secproc_isv.dll
2010-08-12 17:40 . 2010-01-25 12:00        471552        ----a-w-        c:\windows\system32\secproc.dll
2010-08-12 17:40 . 2010-01-25 11:58        332288        ----a-w-        c:\windows\system32\msdrm.dll
2010-08-12 17:40 . 2010-01-25 08:21        346624        ----a-w-        c:\windows\system32\RMActivate_ssp_isv.exe
2010-08-12 17:40 . 2010-01-25 08:21        347136        ----a-w-        c:\windows\system32\RMActivate_ssp.exe
2010-08-12 17:40 . 2010-01-25 12:00        152576        ----a-w-        c:\windows\system32\secproc_ssp_isv.dll
2010-08-12 17:40 . 2010-01-25 12:00        152064        ----a-w-        c:\windows\system32\secproc_ssp.dll
2010-08-12 17:38 . 2009-09-10 14:58        310784        ----a-w-        c:\windows\system32\unregmp2.exe
2010-08-12 17:38 . 2009-09-10 14:59        8147456        ----a-w-        c:\windows\system32\wmploc.DLL
2010-08-11 20:14 . 2010-08-11 20:14        --------        d-----w-        c:\users\Asus\AppData\Local\WindowsUpdate
2010-08-11 19:24 . 2010-07-26 20:30        705208        ----a-w-        c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\id7gz4la.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-08-11 19:24 . 2010-07-26 20:30        978664        ----a-w-        c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\id7gz4la.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-08-11 18:29 . 2009-08-24 11:36        377344        ----a-w-        c:\windows\system32\winhttp.dll
2010-08-11 16:16 . 2010-08-11 16:16        --------        d-----w-        c:\users\Asus\AppData\Roaming\Malwarebytes
2010-08-11 16:14 . 2010-04-29 13:39        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-11 16:14 . 2010-08-11 16:15        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2010-08-11 16:14 . 2010-08-11 16:14        --------        d-----w-        c:\programdata\Malwarebytes
2010-08-11 16:14 . 2010-04-29 13:39        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-08-11 03:58 . 2010-02-12 10:49        293376        ----a-w-        c:\windows\system32\browserchoice.exe
2010-08-11 03:56 . 2010-02-20 23:06        24064        ----a-w-        c:\windows\system32\nshhttp.dll
2010-08-11 03:55 . 2010-02-20 23:05        30720        ----a-w-        c:\windows\system32\httpapi.dll
2010-08-11 03:55 . 2010-02-20 20:53        411648        ----a-w-        c:\windows\system32\drivers\http.sys
2010-08-10 22:30 . 2010-02-18 13:30        200704        ----a-w-        c:\windows\system32\iphlpsvc.dll
2010-08-10 22:30 . 2010-02-18 11:28        25088        ----a-w-        c:\windows\system32\drivers\tunnel.sys
2010-08-10 22:30 . 2009-12-08 17:26        30720        ----a-w-        c:\windows\system32\drivers\tcpipreg.sys
2010-08-10 22:30 . 2008-01-19 05:55        15360        ----a-w-        c:\windows\system32\drivers\TUNMP.SYS
2010-08-10 22:30 . 2009-06-10 11:41        2868224        ----a-w-        c:\windows\system32\mf.dll
2010-08-10 22:30 . 2009-04-11 06:28        98816        ----a-w-        c:\windows\system32\mfps.dll
2010-08-10 22:30 . 2009-04-11 06:27        53248        ----a-w-        c:\windows\system32\rrinstaller.exe
2010-08-10 22:30 . 2009-04-11 06:27        24576        ----a-w-        c:\windows\system32\mfpmp.exe
2010-08-10 22:30 . 2009-04-11 04:54        2048        ----a-w-        c:\windows\system32\mferror.dll
2010-08-10 22:29 . 2009-08-14 13:48        105984        ----a-w-        c:\windows\system32\netiohlp.dll
2010-08-10 22:29 . 2009-08-14 15:53        17920        ----a-w-        c:\windows\system32\netevent.dll
2010-08-10 22:29 . 2009-08-14 13:49        9728        ----a-w-        c:\windows\system32\TCPSVCS.EXE
2010-08-10 22:29 . 2009-08-14 13:49        17920        ----a-w-        c:\windows\system32\ROUTE.EXE
2010-08-10 22:29 . 2009-08-14 13:49        27136        ----a-w-        c:\windows\system32\NETSTAT.EXE
2010-08-10 22:29 . 2009-08-14 13:49        19968        ----a-w-        c:\windows\system32\ARP.EXE
2010-08-10 22:29 . 2009-08-14 13:49        10240        ----a-w-        c:\windows\system32\finger.exe
2010-08-10 22:29 . 2009-08-14 13:49        11264        ----a-w-        c:\windows\system32\MRINFO.EXE
2010-08-10 22:29 . 2009-08-14 13:49        8704        ----a-w-        c:\windows\system32\HOSTNAME.EXE
2010-08-10 22:25 . 2009-09-10 16:48        218624        ----a-w-        c:\windows\system32\msv1_0.dll
2010-08-10 22:21 . 2009-07-17 13:54        71680        ----a-w-        c:\windows\system32\atl.dll
2010-08-10 22:20 . 2009-07-15 12:39        313344        ----a-w-        c:\windows\system32\wmpdxm.dll
2010-08-10 22:20 . 2009-07-15 12:39        4096        ----a-w-        c:\windows\system32\dxmasf.dll
2010-08-10 22:20 . 2009-07-15 12:39        7680        ----a-w-        c:\windows\system32\spwmp.dll
2010-08-10 22:20 . 2009-06-15 14:52        1259008        ----a-w-        c:\windows\system32\lsasrv.dll
2010-08-10 22:20 . 2009-06-15 14:52        499712        ----a-w-        c:\windows\system32\kerberos.dll
2010-08-10 22:20 . 2009-06-15 23:15        439864        ----a-w-        c:\windows\system32\drivers\ksecdd.sys
2010-08-10 22:20 . 2009-06-15 14:54        175104        ----a-w-        c:\windows\system32\wdigest.dll
2010-08-10 22:20 . 2009-06-15 14:53        72704        ----a-w-        c:\windows\system32\secur32.dll
2010-08-10 22:20 . 2009-06-15 12:48        9728        ----a-w-        c:\windows\system32\lsass.exe
2010-08-10 22:18 . 2009-04-23 12:15        784896        ----a-w-        c:\windows\system32\rpcrt4.dll
2010-08-10 22:18 . 2009-12-11 11:43        98816        ----a-w-        c:\windows\system32\drivers\srvnet.sys

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-02 18:38 . 2009-03-22 17:31        --------        d-----w-        c:\programdata\TuneUp Software
2010-09-02 17:51 . 2009-03-26 16:02        --------        d-----w-        c:\programdata\Google Updater
2010-09-02 17:51 . 2009-03-22 18:22        --------        d-----w-        c:\users\Asus\AppData\Roaming\skypePM
2010-09-02 17:50 . 2009-05-30 10:56        --------        d-----w-        c:\users\Asus\AppData\Roaming\Skype
2010-09-01 06:03 . 2007-04-18 08:33        12        ----a-w-        c:\windows\bthservsdp.dat
2010-08-30 18:59 . 2007-04-18 09:14        628448        ----a-w-        c:\windows\system32\perfh007.dat
2010-08-30 18:59 . 2007-04-18 09:14        127056        ----a-w-        c:\windows\system32\perfc007.dat
2010-08-30 18:07 . 2010-06-21 07:55        56168        ----a-w-        c:\users\Asus\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-29 06:19 . 2009-03-12 14:49        45056        ----a-w-        c:\windows\system32\acovcnt.exe
2010-08-29 06:15 . 2006-11-02 10:25        665600        ----a-w-        c:\windows\inf\drvindex.dat
2010-08-29 06:10 . 2010-08-29 06:10        0        ---ha-w-        c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-08-29 06:08 . 2010-08-29 06:08        0        ---ha-w-        c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-08-28 00:45 . 2006-11-02 12:37        --------        d-----w-        c:\program files\Windows Calendar
2010-08-28 00:45 . 2006-11-02 11:18        --------        d-----w-        c:\program files\Windows Mail
2010-08-28 00:45 . 2006-11-02 12:37        --------        d-----w-        c:\program files\Windows Sidebar
2010-08-28 00:45 . 2006-11-02 12:37        --------        d-----w-        c:\program files\Windows Journal
2010-08-28 00:45 . 2006-11-02 12:37        --------        d-----w-        c:\program files\Windows Collaboration
2010-08-28 00:45 . 2006-11-02 12:37        --------        d-----w-        c:\program files\Windows Photo Gallery
2010-08-28 00:45 . 2006-11-02 12:37        --------        d-----w-        c:\program files\Windows Defender
2010-08-28 00:42 . 2010-08-28 00:42        0        ---ha-w-        c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-08-28 00:41 . 2010-08-28 00:41        0        ---ha-w-        c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2010-08-26 20:54 . 2009-03-25 13:11        --------        d-----w-        c:\program files\pdfforge Toolbar
2010-08-26 20:36 . 2009-03-12 14:45        --------        d-----w-        c:\users\Asus\AppData\Roaming\Media Player Classic
2010-08-26 12:40 . 2010-08-28 21:49        30016        ----a-w-        c:\windows\system32\uxt5C33.tmp
2010-08-24 22:23 . 2009-08-27 04:12        --------        d-----w-        c:\users\Asus\AppData\Roaming\Byypz
2010-08-24 22:16 . 2010-02-04 01:27        --------        d-----w-        c:\users\Asus\AppData\Roaming\Heicbe
2010-08-24 19:39 . 2006-11-02 10:32        101888        ----a-w-        c:\windows\system32\ifxcardm.dll
2010-08-24 19:39 . 2006-11-02 10:32        82432        ----a-w-        c:\windows\system32\axaltocm.dll
2010-08-16 18:08 . 2009-03-19 14:44        --------        d-----w-        c:\programdata\Skype
2010-08-11 16:01 . 2010-06-19 13:00        90        ----a-w-        c:\users\Asus\AppData\Local\atvicwjc.bat
2010-08-10 10:14 . 2010-01-04 15:48        --------        d-----w-        c:\users\Asus\AppData\Roaming\Foela
2010-08-10 10:14 . 2009-07-31 22:09        --------        d-----w-        c:\program files\Live-Player
2010-08-10 09:57 . 2009-05-02 06:25        --------        d-----w-        c:\users\Asus\AppData\Roaming\Sysat
2010-08-10 09:29 . 2009-03-26 18:30        --------        d-----w-        c:\program files\PDFCreator
2010-07-22 18:05 . 2009-10-13 18:28        --------        d-----w-        c:\program files\Ask.com
2010-07-16 10:28 . 2009-01-13 21:37        --------        d-----w-        c:\program files\Common Files\Adobe
2010-07-14 18:37 . 2010-07-14 18:34        --------        d-----w-        c:\users\Asus\AppData\Roaming\QuickScan
2010-07-13 15:54 . 2010-07-13 15:54        2944904        ----a-w-        c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\id7gz4la.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
2010-07-06 13:53 . 2010-07-06 13:53        5080112        ----a-w-        c:\programdata\T-Online\T-Online_Software_6\Basis-Software\update\filedistribution\netzmanager_setup.exe
2010-06-26 06:05 . 2010-08-25 20:00        916480        ----a-w-        c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-25 20:00        71680        ----a-w-        c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-25 20:00        109056        ----a-w-        c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-25 20:00        133632        ----a-w-        c:\windows\system32\ieUnatt.exe
2010-06-23 18:40 . 2010-06-23 18:40        501936        ----a-w-        c:\programdata\Google\Google Toolbar\Update\gtb430B.tmp.exe
2010-05-31 18:32 . 2010-08-27 23:46        24376        ----a-w-        c:\program files\mozilla firefox\components\Scriptff.dll
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 13:23        1385864        ----a-w-        c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-13 18:11        2872120        ----a-w-        c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-13 18:11        2872120        ----a-w-        c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-13 18:11        2872120        ----a-w-        c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-20 4363504]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-26 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 729088]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-22 815104]
"ToADiMon.exe"="c:\program files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe" [2007-02-15 282624]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2009-01-30 992256]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2008-07-22 357376]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-23 57344]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-30 1193848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"InfoCockpit"="c:\program files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE" [2007-01-16 176128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"tfguxxawqkggqamzerpsTaskMgr"= 0 (0x0)
"xmihsndpubondhlclybtTaskMgr"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):f1,1b,55,bf,4b,46,cb,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4186507801-287623148-3281869339-1000]
"EnableNotificationsRef"=dword:00000001

R2 gupdate1c9ae2c6a87a6aa;Google Update Service (gupdate1c9ae2c6a87a6aa);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-26 133104]
R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-05-31 83496]
R3 MIINPazX;MIINPazX NDIS Protocol Driver;c:\progra~1\COMMON~1\MARMIK~1\MInfraIS\MIINPazX.SYS [2006-10-09 17152]
R3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;c:\progra~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [2006-10-09 17536]
R3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\Drivers\SIVX32.sys [2007-02-24 19944]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-05-31 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-05-31 160720]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [2010-04-13 54776]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McMPFSvc;McAfee Personal Firewall-Dienst;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-05-31 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-05-31 141792]
S2 MOBKbackup;1%;c:\program files\McAfee Online Backup\MOBKbackup.exe [2010-04-13 229688]
S2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2006-12-10 24576]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-05-31 55456]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-05-31 312616]
S3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\Drivers\StkCMini.sys [2006-12-21 1132544]
S3 WCPU;WCPU;c:\program files\P4G\WCPU.sys [2007-01-02 11120]


--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - mfeavfk01
*Deregistered* - TuneUpUtilitiesDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs        REG_MULTI_SZ          BthServ
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners

2010-09-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-22 17:03]

2010-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-26 16:03]

2010-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-26 16:03]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.scroogle.org/cgi-bin/scraper.htm
IE: Easy-WebPrint - Drucken - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Schnelldruck - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint - Vorschau - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Zu Druckliste hinzufügen - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\id7gz4la.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\components\Scriptff.dll
FF - component: c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\id7gz4la.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.27\npGoogleOneClick8.dll
FF - plugin: c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\id7gz4la.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-02 21:07
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...


c:\users\Asus\AppData\Local\Temp\catchme.dll 53248 bytes executable

Scan erfolgreich abgeschlossen
versteckte Dateien: 1

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(2952)
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\program files\McAfee Online Backup\MOBKshell.dll
.
Zeit der Fertigstellung: 2010-09-02  21:14:49
ComboFix-quarantined-files.txt  2010-09-02 19:14
ComboFix2.txt  2010-08-26 21:03

Vor Suchlauf: 9.939.877.888 Bytes frei
Nach Suchlauf: 9.704.833.024 Bytes frei

- - End Of File - - EB2E0AF9C96BA47608AEAED789D6BF18
--- --- ---

Hicke 02.09.2010 20:18
Arne so hab den Vorgang nun noch einmal geschaffen, wie geht es nun weiter?

cosinus 02.09.2010 20:23
Hast Du CF einfach per Doppelklick ausgeführt? Du solltest das mit dem Script machen!

Hicke 02.09.2010 20:28
ich habe jetzt den Vorgang so hergestellt, wie der Rechner damals zurückgegeben wurde und habe combofix noch einmal neu drüber laufen lassen und wollte nun fragen ob ich jetzt das combofix scripten kann oder du vorher noch mal auf die log txt schauen musst.

cosinus 02.09.2010 20:30
Du solltest mit CF scripten, hab ich doch auch geschrieben :wtf:

Hicke 02.09.2010 20:59
Combofix Logfile:
Code:
ComboFix 10-09-01.04 - Asus 02.09.2010  21:38:22.3.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.2047.825 [GMT 2:00]
ausgeführt von:: c:\users\Asus\Desktop\CoFi.exe
Benutzte Befehlsschalter :: c:\users\Asus\Desktop\CFScript.txt
SP: Windows-Defender *enabled* (Outdated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\users\Asus\AppData\Local\atvicwjc.bat"
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Asus\AppData\Local\atvicwjc.bat
c:\users\Asus\AppData\Roaming\Byypz
c:\users\Asus\AppData\Roaming\Byypz\elwue.qyw
c:\users\Asus\AppData\Roaming\Foela
c:\users\Asus\AppData\Roaming\Heicbe

.
(((((((((((((((((((((((  Dateien erstellt von 2010-08-02 bis 2010-09-02  ))))))))))))))))))))))))))))))
.

2010-09-02 19:50 . 2010-09-02 19:50        --------        d-----w-        c:\users\Public\AppData\Local\temp
2010-09-02 19:50 . 2010-09-02 19:50        --------        d-----w-        c:\users\Default\AppData\Local\temp
2010-09-02 18:51 . 2010-09-02 19:14        --------        d-----w-        C:\CoFi
2010-08-29 06:15 . 2010-08-29 06:15        --------        d-----w-        c:\program files\Windows Portable Devices
2010-08-28 22:17 . 2009-09-10 02:00        92672        ----a-w-        c:\windows\system32\UIAnimation.dll
2010-08-28 22:17 . 2009-09-10 02:01        3023360        ----a-w-        c:\windows\system32\UIRibbon.dll
2010-08-28 22:17 . 2009-09-10 02:00        1164800        ----a-w-        c:\windows\system32\UIRibbonRes.dll
2010-08-28 22:14 . 2009-10-01 01:02        30208        ----a-w-        c:\windows\system32\WPDShextAutoplay.exe
2010-08-28 22:12 . 2009-10-08 21:07        4096        ----a-w-        c:\windows\system32\oleaccrc.dll
2010-08-28 22:12 . 2009-10-08 21:08        555520        ----a-w-        c:\windows\system32\UIAutomationCore.dll
2010-08-28 22:12 . 2009-10-08 21:08        234496        ----a-w-        c:\windows\system32\oleacc.dll
2010-08-28 00:44 . 2010-08-28 00:45        --------        d-----w-        c:\windows\system32\ca-ES
2010-08-28 00:44 . 2010-08-28 00:45        --------        d-----w-        c:\windows\system32\eu-ES
2010-08-28 00:44 . 2010-08-28 00:45        --------        d-----w-        c:\windows\system32\vi-VN
2010-08-27 23:53 . 2010-08-27 23:53        --------        d-----w-        c:\windows\system32\EventProviders
2010-08-27 23:48 . 2010-08-27 23:48        --------        d-----w-        c:\program files\McAfeeMOBK
2010-08-27 23:48 . 2010-04-13 18:10        54776        ----a-w-        c:\windows\system32\drivers\MOBK.sys
2010-08-27 23:48 . 2010-08-27 23:48        --------        d-----w-        c:\program files\McAfee Online Backup
2010-08-27 23:46 . 2010-05-31 18:32        9344        ----a-w-        c:\windows\system32\drivers\mfeclnk.sys
2010-08-27 16:04 . 2010-05-31 18:32        160720        ----a-w-        c:\windows\system32\drivers\mfewfpk.sys
2010-08-27 16:04 . 2010-05-31 18:32        83496        ----a-w-        c:\windows\system32\drivers\mferkdet.sys
2010-08-27 16:04 . 2010-05-31 18:32        51688        ----a-w-        c:\windows\system32\drivers\mfebopk.sys
2010-08-27 16:04 . 2010-05-31 18:32        312616        ----a-w-        c:\windows\system32\drivers\mfefirek.sys
2010-08-27 16:03 . 2010-05-31 18:32        55456        ----a-w-        c:\windows\system32\drivers\cfwids.sys
2010-08-27 16:03 . 2010-05-31 18:32        152320        ----a-w-        c:\windows\system32\drivers\mfeavfk.sys
2010-08-27 16:02 . 2010-08-27 23:46        --------        d-----w-        c:\program files\Common Files\Mcafee
2010-08-27 16:02 . 2010-08-27 16:02        --------        d-----w-        c:\program files\McAfee.com
2010-08-27 16:02 . 2010-08-28 00:52        --------        d-----w-        c:\program files\McAfee
2010-08-26 21:31 . 2008-05-27 04:59        18904        ----a-w-        c:\windows\system32\StructuredQuerySchemaTrivial.bin
2010-08-26 20:42 . 2010-08-26 21:03        --------        d-----w-        C:\ComboFix
2010-08-26 20:34 . 2010-09-02 18:45        --------        d-----w-        c:\program files\CCleaner
2010-08-25 20:55 . 2009-04-11 06:28        291328        ----a-w-        c:\windows\system32\WscEapPr.dll
2010-08-25 20:54 . 2009-04-11 06:32        223208        ----a-w-        c:\windows\system32\drivers\netio.sys
2010-08-25 20:53 . 2009-04-11 06:28        723968        ----a-w-        c:\windows\system32\powercpl.dll
2010-08-25 20:52 . 2009-04-11 06:28        83968        ----a-w-        c:\windows\system32\wbem\wmiutils.dll
2010-08-25 20:52 . 2009-04-11 06:28        744448        ----a-w-        c:\windows\system32\wbem\wbemcore.dll
2010-08-25 20:52 . 2009-04-11 06:28        30208        ----a-w-        c:\windows\system32\wbem\wbemprox.dll
2010-08-25 20:52 . 2009-04-11 06:28        265728        ----a-w-        c:\windows\system32\wbem\repdrvfs.dll
2010-08-25 20:52 . 2009-04-11 06:28        189440        ----a-w-        c:\windows\system32\wbem\mofd.dll
2010-08-25 20:52 . 2009-04-11 06:28        614912        ----a-w-        c:\windows\system32\wbem\fastprox.dll
2010-08-25 20:52 . 2009-04-11 06:28        265728        ----a-w-        c:\windows\system32\wbem\esscli.dll
2010-08-25 20:52 . 2009-04-11 06:28        705536        ----a-w-        c:\windows\system32\SmiEngine.dll
2010-08-25 20:52 . 2009-04-11 06:28        218624        ----a-w-        c:\windows\system32\wdscore.dll
2010-08-25 20:52 . 2009-04-11 06:27        130560        ----a-w-        c:\windows\system32\PkgMgr.exe
2010-08-25 20:51 . 2009-04-11 06:28        247808        ----a-w-        c:\windows\system32\drvstore.dll
2010-08-25 19:56 . 2010-01-29 15:40        738816        ----a-w-        c:\windows\system32\inetcomm.dll
2010-08-25 19:56 . 2010-05-27 20:08        81920        ----a-w-        c:\windows\system32\iccvid.dll
2010-08-25 19:56 . 2010-06-11 16:16        274944        ----a-w-        c:\windows\system32\schannel.dll
2010-08-25 19:56 . 2010-04-05 17:01        67072        ----a-w-        c:\windows\system32\asycfilt.dll
2010-08-25 19:56 . 2010-01-06 15:39        1696256        ----a-w-        c:\windows\system32\gameux.dll
2010-08-25 19:56 . 2010-04-16 16:43        28672        ----a-w-        c:\windows\system32\Apphlpdm.dll
2010-08-25 19:56 . 2010-04-16 14:39        4240384        ----a-w-        c:\windows\system32\GameUXLegacyGDFs.dll
2010-08-25 19:55 . 2010-04-23 14:13        2048        ----a-w-        c:\windows\system32\tzres.dll
2010-08-25 19:55 . 2010-06-21 13:37        2037760        ----a-w-        c:\windows\system32\win32k.sys
2010-08-25 19:54 . 2010-05-26 17:06        34304        ----a-w-        c:\windows\system32\atmlib.dll
2010-08-25 19:54 . 2010-05-26 14:47        289792        ----a-w-        c:\windows\system32\atmfd.dll
2010-08-25 19:54 . 2010-06-18 17:31        36864        ----a-w-        c:\windows\system32\rtutils.dll
2010-08-25 19:54 . 2010-06-08 17:35        3600768        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2010-08-25 19:54 . 2010-06-08 17:35        3548040        ----a-w-        c:\windows\system32\ntoskrnl.exe
2010-08-25 19:54 . 2010-06-11 16:15        1248768        ----a-w-        c:\windows\system32\msxml3.dll
2010-08-25 19:54 . 2010-06-18 15:04        302080        ----a-w-        c:\windows\system32\drivers\srv.sys
2010-08-25 19:54 . 2010-06-18 15:04        144896        ----a-w-        c:\windows\system32\drivers\srv2.sys
2010-08-25 19:53 . 2010-06-16 16:04        905088        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2010-08-25 18:52 . 2009-11-08 08:55        99176        ----a-w-        c:\windows\system32\PresentationHostProxy.dll
2010-08-25 18:52 . 2009-11-08 08:55        49472        ----a-w-        c:\windows\system32\netfxperf.dll
2010-08-25 18:52 . 2009-11-08 08:55        297808        ----a-w-        c:\windows\system32\mscoree.dll
2010-08-25 18:52 . 2009-11-08 08:55        295264        ----a-w-        c:\windows\system32\PresentationHost.exe
2010-08-25 18:52 . 2009-11-08 08:55        1130824        ----a-w-        c:\windows\system32\dfshim.dll
2010-08-24 20:14 . 2010-08-24 20:14        --------        d-----w-        C:\PerfLogs
2010-08-16 18:08 . 2010-08-16 18:08        --------        d-----w-        c:\program files\Common Files\Skype
2010-08-16 18:08 . 2010-08-16 18:08        --------        d-----r-        c:\program files\Skype
2010-08-12 17:40 . 2010-01-25 08:21        526336        ----a-w-        c:\windows\system32\RMActivate_isv.exe
2010-08-12 17:40 . 2010-01-25 08:21        518144        ----a-w-        c:\windows\system32\RMActivate.exe
2010-08-12 17:40 . 2010-01-25 12:00        471552        ----a-w-        c:\windows\system32\secproc_isv.dll
2010-08-12 17:40 . 2010-01-25 12:00        471552        ----a-w-        c:\windows\system32\secproc.dll
2010-08-12 17:40 . 2010-01-25 11:58        332288        ----a-w-        c:\windows\system32\msdrm.dll
2010-08-12 17:40 . 2010-01-25 08:21        346624        ----a-w-        c:\windows\system32\RMActivate_ssp_isv.exe
2010-08-12 17:40 . 2010-01-25 08:21        347136        ----a-w-        c:\windows\system32\RMActivate_ssp.exe
2010-08-12 17:40 . 2010-01-25 12:00        152576        ----a-w-        c:\windows\system32\secproc_ssp_isv.dll
2010-08-12 17:40 . 2010-01-25 12:00        152064        ----a-w-        c:\windows\system32\secproc_ssp.dll
2010-08-12 17:38 . 2009-09-10 14:58        310784        ----a-w-        c:\windows\system32\unregmp2.exe
2010-08-12 17:38 . 2009-09-10 14:59        8147456        ----a-w-        c:\windows\system32\wmploc.DLL
2010-08-11 20:14 . 2010-08-11 20:14        --------        d-----w-        c:\users\Asus\AppData\Local\WindowsUpdate
2010-08-11 19:24 . 2010-07-26 20:30        705208        ----a-w-        c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\id7gz4la.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-08-11 19:24 . 2010-07-26 20:30        978664        ----a-w-        c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\id7gz4la.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-08-11 18:29 . 2009-08-24 11:36        377344        ----a-w-        c:\windows\system32\winhttp.dll
2010-08-11 16:16 . 2010-08-11 16:16        --------        d-----w-        c:\users\Asus\AppData\Roaming\Malwarebytes
2010-08-11 16:14 . 2010-04-29 13:39        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-11 16:14 . 2010-08-11 16:15        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2010-08-11 16:14 . 2010-08-11 16:14        --------        d-----w-        c:\programdata\Malwarebytes
2010-08-11 16:14 . 2010-04-29 13:39        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-08-11 03:58 . 2010-02-12 10:49        293376        ----a-w-        c:\windows\system32\browserchoice.exe
2010-08-11 03:56 . 2010-02-20 23:06        24064        ----a-w-        c:\windows\system32\nshhttp.dll
2010-08-11 03:55 . 2010-02-20 23:05        30720        ----a-w-        c:\windows\system32\httpapi.dll
2010-08-11 03:55 . 2010-02-20 20:53        411648        ----a-w-        c:\windows\system32\drivers\http.sys
2010-08-10 22:30 . 2010-02-18 13:30        200704        ----a-w-        c:\windows\system32\iphlpsvc.dll
2010-08-10 22:30 . 2010-02-18 11:28        25088        ----a-w-        c:\windows\system32\drivers\tunnel.sys
2010-08-10 22:30 . 2009-12-08 17:26        30720        ----a-w-        c:\windows\system32\drivers\tcpipreg.sys
2010-08-10 22:30 . 2008-01-19 05:55        15360        ----a-w-        c:\windows\system32\drivers\TUNMP.SYS
2010-08-10 22:30 . 2009-06-10 11:41        2868224        ----a-w-        c:\windows\system32\mf.dll
2010-08-10 22:30 . 2009-04-11 06:28        98816        ----a-w-        c:\windows\system32\mfps.dll
2010-08-10 22:30 . 2009-04-11 06:27        53248        ----a-w-        c:\windows\system32\rrinstaller.exe
2010-08-10 22:30 . 2009-04-11 06:27        24576        ----a-w-        c:\windows\system32\mfpmp.exe
2010-08-10 22:30 . 2009-04-11 04:54        2048        ----a-w-        c:\windows\system32\mferror.dll
2010-08-10 22:29 . 2009-08-14 13:48        105984        ----a-w-        c:\windows\system32\netiohlp.dll
2010-08-10 22:29 . 2009-08-14 15:53        17920        ----a-w-        c:\windows\system32\netevent.dll
2010-08-10 22:29 . 2009-08-14 13:49        9728        ----a-w-        c:\windows\system32\TCPSVCS.EXE
2010-08-10 22:29 . 2009-08-14 13:49        17920        ----a-w-        c:\windows\system32\ROUTE.EXE
2010-08-10 22:29 . 2009-08-14 13:49        27136        ----a-w-        c:\windows\system32\NETSTAT.EXE
2010-08-10 22:29 . 2009-08-14 13:49        19968        ----a-w-        c:\windows\system32\ARP.EXE
2010-08-10 22:29 . 2009-08-14 13:49        10240        ----a-w-        c:\windows\system32\finger.exe
2010-08-10 22:29 . 2009-08-14 13:49        11264        ----a-w-        c:\windows\system32\MRINFO.EXE
2010-08-10 22:29 . 2009-08-14 13:49        8704        ----a-w-        c:\windows\system32\HOSTNAME.EXE
2010-08-10 22:25 . 2009-09-10 16:48        218624        ----a-w-        c:\windows\system32\msv1_0.dll
2010-08-10 22:21 . 2009-07-17 13:54        71680        ----a-w-        c:\windows\system32\atl.dll
2010-08-10 22:20 . 2009-07-15 12:39        313344        ----a-w-        c:\windows\system32\wmpdxm.dll
2010-08-10 22:20 . 2009-07-15 12:39        4096        ----a-w-        c:\windows\system32\dxmasf.dll
2010-08-10 22:20 . 2009-07-15 12:39        7680        ----a-w-        c:\windows\system32\spwmp.dll
2010-08-10 22:20 . 2009-06-15 14:52        1259008        ----a-w-        c:\windows\system32\lsasrv.dll
2010-08-10 22:20 . 2009-06-15 14:52        499712        ----a-w-        c:\windows\system32\kerberos.dll
2010-08-10 22:20 . 2009-06-15 23:15        439864        ----a-w-        c:\windows\system32\drivers\ksecdd.sys
2010-08-10 22:20 . 2009-06-15 14:54        175104        ----a-w-        c:\windows\system32\wdigest.dll
2010-08-10 22:20 . 2009-06-15 14:53        72704        ----a-w-        c:\windows\system32\secur32.dll
2010-08-10 22:20 . 2009-06-15 12:48        9728        ----a-w-        c:\windows\system32\lsass.exe
2010-08-10 22:18 . 2009-04-23 12:15        784896        ----a-w-        c:\windows\system32\rpcrt4.dll

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-02 18:38 . 2009-03-22 17:31        --------        d-----w-        c:\programdata\TuneUp Software
2010-09-02 17:51 . 2009-03-26 16:02        --------        d-----w-        c:\programdata\Google Updater
2010-09-02 17:51 . 2009-03-22 18:22        --------        d-----w-        c:\users\Asus\AppData\Roaming\skypePM
2010-09-02 17:50 . 2009-05-30 10:56        --------        d-----w-        c:\users\Asus\AppData\Roaming\Skype
2010-09-01 06:03 . 2007-04-18 08:33        12        ----a-w-        c:\windows\bthservsdp.dat
2010-08-30 18:59 . 2007-04-18 09:14        628448        ----a-w-        c:\windows\system32\perfh007.dat
2010-08-30 18:59 . 2007-04-18 09:14        127056        ----a-w-        c:\windows\system32\perfc007.dat
2010-08-30 18:07 . 2010-06-21 07:55        56168        ----a-w-        c:\users\Asus\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-29 06:19 . 2009-03-12 14:49        45056        ----a-w-        c:\windows\system32\acovcnt.exe
2010-08-29 06:15 . 2006-11-02 10:25        665600        ----a-w-        c:\windows\inf\drvindex.dat
2010-08-29 06:10 . 2010-08-29 06:10        0        ---ha-w-        c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2010-08-29 06:08 . 2010-08-29 06:08        0        ---ha-w-        c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-08-28 00:45 . 2006-11-02 12:37        --------        d-----w-        c:\program files\Windows Calendar
2010-08-28 00:45 . 2006-11-02 11:18        --------        d-----w-        c:\program files\Windows Mail
2010-08-28 00:45 . 2006-11-02 12:37        --------        d-----w-        c:\program files\Windows Sidebar
2010-08-28 00:45 . 2006-11-02 12:37        --------        d-----w-        c:\program files\Windows Journal
2010-08-28 00:45 . 2006-11-02 12:37        --------        d-----w-        c:\program files\Windows Collaboration
2010-08-28 00:45 . 2006-11-02 12:37        --------        d-----w-        c:\program files\Windows Photo Gallery
2010-08-28 00:45 . 2006-11-02 12:37        --------        d-----w-        c:\program files\Windows Defender
2010-08-28 00:42 . 2010-08-28 00:42        0        ---ha-w-        c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2010-08-28 00:41 . 2010-08-28 00:41        0        ---ha-w-        c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2010-08-26 20:54 . 2009-03-25 13:11        --------        d-----w-        c:\program files\pdfforge Toolbar
2010-08-26 20:36 . 2009-03-12 14:45        --------        d-----w-        c:\users\Asus\AppData\Roaming\Media Player Classic
2010-08-26 12:40 . 2010-08-28 21:49        30016        ----a-w-        c:\windows\system32\uxt5C33.tmp
2010-08-24 19:39 . 2006-11-02 10:32        101888        ----a-w-        c:\windows\system32\ifxcardm.dll
2010-08-24 19:39 . 2006-11-02 10:32        82432        ----a-w-        c:\windows\system32\axaltocm.dll
2010-08-16 18:08 . 2009-03-19 14:44        --------        d-----w-        c:\programdata\Skype
2010-08-10 10:14 . 2009-07-31 22:09        --------        d-----w-        c:\program files\Live-Player
2010-08-10 09:57 . 2009-05-02 06:25        --------        d-----w-        c:\users\Asus\AppData\Roaming\Sysat
2010-08-10 09:29 . 2009-03-26 18:30        --------        d-----w-        c:\program files\PDFCreator
2010-07-22 18:05 . 2009-10-13 18:28        --------        d-----w-        c:\program files\Ask.com
2010-07-16 10:28 . 2009-01-13 21:37        --------        d-----w-        c:\program files\Common Files\Adobe
2010-07-14 18:37 . 2010-07-14 18:34        --------        d-----w-        c:\users\Asus\AppData\Roaming\QuickScan
2010-07-13 15:54 . 2010-07-13 15:54        2944904        ----a-w-        c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\id7gz4la.default\extensions\toolbar@ask.com\chrome\temp\askToolbar.exe
2010-07-06 13:53 . 2010-07-06 13:53        5080112        ----a-w-        c:\programdata\T-Online\T-Online_Software_6\Basis-Software\update\filedistribution\netzmanager_setup.exe
2010-06-26 06:05 . 2010-08-25 20:00        916480        ----a-w-        c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-25 20:00        71680        ----a-w-        c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-25 20:00        109056        ----a-w-        c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-25 20:00        133632        ----a-w-        c:\windows\system32\ieUnatt.exe
2010-06-23 18:40 . 2010-06-23 18:40        501936        ----a-w-        c:\programdata\Google\Google Toolbar\Update\gtb430B.tmp.exe
2010-05-31 18:32 . 2010-08-27 23:46        24376        ----a-w-        c:\program files\mozilla firefox\components\Scriptff.dll
.

((((((((((((((((((((((((((((((((((((((((((((  Look  )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\windows\system32\acovcnt.exe ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 45056
Created time: 2009-03-12 14:49
Modified time: 2010-08-29 06:19
MD5: 6BCAF46E2B7FA9ACE92B4D39F3037C5C
SHA1: 6D5A81E3CF59832D73F28D6E87F51D073C3E4095

---- Directory of c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} ----

2010-08-10 20:34 . 2010-08-28 21:47        17186816        ----a-w-        c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}\{D3742F82-1C1A-4DCC-ABBD-0E831C0185CC}.msi


((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-05-26 13:23        1385864        ----a-w-        c:\program files\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2010-05-26 1385864]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK]
@="{3c3f3c1a-9153-7c05-f938-622e7003894d}"
[HKEY_CLASSES_ROOT\CLSID\{3c3f3c1a-9153-7c05-f938-622e7003894d}]
2010-04-13 18:11        2872120        ----a-w-        c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK2]
@="{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}"
[HKEY_CLASSES_ROOT\CLSID\{e6ea1d7d-144e-b977-98c4-84c53c1a69d0}]
2010-04-13 18:11        2872120        ----a-w-        c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK3]
@="{b4caf489-1eec-c617-49ad-8d7088598c06}"
[HKEY_CLASSES_ROOT\CLSID\{b4caf489-1eec-c617-49ad-8d7088598c06}]
2010-04-13 18:11        2872120        ----a-w-        c:\program files\McAfee Online Backup\MOBKshell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-02-20 4363504]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2009-06-25 1414144]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-26 39408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-10-09 729088]
"ATKMEDIA"="c:\program files\ASUS\ATK Media\DMEDIA.EXE" [2006-11-02 61440]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-22 815104]
"ToADiMon.exe"="c:\program files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe" [2007-02-15 282624]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"SearchSettings"="c:\program files\pdfforge Toolbar\SearchSettings.exe" [2009-01-30 992256]
"FreePDF Assistant"="c:\program files\FreePDF_XP\fpassist.exe" [2008-07-22 357376]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-23 57344]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2010-06-30 1193848]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"InfoCockpit"="c:\program files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE" [2007-01-16 176128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):f1,1b,55,bf,4b,46,cb,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-4186507801-287623148-3281869339-1000]
"EnableNotificationsRef"=dword:00000001

R2 gupdate1c9ae2c6a87a6aa;Google Update Service (gupdate1c9ae2c6a87a6aa);c:\program files\Google\Update\GoogleUpdate.exe [2009-03-26 133104]
R3 ipswuio;ipswuio;c:\windows\system32\DRIVERS\ipswuio.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-05-31 83496]
R3 MIINPazX;MIINPazX NDIS Protocol Driver;c:\progra~1\COMMON~1\MARMIK~1\MInfraIS\MIINPazX.SYS [2006-10-09 17152]
R3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;c:\progra~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [2006-10-09 17536]
R3 SIVDRIVER;SIV Kernel Driver;c:\windows\system32\Drivers\SIVX32.sys [2007-02-24 19944]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2009-06-30 28552]
S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [2010-05-31 64304]
S1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-05-31 160720]
S1 MOBKFilter;MOBKFilter;c:\windows\system32\DRIVERS\MOBK.sys [2010-04-13 54776]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McMPFSvc;McAfee Personal Firewall-Dienst;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe [2010-03-10 271480]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2010-05-31 188136]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\Common Files\McAfee\SystemCore\mfevtps.exe [2010-05-31 141792]
S2 MOBKbackup;1%;c:\program files\McAfee Online Backup\MOBKbackup.exe [2010-04-13 229688]
S2 StkSSrv;Syntek AVStream USB2.0 WebCam Service;c:\windows\System32\StkCSrv.exe [2006-12-10 24576]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-05-31 55456]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-05-31 312616]
S3 StkCMini;Syntek AVStream USB2.0 1.3M WebCam;c:\windows\system32\Drivers\StkCMini.sys [2006-12-21 1132544]
S3 WCPU;WCPU;c:\program files\P4G\WCPU.sys [2007-01-02 11120]


--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - mfeavfk01
*Deregistered* - TuneUpUtilitiesDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs        REG_MULTI_SZ          BthServ
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners

2010-09-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-22 17:03]

2010-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-26 16:03]

2010-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-26 16:03]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.scroogle.org/cgi-bin/scraper.htm
IE: Easy-WebPrint - Drucken - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Easy-WebPrint - Schnelldruck - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint - Vorschau - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint - Zu Druckliste hinzufügen - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\id7gz4la.default\
FF - prefs.js: browser.search.selectedEngine - Secure Search
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=mcafee&p=
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\components\Scriptff.dll
FF - component: c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\id7gz4la.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.27\npGoogleOneClick8.dll
FF - plugin: c:\users\Asus\AppData\Roaming\Mozilla\Firefox\Profiles\id7gz4la.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

AddRemove-abvpkwql - c:\users\asus\appdata\local\atvicwjc.bat



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2010-09-02 21:50
Windows 6.0.6002 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2010-09-02  21:57:14
ComboFix-quarantined-files.txt  2010-09-02 19:57
ComboFix2.txt  2010-09-02 19:14
ComboFix3.txt  2010-08-26 21:03

Vor Suchlauf: 9.723.215.872 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 11.805.085.696 Bytes frei

- - End Of File - - 4334BD3083F2B2507AE0EDFA78E9CCFE
--- --- ---

Hicke 02.09.2010 21:01
so wurde gescriptet

Hicke 02.09.2010 21:05
wie gehts weiter?

cosinus 03.09.2010 10:06
Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus

Anschließend den bootkit_remover herunterladen. Entpacke das Tool in einen eigenen Ordner auf dem Desktop und führe in diesem Ordner die Datei remove.exe aus.

Wenn Du Windows Vista oder Windows 7 verwendest, musst Du die remover.exe über ein Rechtsklick => als Administrator ausführen

Ein schwarzes Fenster wird sich öffnen und automatisch nach bösartigen Veränderungen im MBR suchen.
Poste dann bitte, ob es Veränderungen gibt und wenn ja in welchem device. Am besten alles posten was die remover.exe ausgibt.

Hicke 04.09.2010 11:57
GMER hat eine Warnung herausgegeben, jedoch keine LogDatei. Könnte höchstens den gesamten bis dahin erfolgten Scan prozess posten. Gibt also keine Log DAtei. Das andere Programm lässt sich auch nicht ohne Komplikationen zu Ende bringen, probiere es nun erneut...

Hicke 04.09.2010 12:09
hi Arne,
also osam funktioniert irgendwie auch nicht. lädt die datenbank und dann geht das programm weg. warum?
mist

Hicke 04.09.2010 12:15
der will das ich irgendeine DAtei schließe weil osam nicht komprimiert werden kann. versteh das derzeit nicht wirklihc.

Hicke 04.09.2010 12:45
komme auch mit osam nicht weiter... wie geht es jetzt generell weiter..

cosinus 04.09.2010 16:08
Die Datenbank musst Du nicht abfragen! Überspring den Punkt!

Hicke 04.09.2010 16:12
Hi Arne,
dann gibt es aber kein Punkt mehr. DAs Programm OSAM läuft nicht warum auch immer und das andere Programm gibt keine logfile datei raus

cosinus 04.09.2010 16:29
Führ es doch einfach mal nach Anleitung aus. Hunderte andere User haben es doch auch hinbekommen :balla:

Hicke 04.09.2010 16:33
ich führe alles hier nach Anleitung aus. Wie sollte ich es denn sonst tun? Das verstehe ich jetzt nicht wirklich, aber ich mach den ganzen vorgang nun nochmal. keine ahnung warum es bei 100 anderen immer klappt. mal schauen

Hicke 04.09.2010 18:05
OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 19:04:29 on 04.09.2010

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl
"NokiaConnectionManager" - "Nokia" - C:\PROGRA~1\Nokia\NOKIAP~1\CONNEC~1.CPL
"QuickTime" - "Apple Computer, Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
"ToSysCnf" - "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" - C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToSysCnf.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"catchme" (catchme) - ? - C:\Users\Asus\AppData\Local\Temp\catchme.sys  (File not found)
"ghaio" (ghaio) - ? - C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys  (File found, but it contains no detailed information)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"ipswuio" (ipswuio) - ? - C:\Windows\System32\DRIVERS\ipswuio.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"kwldrpoc" (kwldrpoc) - ? - C:\Users\Asus\AppData\Local\Temp\kwldrpoc.sys  (Hidden registry entry, rootkit activity | File not found)
"MIINPazX NDIS Protocol Driver" (MIINPazX) - "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" - C:\PROGRA~1\COMMON~1\MARMIK~1\MInfraIS\MIINPazX.SYS
"MTOnlPktAlyX NDIS Protocol Driver" (MTOnlPktAlyX) - "Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH" - C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS
"pavboot" (pavboot) - "Panda Security, S.L." - C:\Windows\System32\drivers\pavboot.sys
"PCCS Mode Change Filter Driver" (pccsmcfd) - ? - C:\Windows\System32\DRIVERS\pccsmcfd.sys  (File not found)
"Service for Realtek HD Audio (WDM)" (IntcAzAudAddService) - ? - C:\Windows\System32\drivers\RTKVHDA.sys  (File not found)
"SIV Kernel Driver" (SIVDRIVER) - "Ray Hinchliffe" - C:\Windows\system32\Drivers\SIVX32.sys
"WCPU" (WCPU) - "Windows (R) Codename Longhorn DDK provider" - C:\Program Files\P4G\WCPU.sys

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{AEB6717E-7E19-11d0-97EE-00C04FD91972} "{AEB6717E-7E19-11d0-97EE-00C04FD91972}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{00020d75-0000-0000-c000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office\MLSHEXT.DLL
{416651E4-9C3C-11D9-8BDE-F66BAD1E3F3A} "Nokia Phone Browser" - "Nokia" - C:\Program Files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
{0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -  (File not found | COM-object registry key not found)
{5E2121EE-0300-11D4-8D3B-444553540000} "SimpleShlExt Class" - ? - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Ask Toolbar" - "Ask" - C:\Program Files\Ask.com\GenericAskToolbar.dll
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -  (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{00000000-6E41-4FD3-8538-502F5495E5FC} "UrlSearchHook Class" - "Ask" - C:\Program Files\Ask.com\GenericAskToolbar.dll
{EF99BD32-C1FB-11D2-892F-0090271D4F88} "Yahoo! Toolbar" - "Yahoo! Inc." - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
{E312764E-7706-43F1-8DAB-FCDD2B1E416D} "{E312764E-7706-43F1-8DAB-FCDD2B1E416D}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{9191F686-7F0A-441D-8A98-2FE3AC1BD913} "ActiveScan 2.0 Installer Class" - "Panda Security" - C:\Windows\Downloaded Program Files\as2stubie.dll / hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
{5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} "BDSCANONLINE Control" - "BitDefender" - C:\Windows\DOWNLO~1\oscan82.ocx / hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1239646001457&h=866862cb450b898fe00bc7775d0b2ba9/&filename=jinstall-6u13-windows-i586-jc.cab
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_13.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"Exec" - ? - C:\Windows\bdoscandel.exe  (File found, but it contains no detailed information)
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Ask Toolbar" - "Ask" - C:\Program Files\Ask.com\GenericAskToolbar.dll
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} "Easy-WebPrint" - ? - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
<binary data> "Yahoo! Toolbar" - "Yahoo! Inc." - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{02478D38-C3F9-4efb-9B51-7695ECA05670} "&Yahoo! Toolbar Helper" - "Yahoo! Inc." - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{D4027C7F-154A-4066-A1AD-4243D8127440} "Ask Toolbar" - "Ask" - C:\Program Files\Ask.com\GenericAskToolbar.dll
{68F9551E-0411-48E4-9AAF-4BC42A6A46BE} "EWPBrowseObject Class" - ? - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} "SingleInstance Class" - "Yahoo! Inc" - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"Messenger (Yahoo!)" - "Yahoo! Inc." - "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"PC Suite Tray" - "Nokia" - "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Photo Downloader" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"ATKMEDIA" - "ASUSTeK Computer INC." - C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
"Easy-PrintToolBox" - "CANON INC." - C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
"FreePDF Assistant" - "shbox.de" - C:\Program Files\FreePDF_XP\fpassist.exe
"NeroFilterCheck" - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
"SearchSettings" - "GreenTree Applications, Inc." - C:\Program Files\pdfforge Toolbar\SearchSettings.exe
"Symantec PIF AlertEng" - "Symantec Corporation" - "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
"ToADiMon.exe" - "Deutsche Telekom AG, Marmiko IT-Solutions GmbH" - C:\Program Files\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe -TOnlineAutodialStart

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
"Redirected Port" - ? - C:\Windows\system32\redmonnt.dll  (File found, but it contains no detailed information)

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"ASLDR Service" (ASLDRService) - ? - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
"Automatic LiveUpdate Scheduler" (Automatic LiveUpdate Scheduler) - "Symantec Corporation" - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate1c9ae2c6a87a6aa)" (gupdate1c9ae2c6a87a6aa) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
"LiveUpdate" (LiveUpdate) - "Symantec Corporation" - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
"LiveUpdate Notice Service" (LiveUpdate Notice Service) - "Symantec Corporation" - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
"LiveUpdate Notice Service Ex" (LiveUpdate Notice Ex) - ? - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon  (File not found)
"NBService" (NBService) - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
"spmgr" (spmgr) - ? - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
"Symantec Lic NetConnect service" (CLTNetCnService) - ? - "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon  (File not found)

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

cosinus 05.09.2010 15:17
Siehste es geht doch :D
Das vom Bootkit Remover brauch ich noch. Probier bitte auch noch einmal GMER aus.

Hicke 05.09.2010 16:57
GMER Logfile:
Code:
GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-09-05 17:55:59
Windows 6.0.6002 Service Pack 2
Running: jgt8hyxm.exe; Driver: C:\Users\Asus\AppData\Local\Temp\kwldrpoc.sys


---- System - GMER 1.0.15 ----

INT 0x1F        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                827D0CD0
INT 0x37        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                827D00E8
INT 0xC1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                827D03D8
INT 0xD1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                827BBD64
INT 0xD2        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                827BC01C
INT 0xDF        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                827D01C0
INT 0xE1        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                827D0B40
INT 0xE3        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                827D06D4
INT 0xFD        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                827D1100
INT 0xFE        \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)                                827D136C

---- User IAT/EAT - GMER 1.0.15 ----

IAT            C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1440] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW]    [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT            C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1440] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA]      [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT            C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1440] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]    [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT            C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1440] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW]      [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT            C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1440] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]  [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT            C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1440] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA]    [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT            C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1440] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW]    [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT            C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1440] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]  [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT            C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1440] @ C:\Windows\system32\USER32.dll [GDI32.dll!GetStockObject]      [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT            C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1440] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW]    [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT            C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1440] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW]  [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT            C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1440] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA]    [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT            C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1440] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]  [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT            C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1440] @ C:\Windows\system32\SHLWAPI.dll [GDI32.dll!GetStockObject]    [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT            C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1440] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!GetSysColor]      [61138FE2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT            C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1440] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW]    [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT            C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1440] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA]    [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT            C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1440] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW]  [6113A40D] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT            C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1440] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress]  [61139C3F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT            C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1440] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW]    [6113A37F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT            C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1440] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]    [6113A33F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT            C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1440] @ C:\Windows\system32\SHELL32.dll [GDI32.dll!GetStockObject]    [6113909F] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT            C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1440] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx]  [61138FA4] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT            C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1440] @ C:\Windows\system32\SHELL32.dll [USER32.dll!TrackPopupMenu]    [61138F66] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT            C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1440] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColorBrush]  [611390A5] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT            C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1440] @ C:\Windows\system32\SHELL32.dll [USER32.dll!GetSysColor]      [61138FE2] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT            C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1440] @ C:\Windows\system32\SHELL32.dll [USER32.dll!DefWindowProcW]    [61139856] C:\Program Files\Yahoo!\Messenger\yui.dll
IAT            C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe[1440] @ C:\Windows\system32\SHELL32.dll [USER32.dll!AnimateWindow]    [611390DD] C:\Program Files\Yahoo!\Messenger\yui.dll

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                                Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                                Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\00000042                                                                                      halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice  \Driver\tdx \Device\Udp                                                                                                mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0018f337f16b                                           
Reg            HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0018f337f16b (not active ControlSet)                       

---- EOF - GMER 1.0.15 ----
--- --- ---

Hicke 05.09.2010 17:04
wie startet das boot kit irgendwie ist schwarzer bildschirm da aber es ändert sich nichts...

Hicke 05.09.2010 17:19
kann das fester auch leider nicht kopieren.

Hicke 05.09.2010 17:23
mbr status ok alles grün 1 Zeile. bekomm das was dort steht hier nicht als text rein.

Hicke 05.09.2010 17:30
bootkit remover
mbr status ok dos win32 boot code found

cosinus 05.09.2010 17:55
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Hicke 05.09.2010 18:04
ok malewarebyte läuft gleich an.

Hicke 05.09.2010 19:32
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4550

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

05.09.2010 20:30:51
mbam-log-2010-09-05 (20-30-51).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 256007
Laufzeit: 1 Stunde(n), 23 Minute(n), 54 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Hicke 05.09.2010 21:21
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 09/05/2010 at 09:42 PM

Application Version : 4.42.1000

Core Rules Database Version : 5458
Trace Rules Database Version: 3270

Scan type : Complete Scan
Total Scan Time : 00:54:00

Memory items scanned : 673
Memory threats detected : 0
Registry items scanned : 9106
Registry threats detected : 0
File items scanned : 34299
File threats detected : 5

Adware.Tracking Cookie
C:\Users\Asus\AppData\Roaming\Microsoft\Windows\Cookies\asus@doubleclick[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@im.banner.t-online[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adfarm1.adition[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@track.adform[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@doubleclick[1].txt

cosinus 05.09.2010 21:23
Sieht ok aus, da wurden nur Cookies gefunden.
Noch Probleme oder weitere Funde in der Zwischenzeit?

Hicke 05.09.2010 21:28
nein, nichts auffälliges. Was könnte mir noch auffallen?

cosinus 05.09.2010 21:29
Dann wären wir durch! :abklatsch:

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update



PDF-Reader aktualisieren
Dein Adobe Reader ist nicht aktuell, was ein großes Sicherheitsrisiko darstellt. Du solltest daher besser die alte Version über Systemsteuerung => Software deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst.

Ich empfehle einen alternativen PDF-Reader wie SumatraPDF oder Foxit PDF Reader, beide sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink => http://filepony.de/?q=Flash+Player


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Hicke 05.09.2010 21:34
Arne, vielen herzlichen Dank. Mensch das hat viele Stunden gekostet, aber auch irgendwie recht viel Spaß gemacht, wenn auch ich nicht allzuoft verstanden habe, was eigentlich wo drin stand:)
Werde jetzt die letzten Hausaufgaben noch erledigen und bin froh, den Rechner meinen Kollegen wieder zurückgeben zu können.
Recht vielen Dank für die nette Unterstützung. Werde gern mal was für Euch Spenden:)
Dankeschön:party:


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:35 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131