Trojaner-Board - C:\Users\Melissa\AppData\Local\Temp\hdwwdial.dll

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - C:\Users\Melissa\AppData\Local\Temp\hdwwdial.dll (https://www.trojaner-board.de/97583-c-users-melissa-appdata-local-temp-hdwwdial-dll.html)

C:\Users\Melissa\AppData\Local\Temp\hdwwdial.dll

Vorerst ein freundliches Hallo!:)

Ich habe diese Art von Problem bereits hier im Forum gefunden, allerdings möchte ich nicht blind irgendwelche Anweisungen befolgen, da meine Kenntnisse in diesem Bereich von dünn gesäht bis nicht vorhanden reichen.:balla:
Aus diesem Grunde habe ich ein neues Thema aufgemacht und hoffe, dass sich Jemand meiner annimmt und mir helfen kann.
Seid ein paar Tagen habe ich das Poroblem, dass diese (im Titel genannte) Fehlermeldung nach dem Hochfahren meines Rechners auftritt und mir angibt, dass eben diese Datei nicht gefunden werden konnte. Daraufhin habe ich versucht mich hier im Forum etwas schlau zu machen. Zuallererst hatte ich zwei dieser Meldungen und habe Malwarebytes über mein System laufen lassen. Ich hatte ziemlich viele Funde und habe diese löschen lassen. Leider reichte meine Gehirnkapazität nun nicht mehr dafür aus, den Report zu kopieren. :headbang: Desweiteren, hat mir Maleware angegeben, dass eine Datei nicht gelöscht werden konnte. Jedenfalls hat sich hiernach das Problem auf eine dieser beiden Fehlermeldungen reduziert. Ich habe jetzt nocheinmal Maleware benutzt und dieses mal den Report gespeichert. Die Fehlermeldung besteht weiterhin ( Fehler beim Laden von C:\....dll Das angegebene Modul wurde nicht gefunden).
Mein Computer macht mir ziemliches Kopfzerbrechen ich hoffe, dass mir Jemand helfen kann.:heulen:
Ich bedanke mich im Vorraus schonmal für alle Antworten.

Grüße

Shinichi

:hallo:

Mein Name ist M-K-D-B und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
Bitte kein Crossposting (posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
Bitte arbeite solange mit mir mit, bis ich dir sage, dass wir hier fertig sind.
Solltest du mir nicht innerhalb von 5 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
Für Benutzer von Windows Vista und Windows 7 gilt: Alle Programme mit Rechtsklick "Als Administrator ausführen" starten.

Ich möchte dich nun darauf hinweisen, dass ich hier noch im Training bin und jede Antwort zuerst von einem Mitglied des Kompetenzteams freigegeben werden muss. Dies kann eine leichte Verzögerung der Antworten hervorrufen. Ich bedanke mich für deine Geduld.

Bitte lies dir folgende Themen durch:

Erstelle anschließend die gewünschten Logfiles. Ohne die entsprechenden Logfiles kann und wird dir hier niemand helfen.

Vielen Dank für dein Verständnis. :)

Zitat:

Ich hatte ziemlich viele Funde und habe diese löschen lassen. Leider reichte meine Gehirnkapazität nun nicht mehr dafür aus, den Report zu kopieren.

Öffne Malwarebytes' Anti-Malware -> Klicke auf den Tab Logdateien -> Poste den Inhalt aller Logfiles, die du dort findest.

Hallo M-K-D-B,

vielen dank, dass du mir helfen möchtest! :singsing:
Mir ist durchaus bewusst, dass das mit Arbeit verbunden ist aber ich bin gewillt meinen Rechner von diesen Plagegeistern zu befreien. Jedoch wirst du wohl viel geduld mitbringen müssen, da ich wie gesagt wirklich keine Ahnung von soetwas habe. :dummguck:
Aber hier habe ich nun die gewünschten Logfiles.
Gruß
Shinichi

Hallo Shinichi,

Schritt # 1: Hinweise
Bitte beachte folgende Hinweise:

Es ist nicht nötig, die Logfiles in ein Word-Dokument einzufügen. So gut wie alle Logfiles, die unsere Tools erstellen, werden in sogenannten Textdateien gespeichert. Öffne diese Textdateien, kopiere den Inhalt und füge sie direkt hier ins Forum ein. Das erspart uns Arbeit. :)
Wenn du die beiden Links meiner letzten Antwort sorgfältig durchgelesen hättest, hättest du mir optimalerweise noch mehrere Logfiles, wie z. B. OTL, gepostet. Das werden wir nun nachholen. Bitte lies dir alle Schritte sorgfältig durch und führe sie genau so aus. Vielen Dank.

Schritt # 2: Load.exe ausführen
Downloade Dir bitte Load.exe

Das Tool benötigt eine aktive Internetverbindung, aber keinen offenen Browser
Sollte deine Firewall meckern, die Anwendung bitte zulassen.

Speichere die Datei am Desktop.
Schließe bitte alle laufenden Programme sowie Browser und sichere gegebenfalls offene Dokumente.
Starte die Load.exe
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Das Tool wird nun einige Tools auf deinem Desktop laden.

Sobald der Download beendet ist, startet sich TFC.exe. Drücke den Start Button in TFC.
TFC wird alle offenen Programme schließen. Sichere alle offenen Dokumente bevor du Start drückst
Sollte TFC den Rechner nicht neu starten wird Load.exe den Rechner neu starten.
Nach dem Neustart wird sich automatisch die Anleitung.html ( zu finden auf dem Desktop ) öffnen. Darin wird die Anweisung der Tools beschrieben.

Schritt # 3: Fragen beantworten
Bitte beantworte uns folgende Fragen:

Gibt es außer der von dir bereits angesprochenen Fehlermeldung weitere Probleme? Wenn ja, schildere diese bitte so gut es geht.

Schritt # 4: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort die Logfiles von

Defogger,
GMER und
die beiden Logfiles von OTL (OTL.txt und Extras.txt).

Hallo M-K-D-B,

entschuldige bitte, dass ich nicht aufmerksam genug gelesen habe und somit die OTL-Logfile nicht gepostet habe. Ich werde von nun an aufmerksamer sein. :o

OTL.Txt

OTL Logfile:

Code:

OTL logfile created on: 17.04.2011 20:53:12 - Run 1

OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Melissa\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free

4,00 Gb Paging File | 2,00 Gb Available in Paging File | 52,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 144,29 Gb Total Space | 50,70 Gb Free Space | 35,14% Space Free | Partition Type: NTFS

Drive D: | 144,04 Gb Total Space | 142,65 Gb Free Space | 99,04% Space Free | Partition Type: NTFS

Drive G: | 298,01 Gb Total Space | 124,89 Gb Free Space | 41,91% Space Free | Partition Type: FAT32

Drive J: | 931,28 Gb Total Space | 43,52 Gb Free Space | 4,67% Space Free | Partition Type: FAT32

 

Computer Name: ASSIGAMMELKEKS | User Name: Melissa | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Melissa\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)

PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)

PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

PRC - C:\Windows\System32\Macromed\Flash\FlashUtil10e.exe (Adobe Systems, Inc.)

PRC - C:\Programme\Replay Media Catcher\FLVSrvc.exe (Applian Technologies, Inc.)

PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)

PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)

PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)

PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - D:\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)

PRC - C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)

PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)

PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)

PRC - C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)

PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()

PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe (Deutsche Telekom AG)

PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\profilemgr.exe (Deutsche Telekom AG)

PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe (Deutsche Telekom AG)

PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()

PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)

PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)

PRC - C:\Programme\Common Files\Marmiko Shared\MWLaMaS.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)

PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)

PRC - C:\Programme\T-Online\T-Online_Software_6\Notifier\Notifier.exe (fun communications GmbH, hxxp://www.fun.de)

PRC - C:\Programme\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00\WlanCU.exe ()

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Users\Melissa\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (AdobeActiveFileMonitor7.0) -- D:\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)

SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)

SRV - (Acer HomeMedia Connect Service) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()

SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()

SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)

SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)

DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))

DRV - (hcw95rc) -- C:\Windows\System32\drivers\hcw95rc.sys (Hauppauge Computer Works, Inc.)

DRV - (hcw95bda) -- C:\Windows\System32\drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.)

DRV - (zntport) -- C:\Windows\System32\drivers\zntport.sys (Zeal SoftStudio)

DRV - (tvicport) -- C:\Windows\System32\drivers\TVicPort.sys (EnTech Taiwan)

DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)

DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)

DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )

DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology (StarForce))

DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()

DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)

DRV - (MTOnlPktAlyX) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)

DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology)

DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))

DRV - (SIS163u) -- C:\Windows\System32\drivers\SiS163u.sys (SiS Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=1008&m=aspire_l5100

IE - HKLM\..\URLSearchHook: {b317125e-2f10-4388-bf1f-2c31c6cd89ed} - C:\Programme\DigitalPowered\tbDigi.dll (Conduit Ltd.)

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=1008&m=aspire_l5100

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=1008&m=aspire_l5100

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {b317125e-2f10-4388-bf1f-2c31c6cd89ed} - C:\Programme\DigitalPowered\tbDigi.dll (Conduit Ltd.)

IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultthis.engineName: "Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316"

FF - prefs.js..browser.search.selectedEngine: "Search"

FF - prefs.js..browser.startup.homepage: "google.de"

FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2

FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0

FF - prefs.js..extensions.enabledItems: radiobar@toolbar:1.0.0

FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.2

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655

FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2

FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.2.5.2

FF - prefs.js..extensions.enabledItems: {ecdee021-0d17-467f-a1ff-c7a115230949}:2.7.2.0

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0

FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4

FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3

FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=98cfdf4f00000000000000ff982a88c7&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17395&q="

 

 

FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\2.bin

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.12 18:27:39 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.24 10:54:47 | 000,000,000 | ---D | M]

 

[2009.01.19 23:00:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melissa\AppData\Roaming\mozilla\Extensions

[2011.04.17 17:43:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions

[2010.07.09 10:27:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.03.14 11:54:26 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2010.10.04 10:31:37 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}

[2010.10.26 15:04:48 | 000,000,000 | ---D | M] (DigitalPowered Toolbar) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{b317125e-2f10-4388-bf1f-2c31c6cd89ed}

[2011.03.30 18:22:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{b317125e-2f10-4388-bf1f-2c31c6cd89ed}-trash

[2011.01.25 12:30:40 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2011.01.19 14:45:37 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}

[2010.10.04 10:31:38 | 000,000,000 | ---D | M] (free-downloads.net Toolbar) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}

[2011.01.25 12:30:48 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\engine@conduit.com

[2011.03.29 14:50:56 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com

[2010.03.28 22:07:49 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\illimitux@illimitux.net

[2010.01.30 16:48:09 | 000,000,000 | ---D | M] (RadioBar Toolbar) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\radiobar@toolbar

[2010.02.07 02:10:02 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\searchrecs@veoh.com

[2011.01.25 12:30:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\staged-xpis

[2010.08.09 11:29:22 | 000,000,873 | ---- | M] () -- C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\ne30dex4.default\searchplugins\conduit.xml

[2011.04.06 22:52:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2010.02.16 21:00:29 | 000,000,000 | ---D | M] (VMLoad) -- C:\Programme\Mozilla Firefox\extensions\{464F169E-ACE1-4C5F-A778-A433A3DABBAE}

[2009.08.15 23:40:15 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

[2009.12.06 21:44:35 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD\FIREFOX\EXT

[2009.01.20 12:30:15 | 000,000,000 | ---D | M] (Veoh Web Player Video Finder) -- C:\PROGRAM FILES\VEOH NETWORKS\VEOHWEBPLAYER\FFVIDEOFINDER

[2008.09.04 02:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npbittorrent.dll

[2010.05.25 18:09:48 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll

[2011.03.06 00:27:43 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2011.03.06 00:27:43 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2011.03.06 00:27:43 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2011.03.06 00:27:43 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2011.03.06 00:27:43 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (DigitalPowered Toolbar) - {b317125e-2f10-4388-bf1f-2c31c6cd89ed} - C:\Programme\DigitalPowered\tbDigi.dll (Conduit Ltd.)

O2 - BHO: (VMLoadHBO Class) - {C17C7688-31D1-46D7-8C9B-5D253E4F5D5E} - C:\Users\Melissa\AppData\Roaming\VMLoad\addin\VMLoad.dll (TODO: <Company name>)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Programme\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

O3 - HKLM\..\Toolbar: (DigitalPowered Toolbar) - {b317125e-2f10-4388-bf1f-2c31c6cd89ed} - C:\Programme\DigitalPowered\tbDigi.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Programme\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (DigitalPowered Toolbar) - {B317125E-2F10-4388-BF1F-2C31C6CD89ED} - C:\Programme\DigitalPowered\tbDigi.dll (Conduit Ltd.)

O4 - HKLM..\Run: [Acer Tour Reminder]  File not found

O4 - HKLM..\Run: [Apanel]  File not found

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [Ask and Record FLV Service] C:\Program Files\Replay Media Catcher\FLVSrvc.exe (Applian Technologies, Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)

O4 - HKLM..\Run: [eRecoveryService]  File not found

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [PCMMediaSharing] C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [StartCCC] c:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()

O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)

O4 - HKCU..\Run: [chknelog]  File not found

O4 - HKCU..\Run: [cxlacuxatx.exe]  File not found

O4 - HKCU..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)

O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Secret City - {D401C3A2-12EF-4D1D-A086-F3AB10B565BF} -  File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O12 - Plugin for: .spop -  File not found

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)

O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)

O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)

O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Melissa\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\Melissa\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2006.11.03 12:58:30 | 000,000,038 | -H-- | M] () - G:\AUTORUN.FCB -- [ FAT32 ]

O32 - AutoRun File - [2009.08.10 15:40:34 | 000,000,103 | ---- | M] () - J:\autorun.inf -- [ FAT32 ]

O33 - MountPoints2\{26f0f3d0-e677-11dd-b932-0040f4b7a179}\Shell - "" = AutoRun

O33 - MountPoints2\{26f0f3d0-e677-11dd-b932-0040f4b7a179}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\DVR/AutoRun.exe start.exe

O33 - MountPoints2\{2736ac1d-cde0-11de-9b03-0040f4b7a179}\Shell - "" = AutoRun

O33 - MountPoints2\{2736ac1d-cde0-11de-9b03-0040f4b7a179}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\DVR/AutoRun.exe start.exe

O33 - MountPoints2\{5560534d-38b7-11de-87b8-0040f4b7a179}\Shell - "" = AutoRun

O33 - MountPoints2\{5560534d-38b7-11de-87b8-0040f4b7a179}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\DVR/AutoRun.exe start.exe

O33 - MountPoints2\{b06dce6f-5cdc-11de-919f-0040f4b7a179}\Shell - "" = AutoRun

O33 - MountPoints2\{b06dce6f-5cdc-11de-919f-0040f4b7a179}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\DVR/AutoRun.exe start.exe

O33 - MountPoints2\{cd3199c9-e665-11dd-9066-001fe23aea48}\Shell\AutoRun\command - "" = G:\setupSNK.exe

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.04.17 20:51:30 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Melissa\Desktop\OTL.exe

[2011.04.16 11:30:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2011.04.16 11:30:02 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll

[2011.04.16 11:30:02 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll

[2011.04.16 11:30:02 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2011.04.16 11:30:02 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe

[2011.04.16 11:30:02 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe

[2011.04.16 11:30:02 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2011.04.16 11:30:02 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll

[2011.04.16 11:30:01 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2011.04.16 11:30:01 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll

[2011.04.16 11:30:00 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat

[2011.04.16 11:30:00 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2011.04.16 11:30:00 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2011.04.16 11:30:00 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll

[2011.04.16 11:30:00 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2011.04.16 11:30:00 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2011.04.16 11:30:00 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll

[2011.04.16 11:30:00 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2011.04.16 11:30:00 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2011.04.16 11:30:00 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2011.04.16 11:30:00 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll

[2011.04.16 11:29:59 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2011.04.16 11:29:59 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2011.04.16 11:29:59 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll

[2011.04.16 11:29:59 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll

[2011.04.16 11:29:59 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll

[2011.04.16 11:29:59 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe

[2011.04.16 11:29:59 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe

[2011.04.16 11:29:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2011.04.16 11:29:59 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll

[2011.04.16 11:29:59 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll

[2011.04.16 11:29:58 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2011.04.16 11:29:58 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll

[2011.04.16 11:29:58 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll

[2011.04.16 11:29:58 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2011.04.16 11:29:58 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll

[2011.04.16 11:29:58 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2011.04.16 11:29:58 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll

[2011.04.16 11:29:58 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2011.04.15 15:11:24 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Roaming\Malwarebytes

[2011.04.15 15:11:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011.04.15 15:11:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.04.15 15:11:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.04.15 15:11:13 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011.04.15 15:11:13 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2011.04.14 09:01:53 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2011.04.14 09:01:53 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

[2011.04.14 09:01:42 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll

[2011.04.14 09:01:41 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll

[2011.04.14 09:01:38 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe

[2011.04.14 09:01:37 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2011.04.14 02:05:14 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[2011.04.13 12:51:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler

[2011.04.13 12:51:30 | 000,000,000 | ---D | C] -- C:\Programme\Defraggler

[2011.04.13 12:36:09 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2011.04.02 12:27:47 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Roaming\Xois

[2011.04.02 12:27:47 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Roaming\Iwnevo

[2011.03.23 14:14:02 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll

[2011.03.23 14:14:02 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll

[2009.01.19 22:11:52 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe

[2008.09.30 06:55:45 | 000,049,152 | ---- | C] ( ) -- C:\Windows\INTEROP.IWSHRUNTIMELIBRARY.DLL

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.04.17 20:51:30 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Melissa\Desktop\OTL.exe

[2011.04.17 20:14:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011.04.17 19:29:26 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011.04.17 19:29:26 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011.04.17 19:14:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011.04.17 15:34:22 | 000,233,472 | ---- | M] () -- C:\Users\Melissa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.04.17 12:37:59 | 000,674,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2011.04.17 12:37:59 | 000,634,202 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011.04.17 12:37:59 | 000,146,028 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2011.04.17 12:37:59 | 000,119,766 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011.04.17 11:29:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.04.17 11:28:58 | 1878,515,712 | -HS- | M] () -- C:\hiberfil.sys

[2011.04.17 10:17:49 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job

[2011.04.16 11:30:08 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat

[2011.04.16 11:30:08 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat

[2011.04.16 11:30:02 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2011.04.16 11:30:02 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll

[2011.04.16 11:30:02 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll

[2011.04.16 11:30:02 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2011.04.16 11:30:02 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe

[2011.04.16 11:30:02 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe

[2011.04.16 11:30:02 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2011.04.16 11:30:02 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll

[2011.04.16 11:30:01 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2011.04.16 11:30:01 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll

[2011.04.16 11:30:00 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat

[2011.04.16 11:30:00 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2011.04.16 11:30:00 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2011.04.16 11:30:00 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll

[2011.04.16 11:30:00 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2011.04.16 11:30:00 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2011.04.16 11:30:00 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll

[2011.04.16 11:30:00 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2011.04.16 11:30:00 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2011.04.16 11:30:00 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf

[2011.04.16 11:30:00 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2011.04.16 11:30:00 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll

[2011.04.16 11:29:59 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2011.04.16 11:29:59 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2011.04.16 11:29:59 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll

[2011.04.16 11:29:59 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll

[2011.04.16 11:29:59 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll

[2011.04.16 11:29:59 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe

[2011.04.16 11:29:59 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe

[2011.04.16 11:29:59 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2011.04.16 11:29:59 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll

[2011.04.16 11:29:59 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll

[2011.04.16 11:29:58 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2011.04.16 11:29:58 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll

[2011.04.16 11:29:58 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll

[2011.04.16 11:29:58 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2011.04.16 11:29:58 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll

[2011.04.16 11:29:58 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2011.04.16 11:29:58 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll

[2011.04.16 11:29:58 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2011.04.15 15:11:18 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.04.15 03:30:24 | 000,328,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011.04.13 12:51:32 | 000,001,706 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk

[2011.04.11 20:43:57 | 092,643,550 | ---- | M] () -- C:\Users\Melissa\Documents\Megavideo.com - 2828C2AF60C2BB..C2AB5BNeverAlone5DC2BB..C2ABC2B4C2AF2929.flv

[2011.04.06 22:35:33 | 000,000,054 | ---- | M] () -- C:\Windows\mpsettings.ini

 
 ========== Files Created - No Company Name ==========

 

[2011.04.16 11:30:00 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf

[2011.04.15 15:11:18 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.04.13 12:51:32 | 000,001,706 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk

[2011.04.11 20:43:58 | 092,643,550 | ---- | C] () -- C:\Users\Melissa\Documents\Megavideo.com - 2828C2AF60C2BB..C2AB5BNeverAlone5DC2BB..C2ABC2B4C2AF2929.flv

[2011.04.06 22:35:33 | 000,000,054 | ---- | C] () -- C:\Windows\mpsettings.ini

[2010.08.13 11:30:19 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI

[2010.06.22 15:21:30 | 000,000,000 | ---- | C] () -- C:\Users\Melissa\AppData\Roaming\chrtmp

[2010.06.14 19:12:53 | 000,000,130 | ---- | C] () -- C:\Windows\System32\rpireica.bin

[2009.11.12 20:27:13 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2009.11.12 20:27:13 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2009.11.12 20:27:08 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2009.11.12 20:27:07 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2009.11.12 20:27:06 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2009.11.09 19:19:44 | 000,000,000 | ---- | C] () -- C:\Windows\System32\swunilog.ini

[2009.11.04 23:47:55 | 000,237,568 | ---- | C] () -- C:\Windows\System32\rmc_rtspdl.dll

[2009.09.24 06:17:18 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009.09.24 06:17:17 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009.09.02 06:57:23 | 000,007,268 | ---- | C] () -- C:\Users\Melissa\AppData\Local\d3d9caps.dat

[2009.07.02 13:51:39 | 000,006,550 | ---- | C] () -- C:\Windows\jautoexp.dat

[2009.02.10 19:22:57 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib

[2009.01.28 20:46:28 | 000,000,096 | ---- | C] () -- C:\Users\Melissa\AppData\Roaming\wklnhst.dat

[2009.01.20 13:05:11 | 000,000,399 | ---- | C] () -- C:\Windows\vtplus32.ini

[2009.01.20 13:05:01 | 000,149,504 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE

[2009.01.20 13:04:31 | 000,032,295 | ---- | C] () -- C:\Windows\Irremote.ini

[2009.01.20 13:04:21 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dmcrypto.dll

[2009.01.20 13:03:53 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI

[2009.01.20 13:03:53 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI

[2009.01.20 13:03:51 | 000,163,840 | ---- | C] () -- C:\Windows\System32\hcwChDB.dll

[2009.01.20 13:02:53 | 000,006,315 | ---- | C] () -- C:\Windows\HCWPNP.INI

[2009.01.20 00:02:56 | 000,233,472 | ---- | C] () -- C:\Users\Melissa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.01.19 23:11:52 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2009.01.19 22:39:59 | 000,000,095 | ---- | C] () -- C:\Users\Melissa\AppData\Local\fusioncache.dat

[2009.01.19 22:11:52 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe

[2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll

[2008.11.06 18:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll

[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll

[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll

[2008.10.06 06:48:51 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini

[2008.10.06 06:48:51 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini

[2008.01.21 09:15:58 | 000,674,344 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2008.01.21 09:15:58 | 000,146,028 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2007.04.11 19:30:48 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll

[2007.04.11 17:09:20 | 000,000,734 | ---- | C] () -- C:\Windows\generic.ini

[2007.04.11 17:09:20 | 000,000,125 | ---- | C] () -- C:\Windows\Alaunch.ini

[2007.04.11 17:07:33 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat

[2007.04.11 17:07:33 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2007.04.11 17:07:32 | 000,144,773 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2007.04.11 09:20:03 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys

[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 14:47:37 | 000,328,032 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006.11.02 12:33:01 | 000,634,202 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006.11.02 12:33:01 | 000,119,766 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2005.01.06 15:04:00 | 000,049,152 | ---- | C] () -- C:\Windows\System32\unwlsdrv.exe

[2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll

[2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll

[2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll

[2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

[1997.06.14 13:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:E36F5B57

@Alternate Data Stream - 48 bytes -> C:\Windows:857B1D3CE2BFC36F
 

< End of report >

--- --- ---

Extras.Txt

OTL Logfile:

Code:

OTL Extras logfile created on: 17.04.2011 20:53:12 - Run 1

OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Melissa\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free

4,00 Gb Paging File | 2,00 Gb Available in Paging File | 52,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 144,29 Gb Total Space | 50,70 Gb Free Space | 35,14% Space Free | Partition Type: NTFS

Drive D: | 144,04 Gb Total Space | 142,65 Gb Free Space | 99,04% Space Free | Partition Type: NTFS

Drive G: | 298,01 Gb Total Space | 124,89 Gb Free Space | 41,91% Space Free | Partition Type: FAT32

Drive J: | 931,28 Gb Total Space | 43,52 Gb Free Space | 4,67% Space Free | Partition Type: FAT32

 

Computer Name: ASSIGAMMELKEKS | User Name: Melissa | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

.html [@ = htmlfile] -- C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe (Deutsche Telekom AG, T-Com)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

htmlfile [open] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" (Deutsche Telekom AG, T-Com)

htmlfile [opennew] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" (Deutsche Telekom AG, T-Com)

htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"

http [open] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" (Deutsche Telekom AG, T-Com)

https [open] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" (Deutsche Telekom AG, T-Com)

inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "D:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "D:\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "D:\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{9265EC7A-E74F-4CDF-8A76-E4033AD19FF8}" = lport=2799 | protocol=17 | dir=in | name=altova license metering port (udp) | 

"{9D830633-DD90-4848-B43D-4EF669D6F30D}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{C30F9E5F-F884-4709-8280-9BF784D597AF}" = lport=2799 | protocol=6 | dir=in | name=altova license metering port (tcp) | 

"{CDB5E889-7B85-4872-A409-1F10550761B2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{36C6E343-386F-4206-9620-AE09F0637B87}" = dir=in | app=c:\program files\itunes\itunes.exe | 

"{37C1A328-628F-440D-BB32-B14E94F9B3C8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{429E1076-6ED3-4631-A110-E242611ABD04}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe | 

"{470485FC-DCD2-42E6-838B-540E050DE5C6}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 

"{49E4D65D-DEF5-49DD-B6B4-D4518F3F07E1}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | 

"{4C880794-BF1D-4C44-AD3C-3FD4250E5173}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | 

"{5A2859D1-F844-4801-BA8A-BDC0BDBFA558}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe | 

"{6A08AA94-D7A3-4683-87AB-B24381941503}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 

"{718A601A-C322-4255-83C0-FCDA64B2CA6D}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe | 

"{76D1DCC1-7E94-4A4E-9187-78274AB2BBFC}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe | 

"{868152AE-DA95-4E0E-9108-8CE3109FF356}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 

"{88E99510-3643-4B2E-B7CE-83B61D45F9D8}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 

"{9291FD17-F5BA-4322-A18A-4EC9F59C4022}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe | 

"{99BCA220-9175-484D-BC1C-2B1676046127}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 

"{A53B27B6-773D-47E5-AFA9-73C76B7FF3E9}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe | 

"{A8296857-D3DC-45A0-AEA7-8C9B04B9EB2A}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe | 

"{AB2224D7-5B2C-4C66-9F80-4C9570629041}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 

"{AE04494B-E8AE-437B-9966-C6983DD556F0}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 

"{AF92660B-57A0-46FB-885B-3665D19E3912}" = dir=in | app=c:\program files\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe | 

"{CA400290-A962-4669-95F0-71C5F75DF3A5}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe | 

"{EB9C78C8-C45B-4B90-80EA-EC8212B374EC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{001FC252-5D30-956C-D6E3-405B9651B698}" = CCC Help Korean

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{0145ABB1-8F13-D85C-EFA7-16AAFD415F07}" = Catalyst Control Center Localization Chinese Standard

"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{08091134-5478-4F0E-5A1A-470BE72647ED}" = CCC Help Thai

"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent

"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect

"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{18F72BF6-D1B1-04AF-BBB2-EA2BA6F50EDB}" = CCC Help English

"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1

"{1E6F7CFD-5BEB-0828-B1B1-645FA4F292DB}" = Catalyst Control Center Localization Korean

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15

"{27005EDF-E80A-7059-81A3-692051625488}" = Catalyst Control Center Localization French

"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder

"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie

"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes

"{2D4A265B-8CE4-EF70-0C2A-1271119AA5B3}" = Catalyst Control Center Localization Turkish

"{2EA65C2D-0C11-3D8B-46AE-B9092EE7D64C}" = CCC Help Norwegian

"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component

"{2EB3629F-C98A-F5A3-25C2-D47B0EDF2A7C}" = CCC Help Greek

"{2FA6AE84-DFE1-9651-7AEB-2E8C78E5B97D}" = CCC Help Swedish

"{355D4B62-447F-1654-70EE-5DEB8D11D807}" = Catalyst Control Center Localization Danish

"{37EBDFAC-5900-A0AD-CCE9-9A0DDA5682F9}" = Catalyst Control Center Localization Portuguese

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD

"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager

"{41D87F76-0623-B98E-089E-AD0010369AC1}" = ccc-utility

"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger

"{45576B9A-D9A9-CCE2-488F-E74A96FA550B}" = CCC Help Turkish

"{472BC165-1990-1963-7AAD-BD4DAA3F293E}" = CCC Help Finnish

"{4B4C56E5-819C-E1EB-B682-2F3EB3C32D88}" = CCC Help Hungarian

"{4C0F2181-4765-D5C5-B665-52E7722C1D18}" = Catalyst Control Center Localization Japanese

"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack

"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works

"{526B988C-393C-181A-0536-257C6AE70D18}" = CCC Help Portuguese

"{5792B5D9-645A-3309-C848-9BB7A68F1667}" = CCC Help Russian

"{593AF68A-BEDA-BC04-D278-7E020F2E6A6E}" = Catalyst Control Center Localization Dutch

"{5EC29BC7-F0E5-4FA1-864C-D155548B024E}" = Altova StyleVision® 2009  Enterprise Edition

"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{67ED5CFB-7EBF-AEF2-C5FF-DCF2D2AC5A77}" = Catalyst Control Center Core Implementation

"{687C95B4-4670-DEF1-4585-E11CE3AB7C26}" = CCC Help German

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6D4DC170-69D1-7CE8-EF98-6DCDC887FA1C}" = Catalyst Control Center Localization Spanish

"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar

"{75D803F3-2CCA-F91B-F269-1EA77BA56688}" = Catalyst Control Center Localization Chinese Traditional

"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync

"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{7CE727EA-498F-B17F-53B6-C695E134C83C}" = Catalyst Control Center Localization Greek

"{7E70195B-0530-EED3-E8FE-237EC86F989E}" = Catalyst Control Center Localization Polish

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{88410D8F-8529-492B-B556-2394A29B811B}" = Broadcom Driver Installation Program

"{886607CA-3144-493D-1134-EEAAC8D5AAFD}" = CCC Help French

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A5AEB5F-C533-FD3B-9D35-6FF8BEB91A7E}" = CCC Help Dutch

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{8CB7C96F-22D5-5911-3507-4639ED218CE6}" = CCC Help Polish

"{8FF37D01-3105-690A-C481-06EBED787498}" = Catalyst Control Center Localization Swedish

"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{97D4EB44-3BD8-F35A-14AE-73FB3B491396}" = Catalyst Control Center Localization Italian

"{99AF8AED-2960-B47B-CAA0-1558B5E78D48}" = CCC Help Danish

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9B5A6F0F-EBEC-85B1-C3C2-07E84A58E0DD}" = Catalyst Control Center Graphics Light

"{9EC9754D-CA34-4293-B5DB-3BD245A88A43}" = ArcSoft MediaImpression

"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management

"{A78024C0-8C20-27CB-2B7B-6A60445B61AF}" = Catalyst Control Center Localization Russian

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder

"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia

"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter

"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology

"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch

"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder

"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0

"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine

"{B231A9E2-9E9C-9226-E483-DD2D725D1BFE}" = Catalyst Control Center Localization Thai

"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6

"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{B7CBEC53-C913-87E2-D70F-3BABEFB0A080}" = Catalyst Control Center Localization Finnish

"{B92C4887-D617-F6C5-DC4B-94984C23E0ED}" = Catalyst Control Center Graphics Full Existing

"{BD2BA0B1-5448-987E-9562-6C665252714A}" = Catalyst Control Center Localization Norwegian

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{BDC88E5A-F47B-4314-AB38-994592E32C95}" = 802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00

"{C03A4F4C-09A2-ADA3-0DE9-F830F636DD4B}" = CCC Help Spanish

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail

"{C6660342-B863-AD6B-3D74-C5466AAF1A5F}" = CCC Help Italian

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0

"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1

"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management

"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management

"{D475C441-82E7-4694-8717-EA8896D6D37A}" = CCC Help Japanese

"{D51FFF33-0F42-72C1-0DFD-220E3B3E4F97}" = CCC Help Chinese Traditional

"{DABC2CCE-5B36-66D2-2CEF-EA2188BE51CF}" = ccc-core-static

"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support

"{DD8E5E2F-2189-3CB5-D048-38102D91C06A}" = Catalyst Control Center Graphics Full New

"{DE247139-8107-31A7-E580-6AFAE183A95F}" = Catalyst Control Center Localization German

"{DEB38E1A-F4E5-4DF0-96F4-4050567A9D09}" = AV Input Selection

"{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T

"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}" = NVIDIA PhysX v8.10.17

"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2010

"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime

"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack

"{E7DA2552-8808-7F25-1A85-AAFDE834CA14}" = CCC Help Czech

"{EB0A38F9-6698-B5D5-949E-E042BBEE763B}" = Catalyst Control Center Localization Hungarian

"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician

"{F748B133-D25C-14C2-0178-D90703042FDE}" = CCC Help Chinese Standard

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician

"{F840ACBD-6167-EDD9-FD4D-41A79DF43552}" = Catalyst Control Center Localization Czech

"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials

"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver

"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Acrobat 5.0" = Adobe Acrobat 5.0

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0

"Any Video Converter_is1" = Any Video Converter 2.6.7

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"CloneDVD2" = CloneDVD2

"conduitEngine" = Conduit Engine

"Defraggler" = Defraggler

"DigitalPowered Toolbar" = DigitalPowered Toolbar

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"Free Studio_is1" = Free Studio version 4.2

"Free Video to Mp3 Converter_is1" = Free Video to Mp3 Converter version 3.1

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7

"Google Desktop" = Google Desktop

"Graboid Video" = Graboid Video 1.65

"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2

"InstallShield_{BDC88E5A-F47B-4314-AB38-994592E32C95}" = 802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00

"KLiteCodecPack_is1" = K-Lite Codec Pack 5.3.0 (Full)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)

"RealPlayer 12.0" = RealPlayer

"Replay Media Catcher 3.11" = Replay Media Catcher 3.11

"Sandlot Games Client Services 1.2.2_is1" = Sandlot Games Client Services 1.2.2

"Shockwave" = Shockwave

"Tastenteufel" = Tastenteufel

"Uninstall_is1" = Uninstall 1.0.0.1

"VLC media player" = VideoLAN VLC media player 0.8.6d

"VTPlus32 für WinTV (German)" = VTPlus32 für WinTV (German)

"Winamp" = Winamp

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.

"Winamp Detect" = Winamp Erkennungs-Plug-in

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 01.04.2011 20:06:28 | Computer Name = AssiGammelKeks | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 01.04.2011 20:06:28 | Computer Name = AssiGammelKeks | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 16208

 

Error - 01.04.2011 20:06:28 | Computer Name = AssiGammelKeks | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 16208

 

Error - 01.04.2011 20:06:29 | Computer Name = AssiGammelKeks | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 01.04.2011 20:06:29 | Computer Name = AssiGammelKeks | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 17207

 

Error - 01.04.2011 20:06:29 | Computer Name = AssiGammelKeks | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 17207

 

Error - 01.04.2011 20:06:30 | Computer Name = AssiGammelKeks | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

Error - 01.04.2011 20:06:30 | Computer Name = AssiGammelKeks | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledEvent 18221

 

Error - 01.04.2011 20:06:30 | Computer Name = AssiGammelKeks | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: m->NextScheduledSPRetry 18221

 

Error - 01.04.2011 20:06:31 | Computer Name = AssiGammelKeks | Source = Bonjour Service | ID = 100

Description = Task Scheduling Error: Continuously busy for more than a second

 

[ System Events ]

Error - 16.04.2011 05:22:42 | Computer Name = AssiGammelKeks | Source = atikmdag | ID = 43033

Description = Edid checksum error

 

Error - 16.04.2011 05:22:42 | Computer Name = AssiGammelKeks | Source = atikmdag | ID = 43037

Description = 

 

Error - 16.04.2011 05:22:42 | Computer Name = AssiGammelKeks | Source = atikmdag | ID = 43033

Description = Edid checksum error

 

Error - 17.04.2011 04:17:50 | Computer Name = AssiGammelKeks | Source = atikmdag | ID = 43033

Description = Edid checksum error

 

Error - 17.04.2011 04:20:24 | Computer Name = AssiGammelKeks | Source = atikmdag | ID = 43033

Description = Edid checksum error

 

Error - 17.04.2011 04:20:25 | Computer Name = AssiGammelKeks | Source = atikmdag | ID = 43037

Description = 

 

Error - 17.04.2011 04:20:25 | Computer Name = AssiGammelKeks | Source = atikmdag | ID = 43033

Description = Edid checksum error

 

Error - 17.04.2011 05:28:59 | Computer Name = AssiGammelKeks | Source = atikmdag | ID = 43033

Description = Edid checksum error

 

Error - 17.04.2011 05:28:59 | Computer Name = AssiGammelKeks | Source = atikmdag | ID = 43037

Description = 

 

Error - 17.04.2011 05:28:59 | Computer Name = AssiGammelKeks | Source = atikmdag | ID = 43033

Description = Edid checksum error

 

 

< End of report >

--- --- ---

Gmer.Txt

GMER Logfile:

Code:

GMER 1.0.15.15570 - hxxp://www.gmer.net

Rootkit scan 2011-04-17 22:39:47

Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-6 WDC_WD3200AAJS-22B4A0 rev.01.03A01

Running: g2m3e4r.exe; Driver: C:\Users\Melissa\AppData\Local\Temp\pwtcauoc.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            9B229C6C                                                                                                                          ZwCreateThread

SSDT            9B229C58                                                                                                                          ZwOpenProcess

SSDT            9B229C5D                                                                                                                          ZwOpenThread

SSDT            9B229C67                                                                                                                          ZwTerminateProcess
 

INT 0x51        ?                                                                                                                                 844C5BF8

INT 0x61        ?                                                                                                                                 844C5BF8

INT 0x62        ?                                                                                                                                 85E87F00

INT 0x72        ?                                                                                                                                 85E87F00

INT 0x82        ?                                                                                                                                 85E87F00

INT 0x92        ?                                                                                                                                 85E87F00

INT 0xB2        ?                                                                                                                                 844C5BF8
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           ntkrnlpa.exe!KeSetEvent + 221                                                                                                     824F59A4 4 Bytes  [6C, 9C, 22, 9B]

.text           ntkrnlpa.exe!KeSetEvent + 3F2                                                                                                     824F5B75 3 Bytes  [9C, 22, 9B]

.text           ntkrnlpa.exe!KeSetEvent + 40D                                                                                                     824F5B90 4 Bytes  [5D, 9C, 22, 9B]

.text           ntkrnlpa.exe!KeSetEvent + 621                                                                                                     824F5DA4 4 Bytes  [67, 9C, 22, 9B]

?               System32\Drivers\splb.sys                                                                                                         Das System kann den angegebenen Pfad nicht finden. !

.text           USBPORT.SYS!DllUnload                                                                                                             8D31341B 5 Bytes  JMP 85E874E0 

.text           alvdiw0b.SYS                                                                                                                      8D377000 22 Bytes  [82, D3, 41, 82, 6C, D2, 41, ...]

.text           alvdiw0b.SYS                                                                                                                      8D377017 137 Bytes  [00, 32, 97, B1, 82, 3D, 95, ...]

.text           alvdiw0b.SYS                                                                                                                      8D3770A1 43 Bytes  [20, 4F, 82, 74, 16, 49, 82, ...]

.text           alvdiw0b.SYS                                                                                                                      8D3770CE 10 Bytes  [00, 00, 00, 00, 00, 00, 02, ...]

.text           alvdiw0b.SYS                                                                                                                      8D3770DA 12 Bytes  [00, 00, 02, 00, 00, 00, 24, ...]

.text           ...                                                                                                                               
 

---- User code sections - GMER 1.0.15 ----
 

.text           C:\Windows\Explorer.EXE[1548] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5                                                        75FFB37C 4 Bytes  [50, 26, 00, 10] {PUSH EAX; ADD ES:[EAX], DL}

.text           C:\Program Files\Internet Explorer\iexplore.exe[2716] kernel32.dll!GetTempFileNameW                                               77391741 5 Bytes  JMP 100018E0 C:\Users\Melissa\AppData\Local\FLVService\lib\FLVSrvLib.dll (FLV Service Library for Ask and Record Toolbar/Applian Technologies, Inc.)

.text           C:\Program Files\Internet Explorer\iexplore.exe[2716] kernel32.dll!CreateThread                                                   773CC90E 5 Bytes  JMP 6C677133 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!CreateDialogParamW                                               770E72A2 5 Bytes  JMP 050A49D0 C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)

.text           C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!GetAsyncKeyState                                                 770E863C 2 Bytes  JMP 6C65DC09 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!GetAsyncKeyState + 3                                             770E863F 2 Bytes  [57, F5] {PUSH EDI; CMC }

.text           C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!SetWindowsHookExW                                                770E87AD 5 Bytes  JMP 6C6B1FE4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!CallNextHookEx                                                   770E8E3B 5 Bytes  JMP 6C6D7AEF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!UnhookWindowsHookEx                                              770E98DB 5 Bytes  JMP 6C6FEB70 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!EnableWindow                                                     770ECD8B 5 Bytes  JMP 6C6B9884 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!DefWindowProcA                                                   770EDB88 7 Bytes  JMP 6C679345 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!CreateWindowExA                                                  770EDC2A 2 Bytes  JMP 6C683173 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!CreateWindowExA + 3                                              770EDC2D 2 Bytes  [59, F5] {POP ECX; CMC }

.text           C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!CreateWindowExW                                                  770F1305 5 Bytes  JMP 6C6DFF57 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!GetKeyState                                                      770F8CB1 5 Bytes  JMP 6C65DAE3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!DefWindowProcW                                                   771003B4 7 Bytes  JMP 6C6D7B52 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!IsDialogMessageW                                                 77100745 5 Bytes  JMP 6C806406 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!TrackPopupMenu                                                   771014F3 5 Bytes  JMP 050A4150 C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)

.text           C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!CreateDialogParamA                                               771017AA 5 Bytes  JMP 6C805C41 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!IsDialogMessage                                                  77101847 5 Bytes  JMP 6C8063DE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!CreateDialogIndirectParamA                                       771026F1 5 Bytes  JMP 6C805CB1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!CreateDialogIndirectParamW                                       77109A62 5 Bytes  JMP 6C805CE9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!SetKeyboardState                                                 77110987 5 Bytes  JMP 6C806CCD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!TrackPopupMenuEx                                                 77110CE7 5 Bytes  JMP 050A42B0 C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)

.text           C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!DialogBoxParamW                                                  771110B0 5 Bytes  JMP 050A4B50 C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)

.text           C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!DialogBoxIndirectParamW                                          77112EF5 5 Bytes  JMP 6C80590F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!SendInput                                                        77112F75 5 Bytes  JMP 6C806C75 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!EndDialog                                                        7711326E 5 Bytes  JMP 6C8066B2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!SetCursorPos                                                     77126FB2 5 Bytes  JMP 6C806D4E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!DialogBoxParamA                                                  77128152 5 Bytes  JMP 6C8058AA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!DialogBoxIndirectParamA                                          7712847D 5 Bytes  JMP 6C805974 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!MessageBoxIndirectA                                              7713D4D9 5 Bytes  JMP 6C805831 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!MessageBoxIndirectW                                              7713D5D3 5 Bytes  JMP 6C8057B8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!MessageBoxExA                                                    7713D639 5 Bytes  JMP 6C805754 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!MessageBoxExW                                                    7713D65D 5 Bytes  JMP 6C8056F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[2716] USER32.dll!keybd_event                                                      7713D972 5 Bytes  JMP 6C806C32 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[2716] SHELL32.dll!SHRestricted + D95                                              760489A8 4 Bytes  [37, 01, 40, 67] {AAA ; ADD [EAX+0x67], EAX}

.text           C:\Program Files\Internet Explorer\iexplore.exe[2716] SHELL32.dll!SHRestricted + D9D                                              760489B0 8 Bytes  [60, 61, 3F, 67, E1, F6, 3F, ...]

.text           C:\Program Files\Internet Explorer\iexplore.exe[2716] ole32.dll!OleLoadFromStream                                                 75D61E80 5 Bytes  JMP 6C806110 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[2716] ole32.dll!CoCreateInstance                                                  75D99F3E 5 Bytes  JMP 6C6DB6D4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[2716] WS2_32.dll!closesocket                                                      772C330C 5 Bytes  JMP 66F4EEE9 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[2716] WS2_32.dll!recv                                                             772C343A 5 Bytes  JMP 66F4F1C3 C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[2716] WS2_32.dll!socket                                                           772C36D1 5 Bytes  JMP 66F4E59E C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[2716] WS2_32.dll!connect                                                          772C40D9 5 Bytes  JMP 66F4E62A C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[2716] WS2_32.dll!getaddrinfo                                                      772C418A 5 Bytes  JMP 66F4E71D C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[2716] WS2_32.dll!send                                                             772C659B 5 Bytes  JMP 66F4E9ED C:\Program Files\Microsoft\Search Enhancement Pack\SeaNote\SeaNote.dll (Microsoft Search Note/Microsoft Corporation)

.text           C:\Program Files\Mozilla Firefox\firefox.exe[4600] ntdll.dll!LdrLoadDll                                                           776493A8 5 Bytes  JMP 00E213F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

.text           C:\Program Files\Mozilla Firefox\firefox.exe[4600] kernel32.dll!GetTempFileNameW                                                  77391741 5 Bytes  JMP 100018E0 C:\Users\Melissa\AppData\Local\FLVService\lib\FLVSrvLib.dll (FLV Service Library for Ask and Record Toolbar/Applian Technologies, Inc.)

.text           C:\Program Files\Mozilla Firefox\firefox.exe[4600] kernel32.dll!CreateFileW                                                       773CAECB 5 Bytes  JMP 10002150 C:\Users\Melissa\AppData\Local\FLVService\lib\FLVSrvLib.dll (FLV Service Library for Ask and Record Toolbar/Applian Technologies, Inc.)

.text           C:\Program Files\Internet Explorer\iexplore.exe[4840] kernel32.dll!GetTempFileNameW                                               77391741 5 Bytes  JMP 100018E0 C:\Users\Melissa\AppData\Local\FLVService\lib\FLVSrvLib.dll (FLV Service Library for Ask and Record Toolbar/Applian Technologies, Inc.)

.text           C:\Program Files\Internet Explorer\iexplore.exe[4840] kernel32.dll!CreateFileW                                                    773CAECB 5 Bytes  JMP 10002150 C:\Users\Melissa\AppData\Local\FLVService\lib\FLVSrvLib.dll (FLV Service Library for Ask and Record Toolbar/Applian Technologies, Inc.)

.text           C:\Program Files\Internet Explorer\iexplore.exe[4840] USER32.dll!CreateDialogParamW                                               770E72A2 5 Bytes  JMP 045349D0 C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)

.text           C:\Program Files\Internet Explorer\iexplore.exe[4840] USER32.dll!EnableWindow                                                     770ECD8B 5 Bytes  JMP 6C6B9884 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[4840] USER32.dll!TrackPopupMenu                                                   771014F3 5 Bytes  JMP 04534150 C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)

.text           C:\Program Files\Internet Explorer\iexplore.exe[4840] USER32.dll!TrackPopupMenuEx                                                 77110CE7 5 Bytes  JMP 045342B0 C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)

.text           C:\Program Files\Internet Explorer\iexplore.exe[4840] USER32.dll!DialogBoxParamW                                                  771110B0 5 Bytes  JMP 04534B50 C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Toolbar/Conduit Ltd.)

.text           C:\Program Files\Internet Explorer\iexplore.exe[4840] USER32.dll!DialogBoxIndirectParamW                                          77112EF5 5 Bytes  JMP 6C80590F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[4840] USER32.dll!DialogBoxParamA                                                  77128152 5 Bytes  JMP 6C8058AA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[4840] USER32.dll!DialogBoxIndirectParamA                                          7712847D 5 Bytes  JMP 6C805974 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[4840] USER32.dll!MessageBoxIndirectA                                              7713D4D9 5 Bytes  JMP 6C805831 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[4840] USER32.dll!MessageBoxIndirectW                                              7713D5D3 5 Bytes  JMP 6C8057B8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[4840] USER32.dll!MessageBoxExA                                                    7713D639 5 Bytes  JMP 6C805754 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

.text           C:\Program Files\Internet Explorer\iexplore.exe[4840] USER32.dll!MessageBoxExW                                                    7713D65D 5 Bytes  JMP 6C8056F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
 

---- Devices - GMER 1.0.15 ----
 

Device          \FileSystem\Ntfs \Ntfs                                                                                                            84E5A1F8

Device          \FileSystem\fastfat \FatCdrom                                                                                                     86D44500

Device          \Driver\volmgr \Device\VolMgrControl                                                                                              844C71F8

Device          \Driver\netbt \Device\NetBT_Tcpip_{47A7ADE3-B642-4C17-9D29-3899857D60D3}                                                          869BA1F8

Device          \Driver\usbohci \Device\USBPDO-0                                                                                                  85E0D1F8

Device          \Driver\PCI_PNP7131 \Device\00000051                                                                                              splb.sys

Device          \Driver\sptd \Device\47901140                                                                                                     splb.sys

Device          \Driver\usbohci \Device\USBPDO-1                                                                                                  85E0D1F8

Device          \Driver\usbohci \Device\USBPDO-2                                                                                                  85E0D1F8

Device          \Driver\usbohci \Device\USBPDO-3                                                                                                  85E0D1F8

Device          \Driver\netbt \Device\NetBT_Tcpip_{489A8CC2-652A-4F88-A6E8-FAF429845542}                                                          869BA1F8

Device          \Driver\usbohci \Device\USBPDO-4                                                                                                  85E0D1F8

Device          \Driver\usbehci \Device\USBPDO-5                                                                                                  85DE81F8

Device          \Driver\volmgr \Device\HarddiskVolume1                                                                                            844C71F8

Device          \Driver\USBSTOR \Device\00000071                                                                                                  85F031F8

Device          \Driver\USBSTOR \Device\00000071                                                                                                  sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device          \Driver\volmgr \Device\HarddiskVolume2                                                                                            844C71F8

Device          \Driver\cdrom \Device\CdRom0                                                                                                      85E06500

Device          \Driver\USBSTOR \Device\00000072                                                                                                  85F031F8

Device          \Driver\USBSTOR \Device\00000072                                                                                                  sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device          \Driver\atapi \Device\Ide\IdePort0                                                                                                84E591F8

Device          \Driver\atapi \Device\Ide\IdePort0                                                                                                sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device          \Driver\atapi \Device\Ide\IdePort1                                                                                                84E591F8

Device          \Driver\atapi \Device\Ide\IdePort1                                                                                                sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device          \Driver\atapi \Device\Ide\IdePort2                                                                                                84E591F8

Device          \Driver\atapi \Device\Ide\IdePort2                                                                                                sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device          \Driver\atapi \Device\Ide\IdePort3                                                                                                84E591F8

Device          \Driver\atapi \Device\Ide\IdePort3                                                                                                sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device          \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-3                                                                                       84E591F8

Device          \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-3                                                                                       sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device          \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-6                                                                                       84E591F8

Device          \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-6                                                                                       sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device          \Driver\volmgr \Device\HarddiskVolume3                                                                                            844C71F8

Device          \Driver\cdrom \Device\CdRom1                                                                                                      85E06500

Device          \Driver\volmgr \Device\HarddiskVolume4                                                                                            844C71F8

Device          \Driver\volmgr \Device\HarddiskVolume5                                                                                            844C71F8

Device          \Driver\USBSTOR \Device\00000068                                                                                                  85F031F8

Device          \Driver\USBSTOR \Device\00000068                                                                                                  sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device          \Driver\volmgr \Device\HarddiskVolume6                                                                                            844C71F8

Device          \Driver\USBSTOR \Device\00000069                                                                                                  85F031F8

Device          \Driver\USBSTOR \Device\00000069                                                                                                  sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device          \Driver\netbt \Device\NetBt_Wins_Export                                                                                           869BA1F8

Device          \Driver\Smb \Device\NetbiosSmb                                                                                                    86A861F8

Device          \Driver\netbt \Device\NetBT_Tcpip_{68B68306-FE2F-4B37-BC10-4ABC839E99FD}                                                          869BA1F8

Device          \Driver\iScsiPrt \Device\RaidPort0                                                                                                85F5E1F8

Device          \Driver\usbohci \Device\USBFDO-0                                                                                                  85E0D1F8

Device          \Driver\USBSTOR \Device\0000006c                                                                                                  85F031F8

Device          \Driver\USBSTOR \Device\0000006c                                                                                                  sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device          \Driver\USBSTOR \Device\0000006d                                                                                                  85F031F8

Device          \Driver\USBSTOR \Device\0000006d                                                                                                  sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device          \Driver\usbohci \Device\USBFDO-1                                                                                                  85E0D1F8

Device          \Driver\usbohci \Device\USBFDO-2                                                                                                  85E0D1F8

Device          \Driver\usbohci \Device\USBFDO-3                                                                                                  85E0D1F8

Device          \Driver\usbohci \Device\USBFDO-4                                                                                                  85E0D1F8

Device          \Driver\usbehci \Device\USBFDO-5                                                                                                  85DE81F8

Device          \Driver\alvdiw0b \Device\Scsi\alvdiw0b1                                                                                           85F531F8

Device          \Driver\alvdiw0b \Device\Scsi\alvdiw0b1                                                                                           sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device          \Driver\alvdiw0b \Device\Scsi\alvdiw0b1Port5Path0Target0Lun0                                                                      85F531F8

Device          \Driver\alvdiw0b \Device\Scsi\alvdiw0b1Port5Path0Target0Lun0                                                                      sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device          \FileSystem\fastfat \Fat                                                                                                          86D44500
 

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                          fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
 

Device          \FileSystem\cdfs \Cdfs                                                                                                            85E881F8
 

---- Registry - GMER 1.0.15 ----
 

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                                771343423

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                                285507792

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                                2

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                                  

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                               0

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                            0xC9 0xEC 0x0A 0x2D ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                               C:\Program Files\Alcohol Soft\Alcohol 120\

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001                                         

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                                   0xF9 0xA7 0x70 0x12 ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40                                  

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                            0xEE 0xA5 0x84 0x6C ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                  

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                               D:\DAEMON Tools Lite\

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                               1

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                            0xE5 0x96 0xCF 0xD5 ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                         

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                      0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                   0x68 0x4B 0xD6 0x47 ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                    

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                              0x65 0xD4 0x37 0x8B ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                              

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                                   0

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                                0xC9 0xEC 0x0A 0x2D ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                                   C:\Program Files\Alcohol Soft\Alcohol 120\

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)                     

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                                       0xF9 0xA7 0x70 0x12 ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)              

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                                0xEE 0xA5 0x84 0x6C ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                              

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                   D:\DAEMON Tools Lite\

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                   1

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                0xE5 0x96 0xCF 0xD5 ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                     

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                          0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                       0x68 0x4B 0xD6 0x47 ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                  0x65 0xD4 0x37 0x8B ...

Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E897DF62-4ADE-08CB-C801-BCB81C0CEA07}                   

Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E897DF62-4ADE-08CB-C801-BCB81C0CEA07}@hapjlkfbdnghfncc  0x6B 0x61 0x62 0x67 ...
 

---- EOF - GMER 1.0.15 ----

--- --- ---

Eine Defogger.exe wurde nicht auf meinem Desktop erstellt und auch nach einem Suchdurchlauf konnte ich keine finden. Soll ich versuchen sie aus dem Internet zu downloaden? Das habe ich nicht getan, da ich zuerst deine Antwort von dir abwarten wollte.

Nungut, zu den weiteren Problemen:

Seit einiger Zeit kann ich Firefox nur noch eingeschränkt nutzen und muss den Internet Explorer verwenden um ins Internet zu gelangen. Wenn ich Firefox öffne ist zuerst alles normal jedoch, wenn ich es nur für eine kurze Zeit nicht nutze reagiert es nicht mehr, "keine Rückmeldung" wird oben angezeigt und das Programm funktioniert schlichtweg einfach nichtmehr, sodass ich es abbrechen muss.

Von Zeit zu Zeit erhalte ich eine Fehlermeldung sobald der Rechner neu gestartet ist, dass ich mich im Offlinemodus befinde und habe die Wahl zwischen "Erneut versuchen" und "Abbrechen", wobei bei "Abbrechen" diese Meldung erneut angezeigt wird.

Desweiteren erscheint neuerdings "Einige Autostartprogramme wurden geblockt. Programme, die eine Berechtigung zum Ausführen beim Windows-Start erfordern, werden von Windows geblockt. Klicken Sie hier, um die geblockten Programme anzuzeigen.".

Neu ist eine Problemmeldung (ebenfalls nach dem Hochfahren) "[Java Skript-Anwendung] Reference Error:bbyln is not defined".

Teilweise funktioniert meine Internetverbindung nicht und es wird mir angegeben "Internet nur local" jedoch glaube ich, dass dies ein Problem ist, dass von meinem Router kommt. Ich wollte es nur erwähnt haben.

Eine Zeit lang konnte ich auch den Windows Explorer nicht verwenden, mir wurde angegeben, dass er von Windows selbst geblockt wird. Auch mein Windows Mediaplayer ist eine Zeit lang abgestürzt. Diese beiden Probleme tauchen allerdings mitlerweile nicht mehr auf.

Ich hoffe ich habe dir nicht die Hoffnung genommen und lese bald wieder von dir! :crazy:

Gruß
Shinichi

Hallo Shinichi,

Schritt # 1: Beantwortung deiner Fragen

Zitat:

Eine Defogger.exe wurde nicht auf meinem Desktop erstellt und auch nach einem Suchdurchlauf konnte ich keine finden. Soll ich versuchen sie aus dem Internet zu downloaden?

Darum kümmern wir uns jetzt dann gleich im Anschluss.

Zitat:

Seit einiger Zeit kann ich Firefox nur noch eingeschränkt nutzen und muss den Internet Explorer verwenden um ins Internet zu gelangen. Wenn ich Firefox öffne ist zuerst alles normal jedoch, wenn ich es nur für eine kurze Zeit nicht nutze reagiert es nicht mehr, "keine Rückmeldung" wird oben angezeigt und das Programm funktioniert schlichtweg einfach nichtmehr, sodass ich es abbrechen muss.

Diese Probleme hast du NUR mit Firefox? Mit dem IE läuft alles so wie es soll?

Zitat:

Desweiteren erscheint neuerdings "Einige Autostartprogramme wurden geblockt. Programme, die eine Berechtigung zum Ausführen beim Windows-Start erfordern, werden von Windows geblockt. Klicken Sie hier, um die geblockten Programme anzuzeigen.".

Hast du dir mal angesehen, um welche Programme es sich dabei handelt?
Bei der nächsten derartigen Meldung klicke bitte auf das Symbol Geblockte Autostartprogramme und lass dir diese Programme anzeigen.

Zitat:

Neu ist eine Problemmeldung (ebenfalls nach dem Hochfahren) "[Java Skript-Anwendung] Reference Error:bbyln is not defined".

Diese Fehlermeldung erscheint aufgrund von Überresten in einer Firefox Toolbar. Darum kümmern wir uns noch.

Zitat:

Ich hoffe ich habe dir nicht die Hoffnung genommen...

Nein, hast du nicht. :)

Schritt # 2: Registry Cleaner
Ich sehe, dass Du sogenannte Registry Cleaner am System hast.
In deinem Fall Uniblue RegistryBooster 2010.

Wir empfehlen auf keinen Fall jegliche Art von Registry Cleaner.

Der Grund ist ganz einfach:

Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich.
Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr booted.

Wie soll der Cleaner zu 100% wissen ob der Eintrag benötigt wird oder nicht ?
Es ist vollkommen egal ob ein paar verwaiste Registry Einträge am System sind oder nicht.
Auch die dauernd angepriesene Beschleunigung des Systems ist nur bedingt wahr. Du würdest es nicht merken.

Ein sogenanntes False Positive von einem Cleaner kann auch dein System unbootbar machen.
Zerstörst Du die Registry, zerstörst Du Windows.

Ich empfehle Dir hiermit die oben genannte Software zu deinstallieren und in Zukunft auf solche Art von Software zu verzichten.

Schritt # 3: Deinstallation von Programmen
Du hast Software auf deinem Rechner, welche unerlaubt Änderungen am System vornehmen und zudem keinen sinnvollen Zwecke erfüllen. Ich bitte dich, diese unbedingt zu deinstallieren.

Folge folgendem Pfad: Start -> Systemsteuerung -> Programme deinstallieren
Suche in der Liste Software mit dem folgenden Namen
- Conduit Engine
- DigitalPowered Toolbar
und deinstalliere das Programm.
Solltest du am Ende der Deinstallation zu einem Neustart aufgefordert werden, so führe diesen durch.

Schritt # 4: Kontrolle mit VirusTotal
Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.

Klicke auf Durchsuchen
Kopiere nun folgendes in die Suchleiste.

Code:

C:\Windows\System32\ClearEvent.exe
und klicke auf Öffnen.
Klicke auf Send File.

Warte bitte bis die Datei vollständig hochgeladen wurde. Solltest Du folgende Meldung bekommen

Zitat:

File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:

klicke auf Reanalyse.
Warte bis unter Current status: Finished steht.

Kopiere den Link aus deiner Adresszeile und poste ihn hier.

Wiederhole die selben Schritte mit folgenden Dateien.

Code:

C:\Windows\jautoexp.dat

Schritt # 5: Benutzerdefinierter Scan mit OTL
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die http://larusso.trojaner-board.de/Images/otlfix.jpg Textbox.

Code:

netsvcs

msconfig

%SYSTEMDRIVE%\*.

%PROGRAMFILES%\*.exe

%PROGRAMFILES%\*.

%LOCALAPPDATA%\*.exe

%systemroot%\*. /mp /s

C:\Users\Melissa\AppData\Roaming\Xois /S

C:\Users\Melissa\AppData\Roaming\Iwnevo /S

/md5start

explorer.exe 

winlogon.exe

wininit.exe

userinit.exe

/md5stop

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

CREATERESTOREPOINT

Schließe bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Schritt # 6: Stoppen von Treibern mit Defogger
Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.

Starte das Tool mit Doppelklick.
Vista User: Bitte mit Rechtsklick "als Administrator starten".
Klicke nun auf den Disable Button um die Treiber gewisser Emulatoren zu deaktivieren.
Wenn der Scan beendet wurde ( Finished ), klicke auf OK.
Defogger fordert nun zum Neustart auf. Bestätige dies mit OK.
DeFogger erstellt nun ein Logfile auf dem Desktop (defogger_disable).

Poste bitte den Inhalt der Logfile in Deiner nächsten Antwort.
Wenn wir die Bereinigung beendet haben, starte bitte defogger erneut und klicke den Re-enable Button.

Schritt # 7: GMER Rootkitscan
Bitte

alle anderen Scanner gegen Viren, Spyware, usw. deaktivieren,
keine bestehende Verbindung zu einem Netzwerk/Internet (WLAN nicht vergessen),
nichts am Rechner arbeiten,
nach jedem Scan den Rechner neu starten.

Gmer scannen lassen

Alle anderen Programme sollen geschlossen sein.
Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
Vista und Win7 User mit Rechtsklick und als Administrator starten.
Sollte sich ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?
Unbedingt auf "No" klicken.
Entferne rechts den Haken bei:
- IAT/EAT
- Alle Festplatten ausser die Systemplatte (normalerweise ist nur C:\ angehackt)
- Show all (sollte abgehackt sein)
Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Schritt # 8: Fragen beantworten
Bitte beantworte uns folgende Fragen:

Worum handelt es sich bei dieser Datei?

Code:

C:\Users\Melissa\Documents\Megavideo.com - 2828C2AF60C2BB..C2AB5BNeverAlone5DC2BB..C2ABC2B4C2AF2929.flv
Du hast diese Datei von Megavideo. Zu welchem Zweck?
Wirst du beim Suchen mit dem IE oder mit Firefox über Google auf unerwünschte Seiten umgeleitet?

Schritt # 9: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort

eine Rückmeldung über die Deinstallation der genannten Programme,
die beiden Links zu den Ergebnissen von VirusTotal,
das neue Logfile von OTL (OTL.txt) und
die Beantwortung der gestellten Fragen.

Hallo M-K-D-B,

das genannte Problem ist jediglich bei Firefox vorhanden und tritt nicht bei meinem Internet Exproler auf.

Wenn ich mir die geblockten, bzw. das gelockte Programm ansehe, wird mir angezeigt, dass es sich hierbei um Malwarebytes' Anti-Malwarehandelt.

Die genannten Programme habe ich ohne Probleme löschen können, ich habe diese wohl unbewusst installieren lassen, wenn ich davon ausgehe, dass sie mir bei den Firefox Updates angegeben wurden. Ich werde demnächst mehr darauf achtgeben.

Bei der Datei von Megavideo handelt es sich um einen Teil eines Videos, welches ich wohl mal bei dem Versuch etwas anzusehen gedownloadet habe, soll ich es einfach löschen? Es treten keine der genannten Probleme auf, wenn ich es ausführe.

Hier die gwünschten Links:

Zitat:

hxxp://www.virustotal.com/file-scan/report.html?id=3278d7329ac8ca6d1b0df8f2dd4c6d74de4395c6d77a77e236d7efb78be20eb2-1303232294

hxxp://www.virustotal.com/file-scan/report.html?id=9d064cdabd47fd34d726d2e115e1f4c78706a8da7c09cf3ba6374c5f7b5922c1-1303232432

OTL Logfile:

Code:

OTL logfile created on: 19.04.2011 19:23:44 - Run 2

OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Melissa\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 50,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 70,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 144,29 Gb Total Space | 51,00 Gb Free Space | 35,35% Space Free | Partition Type: NTFS

Drive D: | 144,04 Gb Total Space | 142,65 Gb Free Space | 99,04% Space Free | Partition Type: NTFS

Drive G: | 298,01 Gb Total Space | 126,61 Gb Free Space | 42,49% Space Free | Partition Type: FAT32

Drive J: | 931,28 Gb Total Space | 43,52 Gb Free Space | 4,67% Space Free | Partition Type: FAT32

 

Computer Name: ASSIGAMMELKEKS | User Name: Melissa | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Melissa\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)

PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

PRC - C:\Programme\Replay Media Catcher\FLVSrvc.exe (Applian Technologies, Inc.)

PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)

PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)

PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - D:\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)

PRC - C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)

PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)

PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)

PRC - C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)

PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()

PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe (Deutsche Telekom AG)

PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\profilemgr.exe (Deutsche Telekom AG)

PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe (Deutsche Telekom AG)

PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()

PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)

PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)

PRC - C:\Programme\Common Files\Marmiko Shared\MWLaMaS.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)

PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)

PRC - C:\Programme\T-Online\T-Online_Software_6\Notifier\Notifier.exe (fun communications GmbH, hxxp://www.fun.de)

PRC - C:\Programme\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00\WlanCU.exe ()

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Users\Melissa\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (AdobeActiveFileMonitor7.0) -- D:\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)

SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)

SRV - (Acer HomeMedia Connect Service) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()

SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()

SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)

SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)

DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))

DRV - (hcw95rc) -- C:\Windows\System32\drivers\hcw95rc.sys (Hauppauge Computer Works, Inc.)

DRV - (hcw95bda) -- C:\Windows\System32\drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.)

DRV - (zntport) -- C:\Windows\System32\drivers\zntport.sys (Zeal SoftStudio)

DRV - (tvicport) -- C:\Windows\System32\drivers\TVicPort.sys (EnTech Taiwan)

DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)

DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)

DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )

DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology (StarForce))

DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()

DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)

DRV - (MTOnlPktAlyX) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)

DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology)

DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))

DRV - (SIS163u) -- C:\Windows\System32\drivers\SiS163u.sys (SiS Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=1008&m=aspire_l5100

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=1008&m=aspire_l5100

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=1008&m=aspire_l5100

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultthis.engineName: "Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316"

FF - prefs.js..browser.search.selectedEngine: "Search"

FF - prefs.js..browser.startup.homepage: "google.de"

FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2

FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0

FF - prefs.js..extensions.enabledItems: radiobar@toolbar:1.0.0

FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.2

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655

FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2

FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.2.5.2

FF - prefs.js..extensions.enabledItems: {ecdee021-0d17-467f-a1ff-c7a115230949}:2.7.2.0

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0

FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4

FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3

FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=98cfdf4f00000000000000ff982a88c7&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17395&q="

 

 

FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\2.bin

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.12 18:27:39 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.24 10:54:47 | 000,000,000 | ---D | M]

 

[2009.01.19 23:00:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melissa\AppData\Roaming\mozilla\Extensions

[2011.04.18 23:00:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions

[2010.07.09 10:27:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.03.14 11:54:26 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2010.10.04 10:31:37 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}

[2010.10.26 15:04:48 | 000,000,000 | ---D | M] (DigitalPowered Toolbar) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{b317125e-2f10-4388-bf1f-2c31c6cd89ed}

[2011.03.30 18:22:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{b317125e-2f10-4388-bf1f-2c31c6cd89ed}-trash

[2011.01.25 12:30:40 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2011.01.19 14:45:37 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}

[2010.10.04 10:31:38 | 000,000,000 | ---D | M] (free-downloads.net Toolbar) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}

[2011.01.25 12:30:48 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\engine@conduit.com

[2011.03.29 14:50:56 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com

[2010.03.28 22:07:49 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\illimitux@illimitux.net

[2010.01.30 16:48:09 | 000,000,000 | ---D | M] (RadioBar Toolbar) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\radiobar@toolbar

[2010.02.07 02:10:02 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\searchrecs@veoh.com

[2011.01.25 12:30:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\staged-xpis

[2010.08.09 11:29:22 | 000,000,873 | ---- | M] () -- C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\ne30dex4.default\searchplugins\conduit.xml

[2011.04.06 22:52:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2010.02.16 21:00:29 | 000,000,000 | ---D | M] (VMLoad) -- C:\Programme\Mozilla Firefox\extensions\{464F169E-ACE1-4C5F-A778-A433A3DABBAE}

[2009.08.15 23:40:15 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

[2009.12.06 21:44:35 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD\FIREFOX\EXT

[2009.01.20 12:30:15 | 000,000,000 | ---D | M] (Veoh Web Player Video Finder) -- C:\PROGRAM FILES\VEOH NETWORKS\VEOHWEBPLAYER\FFVIDEOFINDER

[2008.09.04 02:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npbittorrent.dll

[2010.05.25 18:09:48 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll

[2011.03.06 00:27:43 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2011.03.06 00:27:43 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2011.03.06 00:27:43 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2011.03.06 00:27:43 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2011.03.06 00:27:43 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (VMLoadHBO Class) - {C17C7688-31D1-46D7-8C9B-5D253E4F5D5E} - C:\Users\Melissa\AppData\Roaming\VMLoad\addin\VMLoad.dll (TODO: <Company name>)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Programme\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O4 - HKLM..\Run: [Acer Tour Reminder]  File not found

O4 - HKLM..\Run: [Apanel]  File not found

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [Ask and Record FLV Service] C:\Program Files\Replay Media Catcher\FLVSrvc.exe (Applian Technologies, Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)

O4 - HKLM..\Run: [eRecoveryService]  File not found

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [PCMMediaSharing] C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [StartCCC] c:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()

O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)

O4 - HKCU..\Run: [chknelog]  File not found

O4 - HKCU..\Run: [cxlacuxatx.exe]  File not found

O4 - HKCU..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)

O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Secret City - {D401C3A2-12EF-4D1D-A086-F3AB10B565BF} -  File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O12 - Plugin for: .spop -  File not found

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)

O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)

O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)

O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Melissa\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\Melissa\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2006.11.03 12:58:30 | 000,000,038 | -H-- | M] () - G:\AUTORUN.FCB -- [ FAT32 ]

O32 - AutoRun File - [2009.08.10 15:40:34 | 000,000,103 | ---- | M] () - J:\autorun.inf -- [ FAT32 ]

O33 - MountPoints2\{26f0f3d0-e677-11dd-b932-0040f4b7a179}\Shell - "" = AutoRun

O33 - MountPoints2\{26f0f3d0-e677-11dd-b932-0040f4b7a179}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\DVR/AutoRun.exe start.exe

O33 - MountPoints2\{2736ac1d-cde0-11de-9b03-0040f4b7a179}\Shell - "" = AutoRun

O33 - MountPoints2\{2736ac1d-cde0-11de-9b03-0040f4b7a179}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\DVR/AutoRun.exe start.exe

O33 - MountPoints2\{5560534d-38b7-11de-87b8-0040f4b7a179}\Shell - "" = AutoRun

O33 - MountPoints2\{5560534d-38b7-11de-87b8-0040f4b7a179}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL H:\DVR/AutoRun.exe start.exe

O33 - MountPoints2\{b06dce6f-5cdc-11de-919f-0040f4b7a179}\Shell - "" = AutoRun

O33 - MountPoints2\{b06dce6f-5cdc-11de-919f-0040f4b7a179}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL I:\DVR/AutoRun.exe start.exe

O33 - MountPoints2\{cd3199c9-e665-11dd-9066-001fe23aea48}\Shell\AutoRun\command - "" = G:\setupSNK.exe

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias -  File not found

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk -  - File not found

MsConfig - StartUpFolder: C:^Users^Melissa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk - C:\Programme\OpenOffice.org 3\program\quickstart.exe - ()

MsConfig - StartUpReg: Acer Empowering Technology Monitor - hkey= - key= - C:\Acer\Empowering Technology\SysMonitor.exe ()

MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: AlcoholAutomount - hkey= - key= - C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)

MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - D:\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)

MsConfig - StartUpReg: InfoCockpit - hkey= - key= - C:\Program Files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE (Deutsche Telekom AG, T-Com)

MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

MsConfig - StartUpReg: mcagent_exe - hkey= - key= -  File not found

MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

MsConfig - StartUpReg: TkBellExe - hkey= - key= - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)

MsConfig - StartUpReg: VeohPlugin - hkey= - key= - C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)

MsConfig - StartUpReg: Windows Defender - hkey= - key= -  File not found

MsConfig - State: "startup" - 2

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.04.17 21:57:10 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2011.04.17 21:55:23 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT

[2011.04.17 21:55:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

[2011.04.17 21:30:47 | 000,791,393 | ---- | C] (Lars Hederer                                                ) -- C:\Users\Melissa\Desktop\Erunt-setup.exe

[2011.04.17 21:30:47 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Melissa\Desktop\TFC.exe

[2011.04.17 20:51:30 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Melissa\Desktop\OTL.exe

[2011.04.15 15:11:24 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Roaming\Malwarebytes

[2011.04.15 15:11:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011.04.15 15:11:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.04.15 15:11:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.04.15 15:11:13 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011.04.15 15:11:13 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2011.04.13 12:51:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler

[2011.04.13 12:51:30 | 000,000,000 | ---D | C] -- C:\Programme\Defraggler

[2011.04.13 12:36:09 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2011.04.02 12:27:47 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Roaming\Xois

[2011.04.02 12:27:47 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Roaming\Iwnevo

[2009.01.19 22:11:52 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe

[2008.09.30 06:55:45 | 000,049,152 | ---- | C] ( ) -- C:\Windows\INTEROP.IWSHRUNTIMELIBRARY.DLL

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.04.19 19:14:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011.04.19 19:14:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011.04.19 18:52:55 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011.04.19 18:52:54 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011.04.19 18:52:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.04.19 18:52:25 | 1878,515,712 | -HS- | M] () -- C:\hiberfil.sys

[2011.04.19 18:49:41 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE

[2011.04.18 22:19:25 | 000,040,005 | ---- | M] () -- C:\Users\Melissa\Desktop\Malvada.odt

[2011.04.18 21:24:54 | 000,674,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2011.04.18 21:24:54 | 000,634,202 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011.04.18 21:24:54 | 000,146,028 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2011.04.18 21:24:54 | 000,119,766 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011.04.18 15:52:08 | 000,244,736 | ---- | M] () -- C:\Users\Melissa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.04.17 21:55:23 | 000,000,737 | ---- | M] () -- C:\Users\Melissa\Desktop\NTREGOPT.lnk

[2011.04.17 21:55:23 | 000,000,718 | ---- | M] () -- C:\Users\Melissa\Desktop\ERUNT.lnk

[2011.04.17 21:39:24 | 000,301,568 | ---- | M] () -- C:\Users\Melissa\Desktop\g2m3e4r.exe

[2011.04.17 21:39:23 | 000,791,393 | ---- | M] (Lars Hederer                                                ) -- C:\Users\Melissa\Desktop\Erunt-setup.exe

[2011.04.17 21:39:18 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Melissa\Desktop\TFC.exe

[2011.04.17 21:39:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Melissa\Desktop\OTL.exe

[2011.04.17 21:28:35 | 000,377,280 | ---- | M] () -- C:\Users\Melissa\Desktop\Load.exe

[2011.04.17 10:17:49 | 000,000,456 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job

[2011.04.16 11:30:08 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat

[2011.04.16 11:30:08 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat

[2011.04.16 11:30:00 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf

[2011.04.15 15:11:18 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.04.15 03:30:24 | 000,328,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011.04.13 12:51:32 | 000,001,706 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk

[2011.04.11 20:43:57 | 092,643,550 | ---- | M] () -- C:\Users\Melissa\Documents\Megavideo.com - 2828C2AF60C2BB..C2AB5BNeverAlone5DC2BB..C2ABC2B4C2AF2929.flv

[2011.04.06 22:35:33 | 000,000,054 | ---- | M] () -- C:\Windows\mpsettings.ini

 
 ========== Files Created - No Company Name ==========

 

[2011.04.19 18:49:40 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE

[2011.04.18 21:23:54 | 000,040,005 | ---- | C] () -- C:\Users\Melissa\Desktop\Malvada.odt

[2011.04.17 21:55:23 | 000,000,737 | ---- | C] () -- C:\Users\Melissa\Desktop\NTREGOPT.lnk

[2011.04.17 21:55:23 | 000,000,718 | ---- | C] () -- C:\Users\Melissa\Desktop\ERUNT.lnk

[2011.04.17 21:30:47 | 000,301,568 | ---- | C] () -- C:\Users\Melissa\Desktop\g2m3e4r.exe

[2011.04.17 21:28:35 | 000,377,280 | ---- | C] () -- C:\Users\Melissa\Desktop\Load.exe

[2011.04.16 11:30:00 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf

[2011.04.15 15:11:18 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.04.13 12:51:32 | 000,001,706 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk

[2011.04.11 20:43:58 | 092,643,550 | ---- | C] () -- C:\Users\Melissa\Documents\Megavideo.com - 2828C2AF60C2BB..C2AB5BNeverAlone5DC2BB..C2ABC2B4C2AF2929.flv

[2011.04.06 22:35:33 | 000,000,054 | ---- | C] () -- C:\Windows\mpsettings.ini

[2010.08.13 11:30:19 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI

[2010.06.22 15:21:30 | 000,000,000 | ---- | C] () -- C:\Users\Melissa\AppData\Roaming\chrtmp

[2010.06.14 19:12:53 | 000,000,130 | ---- | C] () -- C:\Windows\System32\rpireica.bin

[2009.11.12 20:27:13 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2009.11.12 20:27:13 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2009.11.12 20:27:08 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2009.11.12 20:27:07 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2009.11.12 20:27:06 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2009.11.09 19:19:44 | 000,000,000 | ---- | C] () -- C:\Windows\System32\swunilog.ini

[2009.11.04 23:47:55 | 000,237,568 | ---- | C] () -- C:\Windows\System32\rmc_rtspdl.dll

[2009.09.24 06:17:18 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009.09.24 06:17:17 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009.09.02 06:57:23 | 000,007,268 | ---- | C] () -- C:\Users\Melissa\AppData\Local\d3d9caps.dat

[2009.07.02 13:51:39 | 000,006,550 | ---- | C] () -- C:\Windows\jautoexp.dat

[2009.02.10 19:22:57 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib

[2009.01.28 20:46:28 | 000,000,096 | ---- | C] () -- C:\Users\Melissa\AppData\Roaming\wklnhst.dat

[2009.01.20 13:05:11 | 000,000,399 | ---- | C] () -- C:\Windows\vtplus32.ini

[2009.01.20 13:05:01 | 000,149,504 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE

[2009.01.20 13:04:31 | 000,032,295 | ---- | C] () -- C:\Windows\Irremote.ini

[2009.01.20 13:04:21 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dmcrypto.dll

[2009.01.20 13:03:53 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI

[2009.01.20 13:03:53 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI

[2009.01.20 13:03:51 | 000,163,840 | ---- | C] () -- C:\Windows\System32\hcwChDB.dll

[2009.01.20 13:02:53 | 000,006,315 | ---- | C] () -- C:\Windows\HCWPNP.INI

[2009.01.20 00:02:56 | 000,244,736 | ---- | C] () -- C:\Users\Melissa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.01.19 23:11:52 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2009.01.19 22:39:59 | 000,000,095 | ---- | C] () -- C:\Users\Melissa\AppData\Local\fusioncache.dat

[2009.01.19 22:11:52 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe

[2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll

[2008.11.06 18:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll

[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll

[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll

[2008.10.06 06:48:51 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini

[2008.10.06 06:48:51 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini

[2008.01.21 09:15:58 | 000,674,344 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2008.01.21 09:15:58 | 000,146,028 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2007.04.11 19:30:48 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll

[2007.04.11 17:09:20 | 000,000,734 | ---- | C] () -- C:\Windows\generic.ini

[2007.04.11 17:09:20 | 000,000,125 | ---- | C] () -- C:\Windows\Alaunch.ini

[2007.04.11 17:07:33 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat

[2007.04.11 17:07:33 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2007.04.11 17:07:32 | 000,144,773 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2007.04.11 09:20:03 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys

[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 14:47:37 | 000,328,032 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006.11.02 12:33:01 | 000,634,202 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006.11.02 12:33:01 | 000,119,766 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2005.01.06 15:04:00 | 000,049,152 | ---- | C] () -- C:\Windows\System32\unwlsdrv.exe

[2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll

[2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll

[2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll

[2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

[1997.06.14 13:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

 
 ========== LOP Check ==========

 

[2007.04.11 08:32:30 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Acer GameZone Console

[2011.04.11 21:09:32 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Any Video Converter

[2009.11.13 18:01:01 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Blitware

[2009.01.29 23:08:16 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Canneverbe_Limited

[2011.03.13 18:28:27 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\CD Art Display

[2009.06.30 18:35:13 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\DAEMON Tools Lite

[2009.11.05 23:11:46 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\InterTrust

[2011.04.13 11:25:24 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Iwnevo

[2010.09.24 00:16:01 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Leadertech

[2010.05.20 00:30:37 | 000,000,000 | -HSD | M] -- C:\Users\Melissa\AppData\Roaming\lowsec

[2009.04.25 11:37:51 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\OpenOffice.org

[2009.01.19 22:37:18 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\T-Online

[2009.03.04 20:54:32 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Template

[2009.11.13 18:08:33 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Uniblue

[2010.11.05 14:59:03 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\uTorrent

[2011.04.06 22:58:40 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\VMLoad

[2010.10.29 10:35:47 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\WindSolutions

[2011.04.07 21:04:14 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Xois

[2011.04.17 10:17:49 | 000,000,456 | ---- | M] () -- C:\Windows\Tasks\Driver Robot.job

[2011.04.19 18:51:09 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %SYSTEMDRIVE%\*. >

[2009.03.12 11:45:19 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN

[2009.06.11 05:14:37 | 000,000,000 | ---D | M] -- C:\Acer

[2009.01.19 22:13:37 | 000,000,000 | ---D | M] -- C:\AcerSW

[2007.04.11 17:09:19 | 000,000,000 | ---D | M] -- C:\Book

[2009.11.10 21:12:29 | 000,000,000 | -HSD | M] -- C:\Boot

[2006.11.02 15:02:03 | 000,000,000 | -HSD | M] -- C:\Documents and Settings

[2009.01.19 22:06:56 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen

[2011.03.01 20:58:07 | 000,000,000 | ---D | M] -- C:\Downloads

[2007.04.11 17:09:19 | 000,000,000 | ---D | M] -- C:\DRV

[2011.03.20 23:13:44 | 000,000,000 | ---D | M] -- C:\DVDVideoSoft

[2009.06.20 13:57:42 | 000,000,000 | ---D | M] -- C:\FPC

[2011.04.06 22:47:18 | 000,000,000 | ---D | M] -- C:\Hotspot Shield

[2009.04.19 12:12:49 | 000,000,000 | ---D | M] -- C:\L10SAVES

[2009.01.20 19:55:41 | 000,000,000 | ---D | M] -- C:\MyVideos

[2008.01.21 04:32:31 | 000,000,000 | ---D | M] -- C:\PerfLogs

[2011.04.19 18:52:24 | 000,000,000 | R--D | M] -- C:\Programme

[2011.04.15 18:09:39 | 000,000,000 | -H-D | M] -- C:\ProgramData

[2009.01.19 22:06:56 | 000,000,000 | -HSD | M] -- C:\Programme

[2011.04.19 19:25:07 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2009.11.10 20:15:06 | 000,000,000 | ---D | M] -- C:\temp

[2011.04.13 13:08:49 | 000,000,000 | R--D | M] -- C:\Users

[2011.04.19 18:49:40 | 000,000,000 | ---D | M] -- C:\Windows

 
 < %PROGRAMFILES%\*.exe >

 
 < %PROGRAMFILES%\*. >

[2009.11.05 23:29:48 | 000,000,000 | ---D | M] -- C:\Programme\802.11 Wireless LAN

[2007.04.11 08:55:19 | 000,000,000 | ---D | M] -- C:\Programme\Acer Arcade Live

[2011.04.06 23:01:43 | 000,000,000 | ---D | M] -- C:\Programme\Acer GameZone

[2008.10.06 06:48:50 | 000,000,000 | ---D | M] -- C:\Programme\Acer Incorporated

[2007.04.11 09:03:35 | 000,000,000 | ---D | M] -- C:\Programme\Activation Assistant for the 2007 Microsoft Office suites

[2010.11.30 15:00:09 | 000,000,000 | ---D | M] -- C:\Programme\Activision

[2011.03.02 18:02:07 | 000,000,000 | ---D | M] -- C:\Programme\Adobe

[2009.04.03 17:01:27 | 000,000,000 | ---D | M] -- C:\Programme\Adobe Media Player

[2009.08.15 11:23:35 | 000,000,000 | ---D | M] -- C:\Programme\AGEIA Technologies

[2009.03.16 16:01:10 | 000,000,000 | ---D | M] -- C:\Programme\Alcohol Soft

[2009.02.10 19:29:03 | 000,000,000 | ---D | M] -- C:\Programme\Altova

[2009.01.20 00:28:26 | 000,000,000 | ---D | M] -- C:\Programme\Any Video Converter

[2010.10.29 12:09:04 | 000,000,000 | ---D | M] -- C:\Programme\Apple Software Update

[2010.05.21 16:39:32 | 000,000,000 | ---D | M] -- C:\Programme\ArcSoft

[2007.04.11 08:26:39 | 000,000,000 | ---D | M] -- C:\Programme\ATI

[2007.04.11 08:28:28 | 000,000,000 | ---D | M] -- C:\Programme\ATI Technologies

[2010.02.04 11:31:00 | 000,000,000 | ---D | M] -- C:\Programme\Avira

[2010.09.29 12:44:40 | 000,000,000 | ---D | M] -- C:\Programme\AVS4YOU

[2009.08.12 21:52:51 | 000,000,000 | ---D | M] -- C:\Programme\Baphomets Fluch II

[2009.05.02 20:48:50 | 000,000,000 | ---D | M] -- C:\Programme\BearShare Applications

[2011.04.06 22:40:26 | 000,000,000 | ---D | M] -- C:\Programme\BitTorrent

[2010.10.29 12:05:32 | 000,000,000 | ---D | M] -- C:\Programme\Bonjour

[2011.04.13 12:42:18 | 000,000,000 | ---D | M] -- C:\Programme\Common Files

[2009.02.20 20:04:41 | 000,000,000 | ---D | M] -- C:\Programme\coolspot AG

[2011.04.12 18:24:19 | 000,000,000 | ---D | M] -- C:\Programme\Counter-Strike 1.6 V40

[2007.04.11 08:49:57 | 000,000,000 | ---D | M] -- C:\Programme\CyberLink

[2009.06.29 22:29:01 | 000,000,000 | ---D | M] -- C:\Programme\DAEMON Tools Toolbar

[2011.04.13 12:51:32 | 000,000,000 | ---D | M] -- C:\Programme\Defraggler

[2007.04.11 09:33:20 | 000,000,000 | ---D | M] -- C:\Programme\DIFX

[2011.04.12 18:25:40 | 000,000,000 | ---D | M] -- C:\Programme\DivX

[2009.06.07 12:58:42 | 000,000,000 | ---D | M] -- C:\Programme\DNA

[2011.04.12 18:37:39 | 000,000,000 | ---D | M] -- C:\Programme\DVDVideoSoft

[2011.04.12 18:33:02 | 000,000,000 | ---D | M] -- C:\Programme\EA GAMES

[2009.02.10 19:22:07 | 000,000,000 | ---D | M] -- C:\Programme\Elaborate Bytes

[2011.03.15 00:37:58 | 000,000,000 | ---D | M] -- C:\Programme\Enterbrain

[2011.04.17 21:55:34 | 000,000,000 | ---D | M] -- C:\Programme\ERUNT

[2007.04.11 09:28:48 | 000,000,000 | ---D | M] -- C:\Programme\eSobi

[2009.01.19 22:06:56 | 000,000,000 | -HSD | M] -- C:\Programme\Gemeinsame Dateien

[2011.04.13 12:41:21 | 000,000,000 | ---D | M] -- C:\Programme\Google

[2010.05.10 19:23:25 | 000,000,000 | ---D | M] -- C:\Programme\id Software

[2011.04.06 23:15:34 | 000,000,000 | -H-D | M] -- C:\Programme\InstallShield Installation Information

[2011.04.17 10:18:51 | 000,000,000 | ---D | M] -- C:\Programme\Internet Explorer

[2010.10.29 15:52:02 | 000,000,000 | ---D | M] -- C:\Programme\iPod

[2010.10.29 15:53:41 | 000,000,000 | ---D | M] -- C:\Programme\iTunes

[2009.08.15 23:39:20 | 000,000,000 | ---D | M] -- C:\Programme\Java

[2009.11.12 20:27:49 | 000,000,000 | ---D | M] -- C:\Programme\K-Lite Codec Pack

[2011.04.15 15:11:19 | 000,000,000 | ---D | M] -- C:\Programme\Malwarebytes' Anti-Malware

[2009.04.13 18:10:27 | 000,000,000 | ---D | M] -- C:\Programme\Maxis

[2011.04.13 12:06:14 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft

[2010.01.07 21:50:55 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Games

[2011.04.13 12:11:48 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Office

[2011.03.03 04:21:51 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Silverlight

[2009.11.24 17:16:22 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft SQL Server Compact Edition

[2009.11.24 17:18:27 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Sync Framework

[2011.04.13 12:11:44 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft Works

[2011.04.13 12:11:48 | 000,000,000 | ---D | M] -- C:\Programme\Microsoft.NET

[2010.08.13 19:38:07 | 000,000,000 | ---D | M] -- C:\Programme\Movie Maker

[2010.12.16 04:16:14 | 000,000,000 | ---D | M] -- C:\Programme\Movie Maker 2.6

[2009.09.27 11:25:48 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla ActiveX Control v1.7.12

[2011.03.24 10:54:47 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox

[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Programme\MSBuild

[2010.01.02 16:37:31 | 000,000,000 | ---D | M] -- C:\Programme\MSECache

[2009.01.19 23:07:22 | 000,000,000 | ---D | M] -- C:\Programme\MSXML 4.0

[2009.04.25 11:34:53 | 000,000,000 | ---D | M] -- C:\Programme\OpenOffice.org 3

[2010.10.29 12:11:45 | 000,000,000 | ---D | M] -- C:\Programme\QuickTime

[2009.12.06 21:43:34 | 000,000,000 | ---D | M] -- C:\Programme\Real

[2007.04.11 09:10:23 | 000,000,000 | ---D | M] -- C:\Programme\Realtek

[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Programme\Reference Assemblies

[2009.11.04 23:51:16 | 000,000,000 | ---D | M] -- C:\Programme\Replay Media Catcher

[2009.02.20 20:16:50 | 000,000,000 | ---D | M] -- C:\Programme\SecretCity 3DChat

[2010.11.05 14:40:18 | 000,000,000 | ---D | M] -- C:\Programme\Sid Meier's Civilization V

[2009.01.21 16:55:16 | 000,000,000 | ---D | M] -- C:\Programme\SiteAdvisor

[2009.03.11 18:22:28 | 000,000,000 | ---D | M] -- C:\Programme\T-Online

[2009.11.13 18:08:29 | 000,000,000 | ---D | M] -- C:\Programme\Uniblue

[2006.11.02 15:01:55 | 000,000,000 | -H-D | M] -- C:\Programme\Uninstall Information

[2010.11.04 13:11:26 | 000,000,000 | ---D | M] -- C:\Programme\Vampire The Masquerade - Redemption

[2009.01.20 12:30:11 | 000,000,000 | ---D | M] -- C:\Programme\Veoh Networks

[2009.01.20 00:27:01 | 000,000,000 | ---D | M] -- C:\Programme\VideoLAN

[2011.04.06 22:58:38 | 000,000,000 | ---D | M] -- C:\Programme\VMLoad

[2009.01.20 16:02:24 | 000,000,000 | ---D | M] -- C:\Programme\vtplus

[2010.02.03 13:45:57 | 000,000,000 | ---D | M] -- C:\Programme\Winamp

[2009.11.10 21:04:26 | 000,000,000 | ---D | M] -- C:\Programme\Windows Calendar

[2009.11.10 21:04:23 | 000,000,000 | ---D | M] -- C:\Programme\Windows Collaboration

[2009.11.10 21:04:12 | 000,000,000 | ---D | M] -- C:\Programme\Windows Defender

[2009.11.10 21:04:23 | 000,000,000 | ---D | M] -- C:\Programme\Windows Journal

[2009.11.24 17:19:00 | 000,000,000 | ---D | M] -- C:\Programme\Windows Live

[2009.06.16 18:36:12 | 000,000,000 | ---D | M] -- C:\Programme\Windows Live SkyDrive

[2011.04.15 03:26:46 | 000,000,000 | ---D | M] -- C:\Programme\Windows Mail

[2010.10.15 18:51:56 | 000,000,000 | ---D | M] -- C:\Programme\Windows Media Player

[2009.01.19 22:06:56 | 000,000,000 | ---D | M] -- C:\Programme\Windows NT

[2009.11.10 21:04:19 | 000,000,000 | ---D | M] -- C:\Programme\Windows Photo Gallery

[2009.11.18 18:56:06 | 000,000,000 | ---D | M] -- C:\Programme\Windows Portable Devices

[2009.11.10 21:04:24 | 000,000,000 | ---D | M] -- C:\Programme\Windows Sidebar

[2009.01.20 12:44:14 | 000,000,000 | ---D | M] -- C:\Programme\WinRAR

[2009.09.30 14:13:24 | 000,000,000 | ---D | M] -- C:\Programme\WinTV

[2008.10.06 06:46:53 | 000,000,000 | ---D | M] -- C:\Programme\YUAN

 
 < %LOCALAPPDATA%\*.exe >

 
 < %systemroot%\*. /mp /s >

 
 < C:\Users\Melissa\AppData\Roaming\Xois /S >

 
 < C:\Users\Melissa\AppData\Roaming\Iwnevo /S >

 

 
 < MD5 for: EXPLORER.EXE  >

[2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe

[2008.10.29 08:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe

[2008.10.30 05:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe

[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe

[2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe

[2008.10.28 04:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe

[2008.01.21 04:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

 
 < MD5 for: USERINIT.EXE  >

[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe

[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe

[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe

[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe

[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-04-19 08:25:48

 
 <  >

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:E36F5B57

@Alternate Data Stream - 48 bytes -> C:\Windows:857B1D3CE2BFC36F
 

< End of report >

--- --- ---

GMER Logfile:

Code:

GMER 1.0.15.15570 - hxxp://www.gmer.net

Rootkit scan 2011-04-19 20:00:44

Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-7 WDC_WD3200AAJS-22B4A0 rev.01.03A01

Running: g2m3e4r.exe; Driver: C:\Users\Melissa\AppData\Local\Temp\pwtcauoc.sys
 
 

---- System - GMER 1.0.15 ----
 

SSDT            888D8ABC                                                                                                                          ZwCreateThread

SSDT            888D8AA8                                                                                                                          ZwOpenProcess

SSDT            888D8AAD                                                                                                                          ZwOpenThread

SSDT            888D8AB7                                                                                                                          ZwTerminateProcess
 

INT 0x51        ?                                                                                                                                 844C4BF8

INT 0x61        ?                                                                                                                                 844C4BF8

INT 0x62        ?                                                                                                                                 85E32F00

INT 0x72        ?                                                                                                                                 85E32F00

INT 0x82        ?                                                                                                                                 85E32F00

INT 0x92        ?                                                                                                                                 85E32F00

INT 0xB2        ?                                                                                                                                 844C4BF8
 

---- Kernel code sections - GMER 1.0.15 ----
 

.text           ntkrnlpa.exe!KeSetEvent + 221                                                                                                     824C29A4 4 Bytes  [BC, 8A, 8D, 88]

.text           ntkrnlpa.exe!KeSetEvent + 3F1                                                                                                     824C2B74 4 Bytes  [A8, 8A, 8D, 88]

.text           ntkrnlpa.exe!KeSetEvent + 40D                                                                                                     824C2B90 4 Bytes  [AD, 8A, 8D, 88]

.text           ntkrnlpa.exe!KeSetEvent + 621                                                                                                     824C2DA4 4 Bytes  [B7, 8A, 8D, 88]

?               System32\Drivers\spmm.sys                                                                                                         Das System kann den angegebenen Pfad nicht finden. !

.text           USBPORT.SYS!DllUnload                                                                                                             8DB1141B 5 Bytes  JMP 85E324E0 

.text           atsecl1w.SYS                                                                                                                      8DB75000 22 Bytes  [82, 73, 7D, 82, 6C, 72, 7D, ...]

.text           atsecl1w.SYS                                                                                                                      8DB75017 137 Bytes  [00, 32, 97, B1, 82, 3D, 95, ...]

.text           atsecl1w.SYS                                                                                                                      8DB750A1 43 Bytes  [F0, 4B, 82, 74, E6, 45, 82, ...]

.text           atsecl1w.SYS                                                                                                                      8DB750CE 10 Bytes  [00, 00, 00, 00, 00, 00, 02, ...]

.text           atsecl1w.SYS                                                                                                                      8DB750DA 12 Bytes  [00, 00, 02, 00, 00, 00, 24, ...]

.text           ...                                                                                                                               
 

---- User code sections - GMER 1.0.15 ----
 

.text           C:\Windows\Explorer.EXE[1576] SHELL32.dll!SHGetFolderPathAndSubDirW + 81C5                                                        760BB37C 4 Bytes  [50, 26, 00, 10] {PUSH EAX; ADD ES:[EAX], DL}
 

---- Devices - GMER 1.0.15 ----
 

Device          \FileSystem\Ntfs \Ntfs                                                                                                            84E5A1F8

Device          \FileSystem\fastfat \FatCdrom                                                                                                     87036500

Device          \Driver\volmgr \Device\VolMgrControl                                                                                              844C61F8

Device          \Driver\netbt \Device\NetBT_Tcpip_{47A7ADE3-B642-4C17-9D29-3899857D60D3}                                                          86C321F8

Device          \Driver\usbohci \Device\USBPDO-0                                                                                                  85E7E1F8

Device          \Driver\PCI_PNP1468 \Device\00000051                                                                                              spmm.sys

Device          \Driver\usbohci \Device\USBPDO-1                                                                                                  85E7E1F8

Device          \Driver\usbohci \Device\USBPDO-2                                                                                                  85E7E1F8

Device          \Driver\usbohci \Device\USBPDO-3                                                                                                  85E7E1F8

Device          \Driver\netbt \Device\NetBT_Tcpip_{489A8CC2-652A-4F88-A6E8-FAF429845542}                                                          86C321F8

Device          \Driver\usbohci \Device\USBPDO-4                                                                                                  85E7E1F8

Device          \Driver\usbehci \Device\USBPDO-5                                                                                                  85E7D1F8

Device          \Driver\volmgr \Device\HarddiskVolume1                                                                                            844C61F8

Device          \Driver\volmgr \Device\HarddiskVolume2                                                                                            844C61F8

Device          \Driver\cdrom \Device\CdRom0                                                                                                      85E8F500

Device          \Driver\atapi \Device\Ide\IdePort0                                                                                                84E591F8

Device          \Driver\atapi \Device\Ide\IdePort0                                                                                                sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device          \Driver\atapi \Device\Ide\IdePort1                                                                                                84E591F8

Device          \Driver\atapi \Device\Ide\IdePort1                                                                                                sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device          \Driver\atapi \Device\Ide\IdePort2                                                                                                84E591F8

Device          \Driver\atapi \Device\Ide\IdePort2                                                                                                sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device          \Driver\atapi \Device\Ide\IdePort3                                                                                                84E591F8

Device          \Driver\atapi \Device\Ide\IdePort3                                                                                                sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device          \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-3                                                                                       84E591F8

Device          \Driver\atapi \Device\Ide\IdeDeviceP2T1L0-3                                                                                       sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device          \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-7                                                                                       84E591F8

Device          \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-7                                                                                       sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device          \Driver\volmgr \Device\HarddiskVolume3                                                                                            844C61F8

Device          \Driver\cdrom \Device\CdRom1                                                                                                      85E8F500

Device          \Driver\volmgr \Device\HarddiskVolume4                                                                                            844C61F8

Device          \Driver\volmgr \Device\HarddiskVolume5                                                                                            844C61F8

Device          \Driver\volmgr \Device\HarddiskVolume6                                                                                            844C61F8

Device          \Driver\USBSTOR \Device\00000069                                                                                                  85E2F1F8

Device          \Driver\USBSTOR \Device\00000069                                                                                                  sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device          \Driver\sptd \Device\2650615477                                                                                                   spmm.sys

Device          \Driver\netbt \Device\NetBt_Wins_Export                                                                                           86C321F8

Device          \Driver\USBSTOR \Device\00000077                                                                                                  85E2F1F8

Device          \Driver\USBSTOR \Device\00000077                                                                                                  sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device          \Driver\USBSTOR \Device\00000078                                                                                                  85E2F1F8

Device          \Driver\USBSTOR \Device\00000078                                                                                                  sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device          \Driver\Smb \Device\NetbiosSmb                                                                                                    86CEC1F8

Device          \Driver\netbt \Device\NetBT_Tcpip_{68B68306-FE2F-4B37-BC10-4ABC839E99FD}                                                          86C321F8

Device          \Driver\iScsiPrt \Device\RaidPort0                                                                                                85F381F8

Device          \Driver\USBSTOR \Device\0000006a                                                                                                  85E2F1F8

Device          \Driver\USBSTOR \Device\0000006a                                                                                                  sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device          \Driver\usbohci \Device\USBFDO-0                                                                                                  85E7E1F8

Device          \Driver\usbohci \Device\USBFDO-1                                                                                                  85E7E1F8

Device          \Driver\USBSTOR \Device\0000006e                                                                                                  85E2F1F8

Device          \Driver\USBSTOR \Device\0000006e                                                                                                  sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device          \Driver\usbohci \Device\USBFDO-2                                                                                                  85E7E1F8

Device          \Driver\USBSTOR \Device\0000006f                                                                                                  85E2F1F8

Device          \Driver\USBSTOR \Device\0000006f                                                                                                  sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device          \Driver\usbohci \Device\USBFDO-3                                                                                                  85E7E1F8

Device          \Driver\usbohci \Device\USBFDO-4                                                                                                  85E7E1F8

Device          \Driver\usbehci \Device\USBFDO-5                                                                                                  85E7D1F8

Device          \Driver\atsecl1w \Device\Scsi\atsecl1w1Port5Path0Target0Lun0                                                                      85F361F8

Device          \Driver\atsecl1w \Device\Scsi\atsecl1w1Port5Path0Target0Lun0                                                                      sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device          \Driver\atsecl1w \Device\Scsi\atsecl1w1                                                                                           85F361F8

Device          \Driver\atsecl1w \Device\Scsi\atsecl1w1                                                                                           sfsync02.sys (StarForce Protection Synchronization Driver/Protection Technology)

Device          \FileSystem\fastfat \Fat                                                                                                          87036500
 

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                          fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
 

Device          \FileSystem\cdfs \Cdfs                                                                                                            86BE81F8
 

---- Registry - GMER 1.0.15 ----
 

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1                                                                                771343423

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2                                                                                285507792

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0                                                                                2

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                                  

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                               0

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                            0xC9 0xEC 0x0A 0x2D ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                               C:\Program Files\Alcohol Soft\Alcohol 120\

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001                                         

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                                   0xF9 0xA7 0x70 0x12 ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40                                  

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                            0xEE 0xA5 0x84 0x6C ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                  

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                               D:\DAEMON Tools Lite\

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                               1

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                            0xE5 0x96 0xCF 0xD5 ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                         

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                      0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                   0x68 0x4B 0xD6 0x47 ...

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                    

Reg             HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                              0x65 0xD4 0x37 0x8B ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                              

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                                   0

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                                0xC9 0xEC 0x0A 0x2D ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                                   C:\Program Files\Alcohol Soft\Alcohol 120\

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)                     

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                                       0xF9 0xA7 0x70 0x12 ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)              

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                                0xEE 0xA5 0x84 0x6C ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                              

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                   D:\DAEMON Tools Lite\

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                   1

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                0xE5 0x96 0xCF 0xD5 ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                     

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                          0x20 0x01 0x00 0x00 ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                       0x68 0x4B 0xD6 0x47 ...

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                

Reg             HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                  0x65 0xD4 0x37 0x8B ...

Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update@OfflineDetectionPending                                  1

Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E897DF62-4ADE-08CB-C801-BCB81C0CEA07}                   

Reg             HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E897DF62-4ADE-08CB-C801-BCB81C0CEA07}@hapjlkfbdnghfncc  0x6B 0x61 0x62 0x67 ...
 

---- EOF - GMER 1.0.15 ----

--- --- ---

Vielen lieben Dank,

Gruß
Shinichi

Hallo Shinichi,

Schritt # 1: FileSharing Programme
Ich sehe das Du sogenannte Peer to Peer oder Filesharing Programme verwendest.

In deinem Fall BitTorrent und DNA.

Diese Programme erlauben es Dir, Daten mit anderen Usern auszutauschen.

Leider ist auch p2p oder Filesharing nicht ausgenommen, infizierte Dateien zu verteilen und ist auch ein Grund warum sich Malware so schnell verbreitet.
Es ist also möglich, dass Du Dir eine Infizierte Datei herunter ladest. Du kannst niemals wissen, woher diese stammen. Daher sollte diese Art Software mit äußerster Vorsicht benutzt werden.

Ein ebenfalls wichtiger Punkt ist, dass das verbreiten von Media und Entertainment Dateien in den meisten Ländern der Welt gegen Copyright Rechte verstößt.
Natürlich gibt es auch einen legalen Weg zur Nutzung dieses Service. Zum Beispiel zum Downloaden von Linux oder Open Office.
Denoch würde ich Dich ersuchen, diese Art von Software nicht weiterhin zu verwenden.
Bitte gehe zu

Start --> Systemsteuerung --> Software

und deinstalliere die oben genannte Software.

Bitte sag bescheid wenn Du eines der gelisteten Programme nicht finden kannst. Verwendest du diese Programme überhaupt noch?

Schritt # 2: Fix mit OTL

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die http://larusso.trojaner-board.de/Images/otlfix.jpg Textbox.

Code:

:OTL

IE - HKCU\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"

FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2

FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0

FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.2.5.2

FF - prefs.js..extensions.enabledItems: {ecdee021-0d17-467f-a1ff-c7a115230949}:2.7.2.0

FF - prefs.js..extensions.enabledItems: ffxtlbr@babylon.com:1.1.3

FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=98cfdf4f00000000000000ff982a88c7&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17395&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\2.bin

[2010.10.04 10:31:37 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}

[2010.10.26 15:04:48 | 000,000,000 | ---D | M] (DigitalPowered Toolbar) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{b317125e-2f10-4388-bf1f-2c31c6cd89ed}

[2011.03.30 18:22:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{b317125e-2f10-4388-bf1f-2c31c6cd89ed}-trash

[2011.01.19 14:45:37 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}

[2010.10.04 10:31:38 | 000,000,000 | ---D | M] (free-downloads.net Toolbar) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}

[2011.01.25 12:30:48 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\engine@conduit.com

[2011.03.29 14:50:56 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com

[2010.08.09 11:29:22 | 000,000,873 | ---- | M] () -- C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\ne30dex4.default\searchplugins\conduit.xml

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O4 - HKCU..\Run: [chknelog]  File not found

O4 - HKCU..\Run: [cxlacuxatx.exe]  File not found

[2011.04.02 12:27:47 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Roaming\Xois

[2011.04.02 12:27:47 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Roaming\Iwnevo

@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:E36F5B57

@Alternate Data Stream - 48 bytes -> C:\Windows:857B1D3CE2BFC36F
 

:commands

[Purity]

[Emptytemp]

Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt # 3: ComboFix ausführen

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Lade ComboFix von einem dieser Download-Spiegel herunter:

BleepingComputer - ForoSpyware

* Wichtig !! Speichere ComboFix auf dem Desktop

Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
Doppelklicke auf die ComboFix.exe und folge den Anweisungen.
ComboFix wird schauen, ob die Microsoft-Windows-Wiederherstellungskonsole installiert ist. Dies ist Teil des Prozesses. Angesichts der Art von Malware Infizierungen, die es heute gibt, wird dringend empfohlen, diese Wiederherstellungskonsole auf dem PC installiert zu haben, bevor jegliche Reinigung von Malware durchgeführt wird.
Folge den Anweisungen, um ComboFix das Herunterladen und Installieren der Wiederherstellungskonsole zu ermöglichen und stimme dem Lizenzvertrag (EULA) zu, sobald Du dazu aufgefordert wirst.

**Zur Information: Sollte die Wiederherstellungskonsole schon installiert sein, so wird ComboFix seine Malware-Entfernungsprozedur normal fortfahren.

http://i94.photobucket.com/albums/l8...eWHKonsole.jpg

Sobald die Wiederherstellungskonsole durch ComboFix installiert wurde, solltest Du folgende Nachricht sehen:

http://i94.photobucket.com/albums/l8...nstalliert.jpg

Klicke "Ja", um mit dem Suchlauf nach Malware fortzufahren.

Wenn ComboFix fertig ist, wird es ein Log erstellen. Bitte füge die C:\ComboFix.txt Deiner nächsten Antwort bei.

Schritt # 4: Systemscan mit OTL

Starte bitte OTL.exe.
Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.

Schritt # 5: Fragen beantworten

Zitat:

Wenn ich mir die geblockten, bzw. das gelockte Programm ansehe, wird mir angezeigt, dass es sich hierbei um Malwarebytes' Anti-Malwarehandelt.

Malwarebytes' Anti-Malware kannst du getrost ausführen. Auf die Meldung klicken -> Programm ausführen wählen. Setze einen Haken bei Diese Meldung nicht mehr anzeigen.

Zitat:

Bei der Datei von Megavideo handelt es sich um einen Teil eines Videos, welches ich wohl mal bei dem Versuch etwas anzusehen gedownloadet habe, soll ich es einfach löschen?

Nein, musst du nicht. Ich wollte nur wissen, um was es sich dabei handelt. Sofern du Bescheid weißt und es keine Probleme damit gibt, passt das so.

Zitat:

Die genannten Programme habe ich ohne Probleme löschen können, ...

Gilt das auch für Uniblue Registry Booster?

Schritt # 6: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort

eine Rückmeldung bezüglich der Verwendung von Filesharing Programmen,
das Logfile des OTL-Fix,
das Logfile von ComboFix,
die beiden neuen Logfiles von OTL (OTL.txt und Extras.txt) und
die Beantwortung der gestellten Fragen.

Hallo M-K-D-B,

Ich habe an diesem Morgen eine Fehlermeldung bekommen, welche ich vergessen hatte zu erwähnen, da sie seit langem nicht mehr aufgetaucht ist. Allerdings ist dieses Problem bereits an einem Tag des öfteren, nahezu permanent, aufgetreten.
Mir wurde angegeben, dass der Windows Explorer nicht mehr funktioniert und dieser neu gestartet werden müsse. Dies war allerdings bevor ich deine heute angegebenen Schritte ausgeführt habe.

BitTorrent und DNA konnte ich nicht deinstallieren, da sie mir nicht unter den zu bearbeitenden/deinstallierenden Programmen angegeben wurden. Ausserdem bin ich fest davon überzeugt, dass ich BitTorrent bereits vor einer kleinen Weile deinstalliert habe, da ich dieses Programm für unnötig hielt, denn ich benutze es nicht mehr. Was DNA ist, wann bzw. warum ich es installiert habe, weiß ich nicht und auch dieses wurde mir nicht angezeigt. Uniblue Registry Booster ließ sich ohne Probleme deinstallieren.

Zitat:

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: engine@conduit.com:3.2.5.2 removed from extensions.enabledItems
Prefs.js: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0 removed from extensions.enabledItems
Prefs.js: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.2.5.2 removed from extensions.enabledItems
Prefs.js: {ecdee021-0d17-467f-a1ff-c7a115230949}:2.7.2.0 removed from extensions.enabledItems
Prefs.js: ffxtlbr@babylon.com:1.1.3 removed from extensions.enabledItems
Prefs.js: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=98cfdf4f00000000000000ff982a88c7&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17395&q=" removed from keyword.URL
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com deleted successfully.
File C:\Program Files\MyWebSearch\bar\2.bin not found.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\searchplugin folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\META-INF folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\lib folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\defaults folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\chrome folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{b317125e-2f10-4388-bf1f-2c31c6cd89ed}\searchplugin folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{b317125e-2f10-4388-bf1f-2c31c6cd89ed}\META-INF folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{b317125e-2f10-4388-bf1f-2c31c6cd89ed}\lib folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{b317125e-2f10-4388-bf1f-2c31c6cd89ed}\defaults folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{b317125e-2f10-4388-bf1f-2c31c6cd89ed}\components folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{b317125e-2f10-4388-bf1f-2c31c6cd89ed}\chrome folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{b317125e-2f10-4388-bf1f-2c31c6cd89ed} folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{b317125e-2f10-4388-bf1f-2c31c6cd89ed}-trash\chrome folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{b317125e-2f10-4388-bf1f-2c31c6cd89ed}-trash folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\searchplugin folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\META-INF folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\lib folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\defaults folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\chrome folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\searchplugin folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\META-INF folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\lib folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\defaults folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\components folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949}\chrome folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{ecdee021-0d17-467f-a1ff-c7a115230949} folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\engine@conduit.com folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\defaults\preferences\.svn\tmp\text-base folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\defaults\preferences\.svn\tmp\props folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\defaults\preferences\.svn\tmp\prop-base folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\defaults\preferences\.svn\tmp folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\defaults\preferences\.svn\text-base folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\defaults\preferences\.svn\props folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\defaults\preferences\.svn\prop-base folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\defaults\preferences\.svn folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\defaults\preferences folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\defaults\.svn\tmp\text-base folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\defaults\.svn\tmp\props folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\defaults\.svn\tmp\prop-base folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\defaults\.svn\tmp folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\defaults\.svn\text-base folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\defaults\.svn\props folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\defaults\.svn\prop-base folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\defaults\.svn folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\defaults folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\.svn\tmp\text-base folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\.svn\tmp\props folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\.svn\tmp\prop-base folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\.svn\tmp folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\.svn\text-base folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\.svn\props folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\.svn\prop-base folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio\.svn folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\content\imgs\mnRadio folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\tmp\text-base folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\tmp\props folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\tmp\prop-base folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\tmp folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\text-base folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\props folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn\prop-base folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs\.svn folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\content\imgs\flgs folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\tmp\text-base folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\tmp\props folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\tmp\prop-base folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\tmp folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\text-base folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\props folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn\prop-base folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\content\imgs\.svn folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\content\imgs folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\content\.svn\tmp\text-base folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\content\.svn\tmp\props folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\content\.svn\tmp\prop-base folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\content\.svn\tmp folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\content\.svn\text-base folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\content\.svn\props folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\content\.svn\prop-base folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\content\.svn folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\content folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\components folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\.svn\tmp\text-base folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\.svn\tmp\props folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\.svn\tmp\prop-base folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\.svn\tmp folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\.svn\text-base folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\.svn\props folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\.svn\prop-base folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com\.svn folder moved successfully.
C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\ffxtlbr@babylon.com folder moved successfully.
C:\Users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\ne30dex4.default\searchplugins\conduit.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\chknelog deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\cxlacuxatx.exe deleted successfully.
C:\Users\Melissa\AppData\Roaming\Xois folder moved successfully.
C:\Users\Melissa\AppData\Roaming\Iwnevo folder moved successfully.
ADS C:\ProgramData\TEMP:E36F5B57 deleted successfully.
ADS C:\Windows:857B1D3CE2BFC36F deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Melissa
->Temp folder emptied: 4043449 bytes
->Temporary Internet Files folder emptied: 690896272 bytes
->Java cache emptied: 7140 bytes
->FireFox cache emptied: 16040352 bytes
->Flash cache emptied: 1585 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9649 bytes
RecycleBin emptied: 1265514077 bytes

Total Files Cleaned = 1.885,00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 04202011_222726

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\CLDigitalHome\CLMS_AGENT_LOG1.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\CLDigitalHome\PCMMediaServer.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Combofix Logfile:

Code:

ComboFix 11-04-20.01 - Melissa 20.04.2011  22:44:34.1.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.1791.1023 [GMT 2:00]

ausgeführt von:: c:\users\Melissa\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Melissa\AppData\Roaming\chrtmp

c:\windows\system32\skinboxer43.dll

J:\Autorun.inf

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-03-20 bis 2011-04-20  ))))))))))))))))))))))))))))))

.

.

2011-04-20 20:54 . 2011-04-20 20:54        --------        d-----w-        c:\users\Default\AppData\Local\temp

2011-04-20 20:27 . 2011-04-20 20:27        --------        d-----w-        C:\_OTL

2011-04-19 16:49 . 2011-04-19 16:49        2560        ----a-w-        c:\windows\_MSRSTRT.EXE

2011-04-19 08:25 . 2011-04-11 07:04        7071056        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{3DE13662-E882-4CEA-B292-949635B8582C}\mpengine.dll

2011-04-17 19:55 . 2011-04-17 19:55        --------        d-----w-        c:\program files\ERUNT

2011-04-15 13:11 . 2011-04-15 13:11        --------        d-----w-        c:\users\Melissa\AppData\Roaming\Malwarebytes

2011-04-15 13:11 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2011-04-15 13:11 . 2011-04-15 13:11        --------        d-----w-        c:\programdata\Malwarebytes

2011-04-15 13:11 . 2011-04-15 13:11        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2011-04-15 13:11 . 2010-12-20 16:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-04-14 00:05 . 2011-02-02 16:11        222080        ------w-        c:\windows\system32\MpSigStub.exe

2011-04-13 10:51 . 2011-04-13 10:51        --------        d-----w-        c:\program files\Defraggler

2011-03-23 12:14 . 2011-02-22 14:13        288768        ----a-w-        c:\windows\system32\XpsGdiConverter.dll

2011-03-23 12:14 . 2011-02-22 13:33        1068544        ----a-w-        c:\windows\system32\DWrite.dll

2011-03-23 12:14 . 2011-02-22 13:33        797696        ----a-w-        c:\windows\system32\FntCache.dll

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-09 23:35 . 2009-11-02 17:57        119808        ----a-w-        c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-03-04 21:38        121392        ----a-w-        c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"T-Online_Software_6\WLAN-Access Finder"="c:\program files\T-Online\WLAN-Access Finder\ToWLaAcF.exe" [2008-04-08 671796]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 204908]

"RtHDVCpl"="RtHDVCpl.exe" [2007-06-20 4493312]

"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]

"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-09 30192]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-15 149280]

"Ask and Record FLV Service"="c:\program files\Replay Media Catcher\FLVSrvc.exe" [2009-09-22 156672]

"Skytel"="Skytel.exe" [2007-06-15 1826816]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"InfoCockpit"="c:\program files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE" [2009-04-29 268800]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2009-1-20 110647]

Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-4-11 535336]

Wireless Configuration Utility HW.32.lnk - c:\windows\Installer\{BDC88E5A-F47B-4314-AB38-994592E32C95}\NewShortcut1.exe [2009-11-5 40960]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^Melissa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]

path=c:\users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk

backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]

2008-01-09 16:43        326176        ----a-w-        c:\acer\Empowering Technology\SysMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-10-15 00:04        39792        ----a-w-        c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]

2009-04-02 04:00        203928        ----a-w-        c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2009-04-23 13:51        691656        ----a-w-        d:\daemon tools lite\daemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InfoCockpit]

2009-04-29 14:11        268800        ------w-        c:\program files\T-Online\T-Online_Software_6\Info-Cockpit\ic_start.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-09-24 00:10        421160        ----a-w-        c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-07-26 15:44        3883840        ----a-w-        c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-09-08 09:17        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2009-12-06 19:43        198160        ----a-w-        c:\program files\Common Files\Real\Update_OB\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]

2010-01-26 17:46        2633976        ----a-w-        c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;D:\PhotoshopElementsFileAgent.exe [2008-09-16 169312]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-11 136176]

R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-09-09 30192]

R3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\Drivers\hcw95bda.sys [2008-04-17 560640]

R3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\DRIVERS\hcw95rc.sys [2008-04-17 15616]

R3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;c:\progra~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [2006-10-09 17536]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-06-29 721904]

S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-25 269448]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]

S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\sis163u.sys [2004-10-01 162304]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache

.

Inhalt des "geplante Tasks" Ordners

.

2011-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-11 13:57]

.

2011-04-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-11 13:57]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=1008&m=aspire_l5100

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=1008&m=aspire_l5100

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: {{D401C3A2-12EF-4D1D-A086-F3AB10B565BF} - c:\progra~1\SECRET~1\\SECRET~1.EXE

DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab

FF - ProfilePath - c:\users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\ne30dex4.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - google.de

FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=98cfdf4f00000000000000ff982a88c7&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17395&q=

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Illimitux: illimitux@illimitux.net - %profile%\extensions\illimitux@illimitux.net

FF - Ext: RadioBar Toolbar: radiobar@toolbar - %profile%\extensions\radiobar@toolbar

FF - Ext: Veoh Video Compass: searchrecs@veoh.com - %profile%\extensions\searchrecs@veoh.com

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\Real\RealPlayer\browserrecord\firefox\ext

FF - Ext: Veoh Web Player Video Finder: web@veoh.com - c:\program files\Veoh Networks\VeohWebPlayer\FFVideoFinder

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

WebBrowser-{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - (no file)

WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)

HKLM-Run-Acer Tour Reminder - c:\acer\AcerTour\Reminder.exe

HKLM-Run-Apanel - c:\acersw\config\NewSetApanel.cmd

HKLM-Run-eRecoveryService - (no file)

MSConfigStartUp-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2011-04-20 22:54

Windows 6.0.6002 Service Pack 2 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-2682020467-2822555498-3201927298-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E897DF62-4ADE-08CB-C801-BCB81C0CEA07}*]

"hapjlkfbdnghfncc"=hex:6b,61,62,67,67,61,6c,69,63,64,6c,6c,65,6b,69,70,6a,6b,

   6f,63,67,6b,00,00

.

Zeit der Fertigstellung: 2011-04-20  22:59:03

ComboFix-quarantined-files.txt  2011-04-20 20:59

.

Vor Suchlauf: 17 Verzeichnis(se), 54.924.656.640 Bytes frei

Nach Suchlauf: 20 Verzeichnis(se), 56.619.708.416 Bytes frei

.

- - End Of File - - 0F9AF2AC4FAC8BFA7724750F5CD313BE

--- --- ---

OTL Logfile:

Code:

OTL logfile created on: 20.04.2011 23:00:29 - Run 3

OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Melissa\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 72,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 144,29 Gb Total Space | 52,78 Gb Free Space | 36,58% Space Free | Partition Type: NTFS

Drive D: | 144,04 Gb Total Space | 142,65 Gb Free Space | 99,04% Space Free | Partition Type: NTFS

Drive G: | 298,01 Gb Total Space | 127,88 Gb Free Space | 42,91% Space Free | Partition Type: FAT32

Drive J: | 931,28 Gb Total Space | 43,52 Gb Free Space | 4,67% Space Free | Partition Type: FAT32

 

Computer Name: ASSIGAMMELKEKS | User Name: Melissa | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Melissa\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)

PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

PRC - C:\Programme\Replay Media Catcher\FLVSrvc.exe (Applian Technologies, Inc.)

PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)

PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)

PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)

PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)

PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)

PRC - C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)

PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()

PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\profilemgr.exe (Deutsche Telekom AG)

PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()

PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)

PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)

PRC - C:\Programme\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00\WlanCU.exe ()

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Users\Melissa\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (AdobeActiveFileMonitor7.0) -- D:\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)

SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)

SRV - (Acer HomeMedia Connect Service) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()

SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()

SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)

SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)

DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))

DRV - (hcw95rc) -- C:\Windows\System32\drivers\hcw95rc.sys (Hauppauge Computer Works, Inc.)

DRV - (hcw95bda) -- C:\Windows\System32\drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.)

DRV - (zntport) -- C:\Windows\System32\drivers\zntport.sys (Zeal SoftStudio)

DRV - (tvicport) -- C:\Windows\System32\drivers\TVicPort.sys (EnTech Taiwan)

DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)

DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)

DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )

DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology (StarForce))

DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()

DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)

DRV - (MTOnlPktAlyX) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)

DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology)

DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))

DRV - (SIS163u) -- C:\Windows\System32\drivers\SiS163u.sys (SiS Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=1008&m=aspire_l5100

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=1008&m=aspire_l5100

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultthis.engineName: "Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316"

FF - prefs.js..browser.startup.homepage: "google.de"

FF - prefs.js..extensions.enabledItems: ""

FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0

FF - prefs.js..extensions.enabledItems: radiobar@toolbar:1.0.0

FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.2

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655

FF - prefs.js..extensions.enabledItems: ""

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2

FF - prefs.js..extensions.enabledItems: ""

FF - prefs.js..extensions.enabledItems: ""

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0

FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4

FF - prefs.js..extensions.enabledItems: ""

FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=98cfdf4f00000000000000ff982a88c7&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17395&q="

 

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.12 18:27:39 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.03.24 10:54:47 | 000,000,000 | ---D | M]

 

[2009.01.19 23:00:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melissa\AppData\Roaming\mozilla\Extensions

[2011.04.20 22:27:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions

[2010.07.09 10:27:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.03.14 11:54:26 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2011.01.25 12:30:40 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2010.03.28 22:07:49 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\illimitux@illimitux.net

[2010.01.30 16:48:09 | 000,000,000 | ---D | M] (RadioBar Toolbar) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\radiobar@toolbar

[2010.02.07 02:10:02 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\searchrecs@veoh.com

[2011.01.25 12:30:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\staged-xpis

[2011.04.06 22:52:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2010.02.16 21:00:29 | 000,000,000 | ---D | M] (VMLoad) -- C:\Programme\Mozilla Firefox\extensions\{464F169E-ACE1-4C5F-A778-A433A3DABBAE}

[2009.08.15 23:40:15 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

[2009.12.06 21:44:35 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD\FIREFOX\EXT

[2009.01.20 12:30:15 | 000,000,000 | ---D | M] (Veoh Web Player Video Finder) -- C:\PROGRAM FILES\VEOH NETWORKS\VEOHWEBPLAYER\FFVIDEOFINDER

File not found (No name found) -- C:\USERS\MELISSA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NE30DEX4.DEFAULT\EXTENSIONS\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}

File not found (No name found) -- C:\USERS\MELISSA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NE30DEX4.DEFAULT\EXTENSIONS\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}

File not found (No name found) -- C:\USERS\MELISSA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NE30DEX4.DEFAULT\EXTENSIONS\{ECDEE021-0D17-467F-A1FF-C7A115230949}

File not found (No name found) -- C:\USERS\MELISSA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NE30DEX4.DEFAULT\EXTENSIONS\ENGINE@CONDUIT.COM

File not found (No name found) -- C:\USERS\MELISSA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NE30DEX4.DEFAULT\EXTENSIONS\FFXTLBR@BABYLON.COM

[2008.09.04 02:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npbittorrent.dll

[2010.05.25 18:09:48 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll

[2011.03.06 00:27:43 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2011.03.06 00:27:43 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2011.03.06 00:27:43 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2011.03.06 00:27:43 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2011.03.06 00:27:43 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2011.04.20 22:54:40 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (VMLoadHBO Class) - {C17C7688-31D1-46D7-8C9B-5D253E4F5D5E} - C:\Users\Melissa\AppData\Roaming\VMLoad\addin\VMLoad.dll (TODO: <Company name>)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Programme\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [Ask and Record FLV Service] C:\Program Files\Replay Media Catcher\FLVSrvc.exe (Applian Technologies, Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)

O4 - HKLM..\Run: [PCMMediaSharing] C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [StartCCC] c:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()

O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)

O4 - HKCU..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)

O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Secret City - {D401C3A2-12EF-4D1D-A086-F3AB10B565BF} -  File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O12 - Plugin for: .spop -  File not found

O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)

O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)

O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)

O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Melissa\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\Melissa\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2006.11.03 12:58:30 | 000,000,038 | -H-- | M] () - G:\AUTORUN.FCB -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.04.20 22:59:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2011.04.20 22:42:38 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2011.04.20 22:42:38 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2011.04.20 22:42:38 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2011.04.20 22:42:34 | 000,000,000 | ---D | C] -- C:\ComboFix

[2011.04.20 22:40:07 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011.04.20 22:39:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe

[2011.04.20 22:27:26 | 000,000,000 | ---D | C] -- C:\_OTL

[2011.04.17 21:57:10 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2011.04.17 21:55:23 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT

[2011.04.17 21:55:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

[2011.04.17 21:30:47 | 000,791,393 | ---- | C] (Lars Hederer                                                ) -- C:\Users\Melissa\Desktop\Erunt-setup.exe

[2011.04.17 21:30:47 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Melissa\Desktop\TFC.exe

[2011.04.17 20:51:30 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Melissa\Desktop\OTL.exe

[2011.04.16 11:30:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2011.04.16 11:30:02 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll

[2011.04.16 11:30:02 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll

[2011.04.16 11:30:02 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2011.04.16 11:30:02 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe

[2011.04.16 11:30:02 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe

[2011.04.16 11:30:02 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2011.04.16 11:30:02 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll

[2011.04.16 11:30:01 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2011.04.16 11:30:01 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll

[2011.04.16 11:30:00 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat

[2011.04.16 11:30:00 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2011.04.16 11:30:00 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2011.04.16 11:30:00 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll

[2011.04.16 11:30:00 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2011.04.16 11:30:00 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2011.04.16 11:30:00 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll

[2011.04.16 11:30:00 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2011.04.16 11:30:00 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2011.04.16 11:30:00 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2011.04.16 11:30:00 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll

[2011.04.16 11:29:59 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2011.04.16 11:29:59 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2011.04.16 11:29:59 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll

[2011.04.16 11:29:59 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll

[2011.04.16 11:29:59 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll

[2011.04.16 11:29:59 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe

[2011.04.16 11:29:59 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe

[2011.04.16 11:29:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2011.04.16 11:29:59 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll

[2011.04.16 11:29:59 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll

[2011.04.16 11:29:58 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2011.04.16 11:29:58 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll

[2011.04.16 11:29:58 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll

[2011.04.16 11:29:58 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2011.04.16 11:29:58 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll

[2011.04.16 11:29:58 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2011.04.16 11:29:58 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll

[2011.04.16 11:29:58 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2011.04.15 15:11:24 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Roaming\Malwarebytes

[2011.04.15 15:11:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011.04.15 15:11:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.04.15 15:11:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.04.15 15:11:13 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011.04.15 15:11:13 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2011.04.14 09:01:53 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2011.04.14 09:01:53 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

[2011.04.14 09:01:42 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll

[2011.04.14 09:01:41 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll

[2011.04.14 09:01:38 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe

[2011.04.14 09:01:37 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2011.04.14 02:05:14 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[2011.04.13 12:51:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler

[2011.04.13 12:51:30 | 000,000,000 | ---D | C] -- C:\Programme\Defraggler

[2011.04.13 12:36:09 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2011.03.23 14:14:02 | 001,068,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll

[2011.03.23 14:14:02 | 000,288,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll

[2009.01.19 22:11:52 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe

[2008.09.30 06:55:45 | 000,049,152 | ---- | C] ( ) -- C:\Windows\INTEROP.IWSHRUNTIMELIBRARY.DLL

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.04.20 22:54:40 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2011.04.20 22:37:54 | 004,325,372 | R--- | M] () -- C:\Users\Melissa\Desktop\ComboFix.exe

[2011.04.20 22:32:48 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011.04.20 22:32:40 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011.04.20 22:32:40 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011.04.20 22:32:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.04.20 22:32:21 | 1878,515,712 | -HS- | M] () -- C:\hiberfil.sys

[2011.04.20 22:21:31 | 000,674,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2011.04.20 22:21:31 | 000,634,202 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011.04.20 22:21:31 | 000,146,028 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2011.04.20 22:21:31 | 000,119,766 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011.04.20 22:20:25 | 000,247,296 | ---- | M] () -- C:\Users\Melissa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.04.20 22:14:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011.04.20 00:26:48 | 000,040,504 | ---- | M] () -- C:\Users\Melissa\Desktop\Malvada.odt

[2011.04.19 19:33:17 | 000,050,477 | ---- | M] () -- C:\Users\Melissa\Desktop\Defogger.exe

[2011.04.19 18:49:41 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE

[2011.04.17 21:55:23 | 000,000,737 | ---- | M] () -- C:\Users\Melissa\Desktop\NTREGOPT.lnk

[2011.04.17 21:55:23 | 000,000,718 | ---- | M] () -- C:\Users\Melissa\Desktop\ERUNT.lnk

[2011.04.17 21:39:24 | 000,301,568 | ---- | M] () -- C:\Users\Melissa\Desktop\g2m3e4r.exe

[2011.04.17 21:39:23 | 000,791,393 | ---- | M] (Lars Hederer                                                ) -- C:\Users\Melissa\Desktop\Erunt-setup.exe

[2011.04.17 21:39:18 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Melissa\Desktop\TFC.exe

[2011.04.17 21:39:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Melissa\Desktop\OTL.exe

[2011.04.17 21:28:35 | 000,377,280 | ---- | M] () -- C:\Users\Melissa\Desktop\Load.exe

[2011.04.16 11:30:08 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat

[2011.04.16 11:30:08 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat

[2011.04.16 11:30:02 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2011.04.16 11:30:02 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll

[2011.04.16 11:30:02 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll

[2011.04.16 11:30:02 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2011.04.16 11:30:02 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe

[2011.04.16 11:30:02 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe

[2011.04.16 11:30:02 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2011.04.16 11:30:02 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll

[2011.04.16 11:30:01 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2011.04.16 11:30:01 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll

[2011.04.16 11:30:00 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat

[2011.04.16 11:30:00 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2011.04.16 11:30:00 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2011.04.16 11:30:00 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll

[2011.04.16 11:30:00 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2011.04.16 11:30:00 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2011.04.16 11:30:00 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll

[2011.04.16 11:30:00 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2011.04.16 11:30:00 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2011.04.16 11:30:00 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf

[2011.04.16 11:30:00 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2011.04.16 11:30:00 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll

[2011.04.16 11:29:59 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2011.04.16 11:29:59 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2011.04.16 11:29:59 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll

[2011.04.16 11:29:59 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll

[2011.04.16 11:29:59 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll

[2011.04.16 11:29:59 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe

[2011.04.16 11:29:59 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe

[2011.04.16 11:29:59 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2011.04.16 11:29:59 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll

[2011.04.16 11:29:59 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll

[2011.04.16 11:29:58 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2011.04.16 11:29:58 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll

[2011.04.16 11:29:58 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll

[2011.04.16 11:29:58 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2011.04.16 11:29:58 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll

[2011.04.16 11:29:58 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2011.04.16 11:29:58 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll

[2011.04.16 11:29:58 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2011.04.15 15:11:18 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.04.15 03:30:24 | 000,328,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011.04.13 12:51:32 | 000,001,706 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk

[2011.04.11 20:43:57 | 092,643,550 | ---- | M] () -- C:\Users\Melissa\Documents\Megavideo.com - 2828C2AF60C2BB..C2AB5BNeverAlone5DC2BB..C2ABC2B4C2AF2929.flv

[2011.04.06 22:35:33 | 000,000,054 | ---- | M] () -- C:\Windows\mpsettings.ini

 
 ========== Files Created - No Company Name ==========

 

[2011.04.20 22:42:38 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe

[2011.04.20 22:42:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2011.04.20 22:42:38 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe

[2011.04.20 22:42:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2011.04.20 22:42:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2011.04.20 22:35:23 | 004,325,372 | R--- | C] () -- C:\Users\Melissa\Desktop\ComboFix.exe

[2011.04.19 19:33:16 | 000,050,477 | ---- | C] () -- C:\Users\Melissa\Desktop\Defogger.exe

[2011.04.19 18:49:40 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE

[2011.04.18 21:23:54 | 000,040,504 | ---- | C] () -- C:\Users\Melissa\Desktop\Malvada.odt

[2011.04.17 21:55:23 | 000,000,737 | ---- | C] () -- C:\Users\Melissa\Desktop\NTREGOPT.lnk

[2011.04.17 21:55:23 | 000,000,718 | ---- | C] () -- C:\Users\Melissa\Desktop\ERUNT.lnk

[2011.04.17 21:30:47 | 000,301,568 | ---- | C] () -- C:\Users\Melissa\Desktop\g2m3e4r.exe

[2011.04.17 21:28:35 | 000,377,280 | ---- | C] () -- C:\Users\Melissa\Desktop\Load.exe

[2011.04.16 11:30:00 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf

[2011.04.15 15:11:18 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.04.13 12:51:32 | 000,001,706 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk

[2011.04.11 20:43:58 | 092,643,550 | ---- | C] () -- C:\Users\Melissa\Documents\Megavideo.com - 2828C2AF60C2BB..C2AB5BNeverAlone5DC2BB..C2ABC2B4C2AF2929.flv

[2011.04.06 22:35:33 | 000,000,054 | ---- | C] () -- C:\Windows\mpsettings.ini

[2010.08.13 11:30:19 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI

[2010.06.14 19:12:53 | 000,000,130 | ---- | C] () -- C:\Windows\System32\rpireica.bin

[2009.11.12 20:27:13 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2009.11.12 20:27:13 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2009.11.12 20:27:08 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2009.11.12 20:27:07 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2009.11.12 20:27:06 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2009.11.09 19:19:44 | 000,000,000 | ---- | C] () -- C:\Windows\System32\swunilog.ini

[2009.11.04 23:47:55 | 000,237,568 | ---- | C] () -- C:\Windows\System32\rmc_rtspdl.dll

[2009.09.24 06:17:18 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009.09.24 06:17:17 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009.09.02 06:57:23 | 000,007,268 | ---- | C] () -- C:\Users\Melissa\AppData\Local\d3d9caps.dat

[2009.07.02 13:51:39 | 000,006,550 | ---- | C] () -- C:\Windows\jautoexp.dat

[2009.02.10 19:22:57 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib

[2009.01.28 20:46:28 | 000,000,096 | ---- | C] () -- C:\Users\Melissa\AppData\Roaming\wklnhst.dat

[2009.01.20 13:05:11 | 000,000,399 | ---- | C] () -- C:\Windows\vtplus32.ini

[2009.01.20 13:05:01 | 000,149,504 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE

[2009.01.20 13:04:31 | 000,032,295 | ---- | C] () -- C:\Windows\Irremote.ini

[2009.01.20 13:04:21 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dmcrypto.dll

[2009.01.20 13:03:53 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI

[2009.01.20 13:03:53 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI

[2009.01.20 13:03:51 | 000,163,840 | ---- | C] () -- C:\Windows\System32\hcwChDB.dll

[2009.01.20 13:02:53 | 000,006,315 | ---- | C] () -- C:\Windows\HCWPNP.INI

[2009.01.20 00:02:56 | 000,247,296 | ---- | C] () -- C:\Users\Melissa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.01.19 23:11:52 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2009.01.19 22:39:59 | 000,000,095 | ---- | C] () -- C:\Users\Melissa\AppData\Local\fusioncache.dat

[2009.01.19 22:11:52 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe

[2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll

[2008.11.06 18:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll

[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll

[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll

[2008.10.06 06:48:51 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini

[2008.10.06 06:48:51 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini

[2008.01.21 09:15:58 | 000,674,344 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2008.01.21 09:15:58 | 000,146,028 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2007.04.11 19:30:48 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll

[2007.04.11 17:09:20 | 000,000,734 | ---- | C] () -- C:\Windows\generic.ini

[2007.04.11 17:09:20 | 000,000,125 | ---- | C] () -- C:\Windows\Alaunch.ini

[2007.04.11 17:07:33 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat

[2007.04.11 17:07:33 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2007.04.11 17:07:32 | 000,144,773 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2007.04.11 09:20:03 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys

[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 14:47:37 | 000,328,032 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006.11.02 12:33:01 | 000,634,202 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006.11.02 12:33:01 | 000,119,766 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2005.01.06 15:04:00 | 000,049,152 | ---- | C] () -- C:\Windows\System32\unwlsdrv.exe

[2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll

[2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll

[2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll

[2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

[1997.06.14 13:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
 

< End of report >

--- --- ---

OTL Logfile:

Code:

OTL Extras logfile created on: 20.04.2011 23:00:29 - Run 3

OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Melissa\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 51,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 72,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 144,29 Gb Total Space | 52,78 Gb Free Space | 36,58% Space Free | Partition Type: NTFS

Drive D: | 144,04 Gb Total Space | 142,65 Gb Free Space | 99,04% Space Free | Partition Type: NTFS

Drive G: | 298,01 Gb Total Space | 127,88 Gb Free Space | 42,91% Space Free | Partition Type: FAT32

Drive J: | 931,28 Gb Total Space | 43,52 Gb Free Space | 4,67% Space Free | Partition Type: FAT32

 

Computer Name: ASSIGAMMELKEKS | User Name: Melissa | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

helpfile [open] -- Reg Error: Key error.

hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)

htmlfile [edit] -- Reg Error: Key error.

https [open] -- "C:\Program Files\T-Online\T-Online_Software_6\Browser\Browser.exe" "%1" (Deutsche Telekom AG, T-Com)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "D:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)

Directory [Winamp.Enqueue] -- "D:\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)

Directory [Winamp.Play] -- "D:\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)

Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"cval" = 1

"FirewallDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"UpdatesDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

"AntiVirusOverride" = 0

"AntiSpywareOverride" = 0

"FirewallOverride" = 0

"VistaSp1" = Reg Error: Unknown registry data type -- File not found

"VistaSp2" = Reg Error: Unknown registry data type -- File not found

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]

"EnableFirewall" = 1

"DisableNotifications" = 0

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

 

 
 ========== Vista Active Open Ports Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{9265EC7A-E74F-4CDF-8A76-E4033AD19FF8}" = lport=2799 | protocol=17 | dir=in | name=altova license metering port (udp) | 

"{9D830633-DD90-4848-B43D-4EF669D6F30D}" = lport=2869 | protocol=6 | dir=in | app=system | 

"{C30F9E5F-F884-4709-8280-9BF784D597AF}" = lport=2799 | protocol=6 | dir=in | name=altova license metering port (tcp) | 

"{CDB5E889-7B85-4872-A409-1F10550761B2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 

 
 ========== Vista Active Application Exception List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{36C6E343-386F-4206-9620-AE09F0637B87}" = dir=in | app=c:\program files\itunes\itunes.exe | 

"{37C1A328-628F-440D-BB32-B14E94F9B3C8}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

"{429E1076-6ED3-4631-A110-E242611ABD04}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\acer homemedia connect.exe | 

"{470485FC-DCD2-42E6-838B-540E050DE5C6}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 

"{49E4D65D-DEF5-49DD-B6B4-D4518F3F07E1}" = protocol=6 | dir=in | app=c:\program files\dna\btdna.exe | 

"{4C880794-BF1D-4C44-AD3C-3FD4250E5173}" = protocol=17 | dir=in | app=c:\program files\dna\btdna.exe | 

"{5A2859D1-F844-4801-BA8A-BDC0BDBFA558}" = dir=in | app=c:\program files\acer arcade live\acer arcade live main page\acer arcade live.exe | 

"{6A08AA94-D7A3-4683-87AB-B24381941503}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 

"{718A601A-C322-4255-83C0-FCDA64B2CA6D}" = dir=in | app=c:\program files\acer arcade live\acer dvdivine\acer dvdivine.exe | 

"{76D1DCC1-7E94-4A4E-9187-78274AB2BBFC}" = dir=in | app=c:\program files\acer arcade live\acer homemedia\acer homemedia.exe | 

"{868152AE-DA95-4E0E-9108-8CE3109FF356}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 

"{88E99510-3643-4B2E-B7CE-83B61D45F9D8}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 

"{9291FD17-F5BA-4322-A18A-4EC9F59C4022}" = dir=in | app=c:\program files\acer arcade live\acer videomagician\acer videomagician.exe | 

"{99BCA220-9175-484D-BC1C-2B1676046127}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 

"{A53B27B6-773D-47E5-AFA9-73C76B7FF3E9}" = dir=in | app=c:\program files\acer arcade live\acer dv magician\acer dv magician.exe | 

"{A8296857-D3DC-45A0-AEA7-8C9B04B9EB2A}" = dir=in | app=c:\program files\acer arcade live\acer slideshow dvd\acer slideshow dvd.exe | 

"{AB2224D7-5B2C-4C66-9F80-4C9570629041}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 

"{AE04494B-E8AE-437B-9966-C6983DD556F0}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe | 

"{AF92660B-57A0-46FB-885B-3665D19E3912}" = dir=in | app=c:\program files\acer arcade live\acer homemedia trial creator\acer homemedia trial creator.exe | 

"{CA400290-A962-4669-95F0-71C5F75DF3A5}" = dir=in | app=c:\program files\acer arcade live\acer homemedia connect\kernel\dms\clmsserver.exe | 

"{EB9C78C8-C45B-4B90-80EA-EC8212B374EC}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{001FC252-5D30-956C-D6E3-405B9651B698}" = CCC Help Korean

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{0145ABB1-8F13-D85C-EFA7-16AAFD415F07}" = Catalyst Control Center Localization Chinese Standard

"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0

"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu

"{08091134-5478-4F0E-5A1A-470BE72647ED}" = CCC Help Thai

"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent

"{132888AE-EF67-41C5-BCA2-7D5D2488AB63}" = Acer HomeMedia Connect

"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{18F72BF6-D1B1-04AF-BBB2-EA2BA6F50EDB}" = CCC Help English

"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1

"{1E6F7CFD-5BEB-0828-B1B1-645FA4F292DB}" = Catalyst Control Center Localization Korean

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool

"{2227E1FA-01F5-483C-AB0E-2A308E900B3D}" = InterVideo FilterSDK for Hauppauge

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15

"{27005EDF-E80A-7059-81A3-692051625488}" = Catalyst Control Center Localization French

"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder

"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie

"{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}" = iTunes

"{2D4A265B-8CE4-EF70-0C2A-1271119AA5B3}" = Catalyst Control Center Localization Turkish

"{2EA65C2D-0C11-3D8B-46AE-B9092EE7D64C}" = CCC Help Norwegian

"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component

"{2EB3629F-C98A-F5A3-25C2-D47B0EDF2A7C}" = CCC Help Greek

"{2FA6AE84-DFE1-9651-7AEB-2E8C78E5B97D}" = CCC Help Swedish

"{355D4B62-447F-1654-70EE-5DEB8D11D807}" = Catalyst Control Center Localization Danish

"{37EBDFAC-5900-A0AD-CCE9-9A0DDA5682F9}" = Catalyst Control Center Localization Portuguese

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{41581EF5-45A7-11DA-9D78-000129760D75}" = Acer SlideShow DVD

"{4160DC5B-4C56-D0C3-C5FD-F5BDAD3C882B}" = ATI Catalyst Install Manager

"{41D87F76-0623-B98E-089E-AD0010369AC1}" = ccc-utility

"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger

"{45576B9A-D9A9-CCE2-488F-E74A96FA550B}" = CCC Help Turkish

"{472BC165-1990-1963-7AAD-BD4DAA3F293E}" = CCC Help Finnish

"{4B4C56E5-819C-E1EB-B682-2F3EB3C32D88}" = CCC Help Hungarian

"{4C0F2181-4765-D5C5-B665-52E7722C1D18}" = Catalyst Control Center Localization Japanese

"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack

"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works

"{526B988C-393C-181A-0536-257C6AE70D18}" = CCC Help Portuguese

"{5792B5D9-645A-3309-C848-9BB7A68F1667}" = CCC Help Russian

"{593AF68A-BEDA-BC04-D278-7E020F2E6A6E}" = Catalyst Control Center Localization Dutch

"{5EC29BC7-F0E5-4FA1-864C-D155548B024E}" = Altova StyleVision® 2009  Enterprise Edition

"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call

"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites

"{67ED5CFB-7EBF-AEF2-C5FF-DCF2D2AC5A77}" = Catalyst Control Center Core Implementation

"{687C95B4-4670-DEF1-4585-E11CE3AB7C26}" = CCC Help German

"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin

"{6D4DC170-69D1-7CE8-EF98-6DCDC887FA1C}" = Catalyst Control Center Localization Spanish

"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar

"{75D803F3-2CCA-F91B-F269-1EA77BA56688}" = Catalyst Control Center Localization Chinese Traditional

"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync

"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{7CE727EA-498F-B17F-53B6-C695E134C83C}" = Catalyst Control Center Localization Greek

"{7E70195B-0530-EED3-E8FE-237EC86F989E}" = Catalyst Control Center Localization Polish

"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{88410D8F-8529-492B-B556-2394A29B811B}" = Broadcom Driver Installation Program

"{886607CA-3144-493D-1134-EEAAC8D5AAFD}" = CCC Help French

"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight

"{8A5AEB5F-C533-FD3B-9D35-6FF8BEB91A7E}" = CCC Help Dutch

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{8CB7C96F-22D5-5911-3507-4639ED218CE6}" = CCC Help Polish

"{8FF37D01-3105-690A-C481-06EBED787498}" = Catalyst Control Center Localization Swedish

"{9455959E-D588-EFAE-329C-F66CC797F32A}" = Adobe Media Player

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{97D4EB44-3BD8-F35A-14AE-73FB3B491396}" = Catalyst Control Center Localization Italian

"{99AF8AED-2960-B47B-CAA0-1558B5E78D48}" = CCC Help Danish

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9B5A6F0F-EBEC-85B1-C3C2-07E84A58E0DD}" = Catalyst Control Center Graphics Light

"{9EC9754D-CA34-4293-B5DB-3BD245A88A43}" = ArcSoft MediaImpression

"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175

"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR

"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management

"{A78024C0-8C20-27CB-2B7B-6A60445B61AF}" = Catalyst Control Center Localization Russian

"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper

"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder

"{AA4BF92B-2AAF-11DA-9D78-000129760D75}" = Acer HomeMedia

"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter

"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology

"{AC76BA86-7AD7-1031-7B44-A81300000003}" = Adobe Reader 8.1.3 - Deutsch

"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder

"{B1275E23-717A-4D52-997A-1AD1E24BC7F3}" = T-Online 6.0

"{B145EC69-66F5-11D8-9D75-000129760D75}" = Acer DVDivine

"{B231A9E2-9E9C-9226-E483-DD2D725D1BFE}" = Catalyst Control Center Localization Thai

"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6

"{B580C409-E16F-44FF-904D-3AE94E113BE0}" = Acer HomeMedia Trial Creator

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{B7CBEC53-C913-87E2-D70F-3BABEFB0A080}" = Catalyst Control Center Localization Finnish

"{B92C4887-D617-F6C5-DC4B-94984C23E0ED}" = Catalyst Control Center Graphics Full Existing

"{BD2BA0B1-5448-987E-9562-6C665252714A}" = Catalyst Control Center Localization Norwegian

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{BDC88E5A-F47B-4314-AB38-994592E32C95}" = 802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00

"{C03A4F4C-09A2-ADA3-0DE9-F830F636DD4B}" = CCC Help Spanish

"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update

"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail

"{C6660342-B863-AD6B-3D74-C5466AAF1A5F}" = CCC Help Italian

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CB6075D9-F912-40AE-BEA6-E590DA24F16B}" = Adobe Photoshop Elements 7.0

"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe  1.4.142.1

"{CE65A9A0-9686-45C6-9098-3C9543A412F0}" = Acer eSettings Management

"{D462BF9E-0C35-4705-BF9B-3DF9F3816643}" = Acer ePerformance Management

"{D475C441-82E7-4694-8717-EA8896D6D37A}" = CCC Help Japanese

"{D51FFF33-0F42-72C1-0DFD-220E3B3E4F97}" = CCC Help Chinese Traditional

"{DABC2CCE-5B36-66D2-2CEF-EA2188BE51CF}" = ccc-core-static

"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support

"{DD8E5E2F-2189-3CB5-D048-38102D91C06A}" = Catalyst Control Center Graphics Full New

"{DE247139-8107-31A7-E580-6AFAE183A95F}" = Catalyst Control Center Localization German

"{DEB38E1A-F4E5-4DF0-96F4-4050567A9D09}" = AV Input Selection

"{DFFE2B1F-07E0-45A9-8801-CD8514CAA876}" = Prince of Persia T2T

"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer

"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update

"{E4D15328-8C89-484B-B9AA-F5BE9EA6D01C}" = NVIDIA PhysX v8.10.17

"{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1" = Uniblue RegistryBooster 2010

"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime

"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack

"{E7DA2552-8808-7F25-1A85-AAFDE834CA14}" = CCC Help Czech

"{EB0A38F9-6698-B5D5-949E-E042BBEE763B}" = Catalyst Control Center Localization Hungarian

"{EFBDC2B0-FAA8-4B78-8DE1-AEBE7958FA37}" = Acer Arcade Live Main Page

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F6EFFB76-4A07-11DA-9D78-000129760D75}" = Acer DV Magician

"{F748B133-D25C-14C2-0178-D90703042FDE}" = CCC Help Chinese Standard

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{F79A208D-D929-11D9-9D77-000129760D75}" = Acer VideoMagician

"{F840ACBD-6167-EDD9-FD4D-41A79DF43552}" = Catalyst Control Center Localization Czech

"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials

"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver

"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour

"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites

"Adobe Acrobat 5.0" = Adobe Acrobat 5.0

"Adobe AIR" = Adobe AIR

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Adobe Photoshop Elements 7" = Adobe Photoshop Elements 7.0

"Any Video Converter_is1" = Any Video Converter 2.6.7

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"CloneDVD2" = CloneDVD2

"Defraggler" = Defraggler

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"ERUNT_is1" = ERUNT 1.1j

"Free Studio_is1" = Free Studio version 4.2

"Free Video to Mp3 Converter_is1" = Free Video to Mp3 Converter version 3.1

"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7

"Google Desktop" = Google Desktop

"Graboid Video" = Graboid Video 1.65

"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2

"InstallShield_{BDC88E5A-F47B-4314-AB38-994592E32C95}" = 802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00

"KLiteCodecPack_is1" = K-Lite Codec Pack 5.3.0 (Full)

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)

"RealPlayer 12.0" = RealPlayer

"Replay Media Catcher 3.11" = Replay Media Catcher 3.11

"Sandlot Games Client Services 1.2.2_is1" = Sandlot Games Client Services 1.2.2

"Shockwave" = Shockwave

"Tastenteufel" = Tastenteufel

"Uninstall_is1" = Uninstall 1.0.0.1

"VLC media player" = VideoLAN VLC media player 0.8.6d

"VTPlus32 für WinTV (German)" = VTPlus32 für WinTV (German)

"Winamp" = Winamp

"WinLiveSuite_Wave3" = Windows Live Essentials

"WinRAR archiver" = WinRAR

 
 ========== HKEY_CURRENT_USER Uninstall List ==========

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.

"Winamp Detect" = Winamp Erkennungs-Plug-in

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 13.04.2011 10:17:06 | Computer Name = AssiGammelKeks | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung plugin-container.exe, Version 1.9.2.4095, Zeitstempel

 0x4d852c62, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18327, Zeitstempel 0x4cb73436,

 Ausnahmecode 0xc0000005, Fehleroffset 0x00048822,  Prozess-ID 0x1548, Anwendungsstartzeit

 01cbf9e3ecdb9d0a.

 

Error - 13.04.2011 11:44:31 | Computer Name = AssiGammelKeks | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung wmplayer.exe, Version 11.0.6002.18311, Zeitstempel

 0x4c8e2d72, fehlerhaftes Modul ASAudio.ax, Version 1.3.1.99, Zeitstempel 0x479055c1,

 Ausnahmecode 0xc0000005, Fehleroffset 0x00010876,  Prozess-ID 0x1458, Anwendungsstartzeit

 01cbf9f196be71fa.

 

Error - 13.04.2011 16:18:33 | Computer Name = AssiGammelKeks | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.19019, Zeitstempel

 0x4d0c3d4c, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,

 Ausnahmecode 0xc0000005, Fehleroffset 0x00000000,  Prozess-ID 0x160c, Anwendungsstartzeit

 01cbfa17ea13ccda.

 

Error - 13.04.2011 16:18:36 | Computer Name = AssiGammelKeks | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.19019, Zeitstempel

 0x4d0c3d4c, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000,

 Ausnahmecode 0xc0000005, Fehleroffset 0x00000000,  Prozess-ID 0x17e4, Anwendungsstartzeit

 01cbfa17f5e1587a.

 

Error - 13.04.2011 17:30:18 | Computer Name = AssiGammelKeks | Source = Application Hang | ID = 1002

Description = Programm firefox.exe, Version 1.9.2.4095 arbeitet nicht mehr mit Windows

 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen

 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem

 zu suchen.  Prozess-ID: 1778  Anfangszeit: 01cbf9efbb78ad0a  Zeitpunkt der Beendigung:

 175

 

Error - 14.04.2011 09:32:53 | Computer Name = AssiGammelKeks | Source = Application Hang | ID = 1002

Description = Programm firefox.exe, Version 1.9.2.4095 arbeitet nicht mehr mit Windows

 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen

 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem

 zu suchen.  Prozess-ID: 64c  Anfangszeit: 01cbfaa6c5592324  Zeitpunkt der Beendigung:

 11

 

Error - 14.04.2011 11:09:50 | Computer Name = AssiGammelKeks | Source = Application Hang | ID = 1002

Description = Programm firefox.exe, Version 1.9.2.4095 arbeitet nicht mehr mit Windows

 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen

 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem

 zu suchen.  Prozess-ID: 6dc  Anfangszeit: 01cbfab14a6c7994  Zeitpunkt der Beendigung:

 14

 

Error - 14.04.2011 17:11:20 | Computer Name = AssiGammelKeks | Source = Application Hang | ID = 1002

Description = Programm firefox.exe, Version 1.9.2.4095 arbeitet nicht mehr mit Windows

 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen

 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem

 zu suchen.  Prozess-ID: 1750  Anfangszeit: 01cbfae7c35e5404  Zeitpunkt der Beendigung:

 23

 

Error - 14.04.2011 17:58:48 | Computer Name = AssiGammelKeks | Source = Application Hang | ID = 1002

Description = Programm firefox.exe, Version 1.9.2.4095 arbeitet nicht mehr mit Windows

 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen

 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem

 zu suchen.  Prozess-ID: fd4  Anfangszeit: 01cbfaece3ced344  Zeitpunkt der Beendigung:

 14

 

Error - 14.04.2011 17:58:49 | Computer Name = AssiGammelKeks | Source = Application Error | ID = 1000

Description = Fehlerhafte Anwendung plugin-container.exe, Version 1.9.2.4095, Zeitstempel

 0x4d852c62, fehlerhaftes Modul ntdll.dll, Version 6.0.6002.18327, Zeitstempel 0x4cb73436,

 Ausnahmecode 0xc0000005, Fehleroffset 0x00048822,  Prozess-ID 0x10c, Anwendungsstartzeit

 01cbfaeced18e854.

 

[ System Events ]

Error - 20.04.2011 04:19:37 | Computer Name = AssiGammelKeks | Source = atikmdag | ID = 43033

Description = Edid checksum error

 

Error - 20.04.2011 11:14:27 | Computer Name = AssiGammelKeks | Source = atikmdag | ID = 43033

Description = Edid checksum error

 

Error - 20.04.2011 16:27:28 | Computer Name = AssiGammelKeks | Source = Service Control Manager | ID = 7034

Description = 

 

Error - 20.04.2011 16:32:21 | Computer Name = AssiGammelKeks | Source = atikmdag | ID = 43033

Description = Edid checksum error

 

Error - 20.04.2011 16:32:21 | Computer Name = AssiGammelKeks | Source = atikmdag | ID = 43037

Description = 

 

Error - 20.04.2011 16:32:21 | Computer Name = AssiGammelKeks | Source = atikmdag | ID = 43033

Description = Edid checksum error

 

Error - 20.04.2011 16:39:53 | Computer Name = AssiGammelKeks | Source = Service Control Manager | ID = 7034

Description = 

 

Error - 20.04.2011 16:44:15 | Computer Name = AssiGammelKeks | Source = Service Control Manager | ID = 7030

Description = 

 

Error - 20.04.2011 16:50:21 | Computer Name = AssiGammelKeks | Source = Service Control Manager | ID = 7030

Description = 

 

Error - 20.04.2011 16:54:42 | Computer Name = AssiGammelKeks | Source = Service Control Manager | ID = 7030

Description = 

 

 

< End of report >

--- --- ---

Gruß,
Shinichi

PS.: Ich konnte Veränderungen unter deinem Namen feststellen. Anstelle von TB-Senior steht nun MalwareTeam, hat da etwa jemand seine Ausbildung erfolgreich abgeschlossen? Wenn ich mit meiner Vermutung richtig liege möchte ich dir hiermit gratulieren. :applaus::applaus::applaus:

Hallo Shinichi,

Nun kümmern wir uns noch um ein paar Reste. :)

Schritt # 1: Fix mit OTL

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die http://larusso.trojaner-board.de/Images/otlfix.jpg Textbox.

Code:

:OTL

FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"

FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=98cfdf4f00000000000000ff982a88c7&tlver=1.4.19.19&instlRef=sst&ss=1&affID=17395&q="

[2008.09.04 02:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npbittorrent.dll

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
 

:files

C:\Programme\BitTorrent

C:\Programme\DNA

C:\Programme\DVDVideoSoft

C:\DVDVideoSoft

C:\Users\Melissa\AppData\Roaming\uTorrent

C:\Users\Melissa\AppData\Roaming\Uniblue
 

:reg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\BitTorrent\bittorrent.exe" =-

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

"{49E4D65D-DEF5-49DD-B6B4-D4518F3F07E1}" =-

"{4C880794-BF1D-4C44-AD3C-3FD4250E5173}" =-
 

:commands

[Reboot]

Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt # 2: Beantwortung von Fragen

Zitat:

Ich konnte Veränderungen unter deinem Namen feststellen. Anstelle von TB-Senior steht nun MalwareTeam, hat da etwa jemand seine Ausbildung erfolgreich abgeschlossen? Wenn ich mit meiner Vermutung richtig liege möchte ich dir hiermit gratulieren.

Du liegst richtig mit deiner Vermutung. Vielen Dank für die Gratulation. :daumenhoc

Bitte beantworte mir folgende Fragen:

Starte Firefox -> Wähle unter Extras -> Add-ons aus. Welche Addons werden dir angezeigt? Liste sie mir bitte auf.
Bekommst du immer noch beim Start des Rechners die Fehlermeldung, dass die Datei C:\Users\Melissa\AppData\Local\Temp\hdwwdial.dll nicht gefunden werden konnte?
Hast du immer noch die Probleme, dass Firefox nach einer gewissen Zeit nicht mehr reagiert?
Kommt diese Fehlermeldung auch noch?

Zitat:

Neu ist eine Problemmeldung (ebenfalls nach dem Hochfahren) "[Java Skript-Anwendung] Reference Error:bbyln is not defined".

Vielen Dank.

Schritt # 3: Systemscan mit OTL

Starte bitte OTL.exe und drücke den Quick Scan Button.
Poste die OTL.txt hier in deinen Thread.

Schritt # 4: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort

das Logfile des OTL-Fix,
die Beantwortung der gestellten Fragen und
das neue Logfile von OTL (OTL.txt).

Hallo M-K-D-B,

die OTL-Fixfile konnte ich nicht auf meinem Desktop finden und auch

Zitat:

C:\_OTL\MovedFiles\<time_date>.txt

konnte nichts daran ändern, obwohl ich Fix mit OTL wie vorgeben durchgeführt habe.

Zitat:

C:\Users\Melissa\AppData\Local\Temp\hdwwdial.dll

und

Zitat:

[Java Skript-Anwendung] Reference Error:bbyln is not defined

werden mir nicht mehr bei einem Neustart meines Rechners angegeben. Auch Firefox funktioniert wieder optimal.

Zu den Add-ons:
4.0
Java Console 6.0.15
Microsoft. NET Framework Assistent 1.2.1
RadioBar Toolbar 1.0.0
RealPlayer Browser Record
Veoh Video Compass 1.5.2
Veoh Web Player Video Finder 1.4
Yahoo! Toolbar 2.1.1.20091029021655

OTL Logfile:

Code:

OTL logfile created on: 23.04.2011 13:43:04 - Run 4

OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Melissa\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 48,00% Memory free

4,00 Gb Paging File | 3,00 Gb Available in Paging File | 68,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 144,29 Gb Total Space | 54,38 Gb Free Space | 37,68% Space Free | Partition Type: NTFS

Drive D: | 144,04 Gb Total Space | 142,65 Gb Free Space | 99,04% Space Free | Partition Type: NTFS

Drive G: | 298,01 Gb Total Space | 127,87 Gb Free Space | 42,91% Space Free | Partition Type: FAT32

Drive J: | 931,28 Gb Total Space | 43,52 Gb Free Space | 4,67% Space Free | Partition Type: FAT32

 

Computer Name: ASSIGAMMELKEKS | User Name: Melissa | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Melissa\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

PRC - C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation)

PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)

PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

PRC - C:\Programme\Replay Media Catcher\FLVSrvc.exe (Applian Technologies, Inc.)

PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)

PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)

PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Windows\System32\DivXsm.exe (DivX Inc.)

PRC - D:\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)

PRC - C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)

PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)

PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)

PRC - C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)

PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()

PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()

PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)

PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)

PRC - C:\Programme\Common Files\Marmiko Shared\MWLaMaS.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)

PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)

PRC - C:\Programme\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00\WlanCU.exe ()

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Users\Melissa\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (AdobeActiveFileMonitor7.0) -- D:\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)

SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)

SRV - (Acer HomeMedia Connect Service) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()

SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()

SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)

SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)

DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))

DRV - (hcw95rc) -- C:\Windows\System32\drivers\hcw95rc.sys (Hauppauge Computer Works, Inc.)

DRV - (hcw95bda) -- C:\Windows\System32\drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.)

DRV - (zntport) -- C:\Windows\System32\drivers\zntport.sys (Zeal SoftStudio)

DRV - (tvicport) -- C:\Windows\System32\drivers\TVicPort.sys (EnTech Taiwan)

DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)

DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)

DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )

DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology (StarForce))

DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()

DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)

DRV - (MTOnlPktAlyX) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)

DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology)

DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))

DRV - (SIS163u) -- C:\Windows\System32\drivers\SiS163u.sys (SiS Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=1008&m=aspire_l5100

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=1008&m=aspire_l5100

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultthis.engineName: "Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316"

FF - prefs.js..browser.startup.homepage: "google.de"

FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0

FF - prefs.js..extensions.enabledItems: radiobar@toolbar:1.0.0

FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.2

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655

FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0

FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4

 

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.12 18:27:39 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.23 12:55:30 | 000,000,000 | ---D | M]

 

[2009.01.19 23:00:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melissa\AppData\Roaming\mozilla\Extensions

[2011.04.23 13:01:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions

[2010.07.09 10:27:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.03.14 11:54:26 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2011.01.25 12:30:40 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2010.03.28 22:07:49 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\illimitux@illimitux.net

[2010.01.30 16:48:09 | 000,000,000 | ---D | M] (RadioBar Toolbar) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\radiobar@toolbar

[2010.02.07 02:10:02 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\searchrecs@veoh.com

[2011.01.25 12:30:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\staged-xpis

[2011.04.06 22:52:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2010.02.16 21:00:29 | 000,000,000 | ---D | M] (VMLoad) -- C:\Programme\Mozilla Firefox\extensions\{464F169E-ACE1-4C5F-A778-A433A3DABBAE}

[2009.08.15 23:40:15 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

[2009.12.06 21:44:35 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD\FIREFOX\EXT

[2009.01.20 12:30:15 | 000,000,000 | ---D | M] (Veoh Web Player Video Finder) -- C:\PROGRAM FILES\VEOH NETWORKS\VEOHWEBPLAYER\FFVIDEOFINDER

[2010.05.25 18:09:48 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll

[2011.03.06 00:27:43 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2011.03.06 00:27:43 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2011.03.06 00:27:43 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2011.03.06 00:27:43 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2011.03.06 00:27:43 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2011.04.20 22:54:40 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (VMLoadHBO Class) - {C17C7688-31D1-46D7-8C9B-5D253E4F5D5E} - C:\Users\Melissa\AppData\Roaming\VMLoad\addin\VMLoad.dll (TODO: <Company name>)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Programme\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [Ask and Record FLV Service] C:\Program Files\Replay Media Catcher\FLVSrvc.exe (Applian Technologies, Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)

O4 - HKLM..\Run: [PCMMediaSharing] C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [StartCCC] c:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()

O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)

O4 - HKCU..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)

O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Secret City - {D401C3A2-12EF-4D1D-A086-F3AB10B565BF} -  File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O12 - Plugin for: .spop -  File not found

O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)

O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)

O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)

O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Melissa\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\Melissa\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2006.11.03 12:58:30 | 000,000,038 | -H-- | M] () - G:\AUTORUN.FCB -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.04.20 22:59:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2011.04.20 22:42:38 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2011.04.20 22:42:38 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2011.04.20 22:42:38 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2011.04.20 22:42:34 | 000,000,000 | ---D | C] -- C:\ComboFix

[2011.04.20 22:40:07 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011.04.20 22:39:50 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe

[2011.04.20 22:27:26 | 000,000,000 | ---D | C] -- C:\_OTL

[2011.04.17 21:57:10 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2011.04.17 21:55:23 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT

[2011.04.17 21:55:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

[2011.04.17 21:30:47 | 000,791,393 | ---- | C] (Lars Hederer                                                ) -- C:\Users\Melissa\Desktop\Erunt-setup.exe

[2011.04.17 21:30:47 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Melissa\Desktop\TFC.exe

[2011.04.17 20:51:30 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Melissa\Desktop\OTL.exe

[2011.04.15 15:11:24 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Roaming\Malwarebytes

[2011.04.15 15:11:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011.04.15 15:11:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.04.15 15:11:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.04.15 15:11:13 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011.04.15 15:11:13 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2011.04.13 12:51:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler

[2011.04.13 12:51:30 | 000,000,000 | ---D | C] -- C:\Programme\Defraggler

[2011.04.13 12:36:09 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2009.01.19 22:11:52 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe

[2008.09.30 06:55:45 | 000,049,152 | ---- | C] ( ) -- C:\Windows\INTEROP.IWSHRUNTIMELIBRARY.DLL

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.04.23 13:14:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011.04.23 12:59:20 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011.04.23 12:57:35 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011.04.23 12:57:35 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011.04.23 12:57:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.04.23 12:57:16 | 1876,447,232 | -HS- | M] () -- C:\hiberfil.sys

[2011.04.22 18:45:58 | 000,014,336 | ---- | M] () -- C:\Users\Melissa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.04.20 23:33:07 | 000,674,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2011.04.20 23:33:07 | 000,634,202 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011.04.20 23:33:07 | 000,146,028 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2011.04.20 23:33:07 | 000,119,766 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011.04.20 22:54:40 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2011.04.20 22:37:54 | 004,325,372 | R--- | M] () -- C:\Users\Melissa\Desktop\ComboFix.exe

[2011.04.20 00:26:48 | 000,040,504 | ---- | M] () -- C:\Users\Melissa\Desktop\Malvada.odt

[2011.04.19 19:33:17 | 000,050,477 | ---- | M] () -- C:\Users\Melissa\Desktop\Defogger.exe

[2011.04.19 18:49:41 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE

[2011.04.17 21:55:23 | 000,000,737 | ---- | M] () -- C:\Users\Melissa\Desktop\NTREGOPT.lnk

[2011.04.17 21:55:23 | 000,000,718 | ---- | M] () -- C:\Users\Melissa\Desktop\ERUNT.lnk

[2011.04.17 21:39:24 | 000,301,568 | ---- | M] () -- C:\Users\Melissa\Desktop\g2m3e4r.exe

[2011.04.17 21:39:23 | 000,791,393 | ---- | M] (Lars Hederer                                                ) -- C:\Users\Melissa\Desktop\Erunt-setup.exe

[2011.04.17 21:39:18 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Melissa\Desktop\TFC.exe

[2011.04.17 21:39:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Melissa\Desktop\OTL.exe

[2011.04.17 21:28:35 | 000,377,280 | ---- | M] () -- C:\Users\Melissa\Desktop\Load.exe

[2011.04.16 11:30:08 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat

[2011.04.16 11:30:08 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat

[2011.04.16 11:30:00 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf

[2011.04.15 15:11:18 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.04.15 03:30:24 | 000,328,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011.04.13 12:51:32 | 000,001,706 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk

[2011.04.11 20:43:57 | 092,643,550 | ---- | M] () -- C:\Users\Melissa\Documents\Megavideo.com - 2828C2AF60C2BB..C2AB5BNeverAlone5DC2BB..C2ABC2B4C2AF2929.flv

[2011.04.06 22:35:33 | 000,000,054 | ---- | M] () -- C:\Windows\mpsettings.ini

 
 ========== Files Created - No Company Name ==========

 

[2011.04.20 22:42:38 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe

[2011.04.20 22:42:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2011.04.20 22:42:38 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe

[2011.04.20 22:42:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2011.04.20 22:42:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2011.04.20 22:35:23 | 004,325,372 | R--- | C] () -- C:\Users\Melissa\Desktop\ComboFix.exe

[2011.04.19 19:33:16 | 000,050,477 | ---- | C] () -- C:\Users\Melissa\Desktop\Defogger.exe

[2011.04.19 18:49:40 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE

[2011.04.18 21:23:54 | 000,040,504 | ---- | C] () -- C:\Users\Melissa\Desktop\Malvada.odt

[2011.04.17 21:55:23 | 000,000,737 | ---- | C] () -- C:\Users\Melissa\Desktop\NTREGOPT.lnk

[2011.04.17 21:55:23 | 000,000,718 | ---- | C] () -- C:\Users\Melissa\Desktop\ERUNT.lnk

[2011.04.17 21:30:47 | 000,301,568 | ---- | C] () -- C:\Users\Melissa\Desktop\g2m3e4r.exe

[2011.04.17 21:28:35 | 000,377,280 | ---- | C] () -- C:\Users\Melissa\Desktop\Load.exe

[2011.04.16 11:30:00 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf

[2011.04.15 15:11:18 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.04.13 12:51:32 | 000,001,706 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk

[2011.04.11 20:43:58 | 092,643,550 | ---- | C] () -- C:\Users\Melissa\Documents\Megavideo.com - 2828C2AF60C2BB..C2AB5BNeverAlone5DC2BB..C2ABC2B4C2AF2929.flv

[2011.04.06 22:35:33 | 000,000,054 | ---- | C] () -- C:\Windows\mpsettings.ini

[2010.08.13 11:30:19 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI

[2010.06.14 19:12:53 | 000,000,130 | ---- | C] () -- C:\Windows\System32\rpireica.bin

[2009.11.12 20:27:13 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2009.11.12 20:27:13 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2009.11.12 20:27:08 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2009.11.12 20:27:07 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2009.11.12 20:27:06 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2009.11.09 19:19:44 | 000,000,000 | ---- | C] () -- C:\Windows\System32\swunilog.ini

[2009.11.04 23:47:55 | 000,237,568 | ---- | C] () -- C:\Windows\System32\rmc_rtspdl.dll

[2009.09.24 06:17:18 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009.09.24 06:17:17 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009.09.02 06:57:23 | 000,007,268 | ---- | C] () -- C:\Users\Melissa\AppData\Local\d3d9caps.dat

[2009.07.02 13:51:39 | 000,006,550 | ---- | C] () -- C:\Windows\jautoexp.dat

[2009.02.10 19:22:57 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib

[2009.01.28 20:46:28 | 000,000,096 | ---- | C] () -- C:\Users\Melissa\AppData\Roaming\wklnhst.dat

[2009.01.20 13:05:11 | 000,000,399 | ---- | C] () -- C:\Windows\vtplus32.ini

[2009.01.20 13:05:01 | 000,149,504 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE

[2009.01.20 13:04:31 | 000,032,295 | ---- | C] () -- C:\Windows\Irremote.ini

[2009.01.20 13:04:21 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dmcrypto.dll

[2009.01.20 13:03:53 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI

[2009.01.20 13:03:53 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI

[2009.01.20 13:03:51 | 000,163,840 | ---- | C] () -- C:\Windows\System32\hcwChDB.dll

[2009.01.20 13:02:53 | 000,006,315 | ---- | C] () -- C:\Windows\HCWPNP.INI

[2009.01.20 00:02:56 | 000,014,336 | ---- | C] () -- C:\Users\Melissa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.01.19 23:11:52 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2009.01.19 22:39:59 | 000,000,095 | ---- | C] () -- C:\Users\Melissa\AppData\Local\fusioncache.dat

[2009.01.19 22:11:52 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe

[2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll

[2008.11.06 18:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll

[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll

[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll

[2008.10.06 06:48:51 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini

[2008.10.06 06:48:51 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini

[2008.01.21 09:15:58 | 000,674,344 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2008.01.21 09:15:58 | 000,146,028 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2007.04.11 19:30:48 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll

[2007.04.11 17:09:20 | 000,000,734 | ---- | C] () -- C:\Windows\generic.ini

[2007.04.11 17:09:20 | 000,000,125 | ---- | C] () -- C:\Windows\Alaunch.ini

[2007.04.11 17:07:33 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat

[2007.04.11 17:07:33 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2007.04.11 17:07:32 | 000,144,773 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2007.04.11 09:20:03 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys

[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 14:47:37 | 000,328,032 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006.11.02 12:33:01 | 000,634,202 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006.11.02 12:33:01 | 000,119,766 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2005.01.06 15:04:00 | 000,049,152 | ---- | C] () -- C:\Windows\System32\unwlsdrv.exe

[2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll

[2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll

[2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll

[2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

[1997.06.14 13:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

 
 ========== LOP Check ==========

 

[2007.04.11 08:32:30 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Acer GameZone Console

[2011.04.11 21:09:32 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Any Video Converter

[2009.11.13 18:01:01 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Blitware

[2009.01.29 23:08:16 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Canneverbe_Limited

[2011.03.13 18:28:27 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\CD Art Display

[2009.06.30 18:35:13 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\DAEMON Tools Lite

[2009.11.05 23:11:46 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\InterTrust

[2010.09.24 00:16:01 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Leadertech

[2010.05.20 00:30:37 | 000,000,000 | -HSD | M] -- C:\Users\Melissa\AppData\Roaming\lowsec

[2009.04.25 11:37:51 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\OpenOffice.org

[2009.01.19 22:37:18 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\T-Online

[2009.03.04 20:54:32 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\Template

[2011.04.06 22:58:40 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\VMLoad

[2010.10.29 10:35:47 | 000,000,000 | ---D | M] -- C:\Users\Melissa\AppData\Roaming\WindSolutions

[2011.04.23 12:56:07 | 000,032,584 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 
 

< End of report >

--- --- ---

Entschuldige, dass ich für meine Antwort so lange gebraucht habe und nochmals vielen Dank.

Gruß
Shinichi

Hallo Shinichi,

Es freut mich, dass zwei Fehlermeldungen schon verschwunden sind.

Zitat:

Entschuldige, dass ich für meine Antwort so lange gebraucht habe...

Ist ok. :)

Zitat:

...und nochmals vielen Dank.

Gern geschehen. Aber wir sind noch nicht ganz fertig. ;)

Schritt # 1: CFScript mit ComboFix ausführen
Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter:

BleepingComputer.com - ForoSpyware.com

und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die Windows + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

Code:

Folder::

C:\Users\Melissa\AppData\Roaming\lowsec
 

FireFox::

FF - ProfilePath - c:\users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\ne30dex4.default\

FF - prefs.js: browser.search.defaulturl - http://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}

Speichere dies als CFScript.txt auf Deinem Desktop.

Wichtig:

Stelle deine Anti Viren Software temprär ab. Dies kann ComboFix nämlich bei der Arbeit behindern.
Danach wieder anstellen nicht vergessen!
Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein.
Dies kann dazu führen, dass ComboFix sich aufhängt.
Schließe alle laufenden Programme. Gehe sicher das ComboFix ungehindert arbeiten kann.
Mache nichts am PC solange ComboFix läuft.

http://i266.photobucket.com/albums/i.../CFScriptB.gif

In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.

Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.

Schritt # 2: Kontrollscan mit Malwarebytes' Anti-Malware (MBAM)

Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Schritt # 3: Java deinstallieren/neu installieren

Schließe alle Internet Browser.
Folge dem Pfad: Start -> Systemsteuerung -> Programme deinstallieren
Deinstalliere bitte Java(TM) 6 Update 15
Lade dir anschließend Java(TM) 6 Update 25 von hier auf deinen Desktop.
Installiere anschließend die neue Version mit Rechtsklick -> Als Administrator ausführen

Schritt # 4: Wichtige Updates

Deinstalliere bitte deine aktuelle Version von Adobe Reader:
Start --> Systemsteuerung --> Programme deinstallieren --> Adobe Reader
und lade dir die neue Version von Hier herunter.
Entferne den Hacken für den McAfee SecurityScan.
Als alternative würde ich dir den schlankeren Foxit Reader empfehlen :)

Schritt # 5: ESET Online Scanner
Bitte während des Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.

Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
Dein Anti-Virus-Programm während des Scans deaktivieren.

Button http://img695.imageshack.us/img695/1599/eset1l.jpg (<< klick) drücken.
- Firefox-User:
  Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
- IE-User:
  müssen das Installieren eines ActiveX Elements erlauben.
Setze den einen Haken bei Yes, i accept the Terms of Use.
Drücke den http://img707.imageshack.us/img707/687/starteg.jpg Button.
Warte bis die Komponenten herunter geladen wurden.
Setze einen Haken bei "Scan archives".
Gehe sicher das bei Remove Found Threads kein Haken gesetzt ist.
http://img707.imageshack.us/img707/687/starteg.jpg drücken.
Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.

Wenn der Scan beendet wurde

Klicke Finish.
Browser schließen.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
Logfile hier posten.

Schritt # 6: Systemscan mit OTL

Starte bitte OTL.exe.
Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.

Schritt # 7: Durchführung einer Sicherheitskontrolle
Downloade Dir bitte SecurityCheck

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS- Box.
Wenn der Scan beendet wurde, sollte sich ein Textdokument ( checkup.txt ) öffnen.
Poste den Inhalt bitte hier.

Schritt # 8: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort

das Logfile von ComboFix,
das Logfile von MBAM,
das Logfile des ESET Online Scanners,
die beiden neuen Logfiles von OTL (OTL.txt und Extras.txt) und
das Logfile von SecurityCheck.

Ach schon wieder eine so späte Antwort von mir grrr... . :headbang:

Hallo M-K-D-B,

Combofix Logfile:

Code:

ComboFix 11-04-23.02 - Melissa 24.04.2011  17:43:37.2.2 - x86

Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.1791.1077 [GMT 2:00]

ausgeführt von:: c:\users\Melissa\Desktop\ComboFix.exe

Benutzte Befehlsschalter :: c:\users\Melissa\Desktop\CFScript.txt

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Melissa\AppData\Roaming\lowsec

c:\users\Melissa\AppData\Roaming\lowsec\local.ds

c:\users\Melissa\AppData\Roaming\lowsec\user.ds

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-03-24 bis 2011-04-24  ))))))))))))))))))))))))))))))

.

.

2011-04-24 15:53 . 2011-04-24 15:53        --------        d-----w-        c:\users\Default\AppData\Local\temp

2011-04-22 09:05 . 2011-04-11 07:04        7071056        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{9CE1489B-8C67-4389-9C4E-174291BB3AA8}\mpengine.dll

2011-04-20 20:27 . 2011-04-20 20:27        --------        d-----w-        C:\_OTL

2011-04-19 16:49 . 2011-04-19 16:49        2560        ----a-w-        c:\windows\_MSRSTRT.EXE

2011-04-17 19:55 . 2011-04-17 19:55        --------        d-----w-        c:\program files\ERUNT

2011-04-15 13:11 . 2011-04-15 13:11        --------        d-----w-        c:\users\Melissa\AppData\Roaming\Malwarebytes

2011-04-15 13:11 . 2010-12-20 16:09        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2011-04-15 13:11 . 2011-04-15 13:11        --------        d-----w-        c:\programdata\Malwarebytes

2011-04-15 13:11 . 2011-04-15 13:11        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2011-04-15 13:11 . 2010-12-20 16:08        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-04-14 00:05 . 2011-02-02 16:11        222080        ------w-        c:\windows\system32\MpSigStub.exe

2011-04-13 10:51 . 2011-04-13 10:51        --------        d-----w-        c:\program files\Defraggler

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-02-22 14:13 . 2011-03-23 12:14        288768        ----a-w-        c:\windows\system32\XpsGdiConverter.dll

2011-02-22 13:33 . 2011-03-23 12:14        1068544        ----a-w-        c:\windows\system32\DWrite.dll

2011-02-22 13:33 . 2011-03-23 12:14        797696        ----a-w-        c:\windows\system32\FntCache.dll

2010-09-09 23:35 . 2009-11-02 17:57        119808        ----a-w-        c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]

@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"

[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]

2008-03-04 21:38        121392        ----a-w-        c:\acer\Empowering Technology\eDataSecurity\x86\PSDProtect.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

"T-Online_Software_6\WLAN-Access Finder"="c:\program files\T-Online\WLAN-Access Finder\ToWLaAcF.exe" [2008-04-08 671796]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]

"PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2008-01-25 204908]

"RtHDVCpl"="RtHDVCpl.exe" [2007-06-20 4493312]

"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\x86\eDSloader.exe" [2008-03-04 526896]

"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]

"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-09 30192]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-15 149280]

"Ask and Record FLV Service"="c:\program files\Replay Media Catcher\FLVSrvc.exe" [2009-09-22 156672]

"Skytel"="Skytel.exe" [2007-06-15 1826816]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"InfoCockpit"="c:\program files\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE" [2009-04-29 268800]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AutoStart IR.lnk - c:\program files\WinTV\Ir.exe [2009-1-20 110647]

Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-4-11 535336]

Wireless Configuration Utility HW.32.lnk - c:\windows\Installer\{BDC88E5A-F47B-4314-AB38-994592E32C95}\NewShortcut1.exe [2009-11-5 40960]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^Melissa^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.0.lnk]

path=c:\users\Melissa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk

backup=c:\windows\pss\OpenOffice.org 3.0.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]

%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acer Empowering Technology Monitor]

2008-01-09 16:43        326176        ----a-w-        c:\acer\Empowering Technology\SysMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-10-15 00:04        39792        ----a-w-        c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]

2009-04-02 04:00        203928        ----a-w-        c:\program files\Alcohol Soft\Alcohol 120\AxCmd.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]

2009-04-23 13:51        691656        ----a-w-        d:\daemon tools lite\daemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InfoCockpit]

2009-04-29 14:11        268800        ------w-        c:\program files\T-Online\T-Online_Software_6\Info-Cockpit\ic_start.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2010-09-24 00:10        421160        ----a-w-        c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2009-07-26 15:44        3883840        ----a-w-        c:\program files\Windows Live\Messenger\msnmsgr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-09-08 09:17        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2009-12-06 19:43        198160        ----a-w-        c:\program files\Common Files\Real\Update_OB\realsched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]

2010-01-26 17:46        2633976        ----a-w-        c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;D:\PhotoshopElementsFileAgent.exe [2008-09-16 169312]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-06-11 136176]

R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2010-09-09 30192]

R3 hcw95bda;Hauppauge MOD7700 Tuner Driver;c:\windows\system32\Drivers\hcw95bda.sys [2008-04-17 560640]

R3 hcw95rc;Hauppauge MOD7700 IR Driver;c:\windows\system32\DRIVERS\hcw95rc.sys [2008-04-17 15616]

R3 MTOnlPktAlyX;MTOnlPktAlyX NDIS Protocol Driver;c:\progra~1\T-Online\T-ONLI~1\BASIS-~1\Basis1\MTOnlPktAlyX.SYS [2006-10-09 17536]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-06-29 721904]

S2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [2008-01-25 269448]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]

S3 SIS163u;SiS 163 usb Wireless LAN Adapter Driver;c:\windows\system32\DRIVERS\sis163u.sys [2004-10-01 162304]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

LocalServiceAndNoImpersonation        REG_MULTI_SZ           FontCache

.

Inhalt des "geplante Tasks" Ordners

.

2011-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-11 13:57]

.

2011-04-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-11 13:57]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=1008&m=aspire_l5100

mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=1008&m=aspire_l5100

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html

IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: {{D401C3A2-12EF-4D1D-A086-F3AB10B565BF} - c:\progra~1\SECRET~1\\SECRET~1.EXE

DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab

FF - ProfilePath - c:\users\Melissa\AppData\Roaming\Mozilla\Firefox\Profiles\ne30dex4.default\

FF - prefs.js: browser.startup.homepage - google.de

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

FF - Ext: Illimitux: illimitux@illimitux.net - %profile%\extensions\illimitux@illimitux.net

FF - Ext: RadioBar Toolbar: radiobar@toolbar - %profile%\extensions\radiobar@toolbar

FF - Ext: Veoh Video Compass: searchrecs@veoh.com - %profile%\extensions\searchrecs@veoh.com

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\Real\RealPlayer\browserrecord\firefox\ext

FF - Ext: Veoh Web Player Video Finder: web@veoh.com - c:\program files\Veoh Networks\VeohWebPlayer\FFVideoFinder

FF - user.js: network.cookie.cookieBehavior - 0

FF - user.js: privacy.clearOnShutdown.cookies - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: security.warn_viewing_mixed.show_once - false

FF - user.js: security.warn_submit_insecure - false

FF - user.js: security.warn_submit_insecure.show_once - false

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2011-04-24 17:53

Windows 6.0.6002 Service Pack 2 NTFS

.

Scanne versteckte Prozesse... 

.

Scanne versteckte Autostarteinträge... 

.

Scanne versteckte Dateien... 

.

Scan erfolgreich abgeschlossen

versteckte Dateien: 0

.

**************************************************************************

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-2682020467-2822555498-3201927298-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{E897DF62-4ADE-08CB-C801-BCB81C0CEA07}*]

"hapjlkfbdnghfncc"=hex:6b,61,62,67,67,61,6c,69,63,64,6c,6c,65,6b,69,70,6a,6b,

   6f,63,67,6b,00,00

.

Zeit der Fertigstellung: 2011-04-24  17:57:37

ComboFix-quarantined-files.txt  2011-04-24 15:57

.

Vor Suchlauf: 18 Verzeichnis(se), 56.358.625.280 Bytes frei

Nach Suchlauf: 19 Verzeichnis(se), 56.336.216.064 Bytes frei

.

- - End Of File - - 7EFDB1B9A9A9D47E13EF8FFF143BD1BF

--- --- ---

Zitat:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6433

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

24.04.2011 19:48:21
mbam-log-2011-04-24 (19-48-21).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 166636
Laufzeit: 4 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Zitat:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=b3f05047dbdcca44a8cbdd5842a6f8ea
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-04-26 08:24:04
# local_time=2011-04-26 10:24:04 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1797 16775165 100 94 284801 76499151 0 0
# compatibility_mode=5892 16776573 100 100 38461 141373764 0 0
# compatibility_mode=8192 67108863 100 0 234 234 0 0
# scanned=246801
# found=4
# cleaned=0
# scan_time=8408
C:\Program Files\Windows Live\Messenger\msimg32.dll Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\Windows Live\Messenger\riched20.dll Win32/Toolbar.MyWebSearch application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Melissa\Downloads\Neuer Ordner\HSS-1.37-install-anchorfree-76-conduit.exe a variant of Win32/HotSpotShield application (unable to clean) 00000000000000000000000000000000 I
G:\Spiele\simcity\4dhotel\3D Sexvilla 2.058.002\3d_Sexvilla_2.058.002.exe multiple threats (unable to clean) 00000000000000000000000000000000 I

OTL Logfile:

Code:

OTL logfile created on: 26.04.2011 23:04:32 - Run 5

OTL by OldTimer - Version 3.2.22.3     Folder = C:\Users\Melissa\Desktop

Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 49,00% Memory free

4,00 Gb Paging File | 2,00 Gb Available in Paging File | 53,00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 144,29 Gb Total Space | 52,69 Gb Free Space | 36,52% Space Free | Partition Type: NTFS

Drive D: | 144,04 Gb Total Space | 142,65 Gb Free Space | 99,04% Space Free | Partition Type: NTFS

Drive G: | 298,01 Gb Total Space | 127,87 Gb Free Space | 42,91% Space Free | Partition Type: FAT32

Drive H: | 148,79 Gb Total Space | 55,93 Gb Free Space | 37,59% Space Free | Partition Type: FAT32

Drive J: | 931,28 Gb Total Space | 43,52 Gb Free Space | 4,67% Space Free | Partition Type: FAT32

 

Computer Name: ASSIGAMMELKEKS | User Name: Melissa | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\Melissa\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)

PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

PRC - C:\Programme\Replay Media Catcher\FLVSrvc.exe (Applian Technologies, Inc.)

PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)

PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)

PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)

PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - D:\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)

PRC - C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)

PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)

PRC - C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)

PRC - C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)

PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)

PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)

PRC - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()

PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\sc_watch.exe (Deutsche Telekom AG)

PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\profilemgr.exe (Deutsche Telekom AG)

PRC - C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis2\kernel.exe (Deutsche Telekom AG)

PRC - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()

PRC - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)

PRC - C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)

PRC - C:\Programme\Common Files\Marmiko Shared\MWLaMaS.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)

PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)

PRC - C:\Programme\T-Online\T-Online_Software_6\Notifier\Notifier.exe (fun communications GmbH, hxxp://www.fun.de)

PRC - C:\Programme\802.11 Wireless LAN\802.11g Pen Size Wireless USB 2.0 Adapter HW.32 V1.00\WlanCU.exe ()

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Users\Melissa\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (AdobeActiveFileMonitor7.0) -- D:\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)

SRV - (eDataSecurity Service) -- C:\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated)

SRV - (Acer HomeMedia Connect Service) -- C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe (CyberLink)

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (eSettingsService) -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe ()

SRV - (AcerMemUsageCheckService) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe ()

SRV - (eRecoveryService) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (Acer Inc.)

SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)

DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\Windows\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))

DRV - (hcw95rc) -- C:\Windows\System32\drivers\hcw95rc.sys (Hauppauge Computer Works, Inc.)

DRV - (hcw95bda) -- C:\Windows\System32\drivers\hcw95bda.sys (Hauppauge Computer Works, Inc.)

DRV - (zntport) -- C:\Windows\System32\drivers\zntport.sys (Zeal SoftStudio)

DRV - (tvicport) -- C:\Windows\System32\drivers\TVicPort.sys (EnTech Taiwan)

DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)

DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)

DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)

DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )

DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology (StarForce))

DRV - (int15) -- C:\Acer\Empowering Technology\eRecovery\int15.sys ()

DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)

DRV - (MTOnlPktAlyX) -- C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyx.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)

DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology)

DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))

DRV - (SIS163u) -- C:\Windows\System32\drivers\SiS163u.sys (SiS Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=1008&m=aspire_l5100

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp32&d=1008&m=aspire_l5100

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultthis.engineName: "Search"

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316"

FF - prefs.js..browser.startup.homepage: "google.de"

FF - prefs.js..extensions.enabledItems: illimitux@illimitux.net:4.0

FF - prefs.js..extensions.enabledItems: radiobar@toolbar:1.0.0

FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.2

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655

FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0

FF - prefs.js..extensions.enabledItems: web@veoh.com:1.4

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25

 

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.12 18:27:39 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.25 20:38:51 | 000,000,000 | ---D | M]

 

[2009.01.19 23:00:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melissa\AppData\Roaming\mozilla\Extensions

[2011.04.26 20:10:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions

[2010.07.09 10:27:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.03.14 11:54:26 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2010.03.28 22:07:49 | 000,000,000 | ---D | M] (Illimitux) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\illimitux@illimitux.net

[2010.01.30 16:48:09 | 000,000,000 | ---D | M] (RadioBar Toolbar) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\radiobar@toolbar

[2010.02.07 02:10:02 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\searchrecs@veoh.com

[2011.01.25 12:30:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\staged-xpis

[2011.04.26 09:20:20 | 000,000,000 | ---D | M] (Foxit PDF Creator Toolbar) -- C:\Users\Melissa\AppData\Roaming\mozilla\Firefox\Profiles\ne30dex4.default\extensions\toolbar@ask.com

[2011.04.25 20:36:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2010.02.16 21:00:29 | 000,000,000 | ---D | M] (VMLoad) -- C:\Programme\Mozilla Firefox\extensions\{464F169E-ACE1-4C5F-A778-A433A3DABBAE}

[2011.04.25 20:36:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}

[2011.04.25 20:36:38 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}

[2009.12.06 21:44:35 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD\FIREFOX\EXT

[2009.01.20 12:30:15 | 000,000,000 | ---D | M] (Veoh Web Player Video Finder) -- C:\PROGRAM FILES\VEOH NETWORKS\VEOHWEBPLAYER\FFVIDEOFINDER

[2011.04.25 20:36:12 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll

[2010.05.25 18:09:48 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll

[2011.03.06 00:27:43 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2011.03.06 00:27:43 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml

[2011.03.06 00:27:43 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2011.03.06 00:27:43 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2011.03.06 00:27:43 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2011.04.24 17:53:28 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)

O2 - BHO: (VMLoadHBO Class) - {C17C7688-31D1-46D7-8C9B-5D253E4F5D5E} - C:\Users\Melissa\AppData\Roaming\VMLoad\addin\VMLoad.dll (TODO: <Company name>)

O2 - BHO: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Programme\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

O3 - HKLM\..\Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)

O4 - HKLM..\Run: [Ask and Record FLV Service] C:\Program Files\Replay Media Catcher\FLVSrvc.exe (Applian Technologies, Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)

O4 - HKLM..\Run: [PCMMediaSharing] C:\Programme\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe ()

O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)

O4 - HKLM..\Run: [StartCCC] c:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()

O4 - HKLM..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Inc.)

O4 - HKCU..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Program Files\T-Online\WLAN-Access Finder\ToWLaAcF.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)

O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Secret City - {D401C3A2-12EF-4D1D-A086-F3AB10B565BF} -  File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O12 - Plugin for: .spop -  File not found

O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)

O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)

O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)

O15 - HKCU\..Trusted Ranges: Range1 ([*] in Local intranet)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O24 - Desktop WallPaper: C:\Users\Melissa\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O24 - Desktop BackupWallPaper: C:\Users\Melissa\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2006.11.03 12:58:30 | 000,000,038 | -H-- | M] () - G:\AUTORUN.FCB -- [ FAT32 ]

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.04.26 20:00:02 | 000,000,000 | ---D | C] -- C:\Programme\ESET

[2011.04.26 19:58:13 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Melissa\Desktop\esetsmartinstaller_enu.exe

[2011.04.25 20:42:30 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Roaming\Foxit Software

[2011.04.25 20:40:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader

[2011.04.25 20:40:46 | 000,000,000 | ---D | C] -- C:\Programme\Ask.com

[2011.04.25 20:40:36 | 000,000,000 | ---D | C] -- C:\Programme\Foxit Software

[2011.04.25 20:38:44 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2011.04.25 20:36:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun

[2011.04.25 20:36:48 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java

[2011.04.25 20:36:26 | 000,472,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll

[2011.04.25 20:36:26 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2011.04.25 20:36:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2011.04.25 20:36:26 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2011.04.24 17:57:41 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2011.04.24 17:40:53 | 000,000,000 | ---D | C] -- C:\ComboFix

[2011.04.24 17:40:16 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe

[2011.04.20 22:42:38 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2011.04.20 22:42:38 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2011.04.20 22:42:38 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2011.04.20 22:40:07 | 000,000,000 | ---D | C] -- C:\Qoobox

[2011.04.20 22:27:26 | 000,000,000 | ---D | C] -- C:\_OTL

[2011.04.17 21:57:10 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT

[2011.04.17 21:55:23 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT

[2011.04.17 21:55:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

[2011.04.17 21:30:47 | 000,791,393 | ---- | C] (Lars Hederer                                                ) -- C:\Users\Melissa\Desktop\Erunt-setup.exe

[2011.04.17 21:30:47 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Melissa\Desktop\TFC.exe

[2011.04.17 20:51:30 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Melissa\Desktop\OTL.exe

[2011.04.16 11:30:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2011.04.16 11:30:02 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll

[2011.04.16 11:30:02 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll

[2011.04.16 11:30:02 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2011.04.16 11:30:02 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe

[2011.04.16 11:30:02 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe

[2011.04.16 11:30:02 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2011.04.16 11:30:02 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll

[2011.04.16 11:30:01 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2011.04.16 11:30:01 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll

[2011.04.16 11:30:00 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat

[2011.04.16 11:30:00 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2011.04.16 11:30:00 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2011.04.16 11:30:00 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll

[2011.04.16 11:30:00 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2011.04.16 11:30:00 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2011.04.16 11:30:00 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll

[2011.04.16 11:30:00 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2011.04.16 11:30:00 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2011.04.16 11:30:00 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2011.04.16 11:30:00 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll

[2011.04.16 11:29:59 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2011.04.16 11:29:59 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2011.04.16 11:29:59 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll

[2011.04.16 11:29:59 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll

[2011.04.16 11:29:59 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll

[2011.04.16 11:29:59 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe

[2011.04.16 11:29:59 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe

[2011.04.16 11:29:59 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2011.04.16 11:29:59 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll

[2011.04.16 11:29:59 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll

[2011.04.16 11:29:58 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2011.04.16 11:29:58 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll

[2011.04.16 11:29:58 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll

[2011.04.16 11:29:58 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2011.04.16 11:29:58 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll

[2011.04.16 11:29:58 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2011.04.16 11:29:58 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll

[2011.04.16 11:29:58 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2011.04.15 15:11:24 | 000,000,000 | ---D | C] -- C:\Users\Melissa\AppData\Roaming\Malwarebytes

[2011.04.15 15:11:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys

[2011.04.15 15:11:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2011.04.15 15:11:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2011.04.15 15:11:13 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

[2011.04.15 15:11:13 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware

[2011.04.14 09:01:53 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll

[2011.04.14 09:01:53 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll

[2011.04.14 09:01:42 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll

[2011.04.14 09:01:41 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll

[2011.04.14 09:01:38 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe

[2011.04.14 09:01:37 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys

[2011.04.14 02:05:14 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe

[2011.04.13 12:51:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler

[2011.04.13 12:51:30 | 000,000,000 | ---D | C] -- C:\Programme\Defraggler

[2011.04.13 12:36:09 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2009.01.19 22:11:52 | 000,016,384 | ---- | C] ( ) -- C:\Windows\System32\ClearEvent.exe

[2008.09.30 06:55:45 | 000,049,152 | ---- | C] ( ) -- C:\Windows\INTEROP.IWSHRUNTIMELIBRARY.DLL

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.04.26 22:14:09 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011.04.26 21:17:34 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011.04.26 21:17:34 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011.04.26 19:58:22 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Melissa\Desktop\esetsmartinstaller_enu.exe

[2011.04.26 19:14:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011.04.26 09:45:11 | 000,028,672 | ---- | M] () -- C:\Users\Melissa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.04.26 09:17:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.04.26 09:17:24 | 1878,515,712 | -HS- | M] () -- C:\hiberfil.sys

[2011.04.25 20:40:59 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader.lnk

[2011.04.25 20:36:11 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll

[2011.04.25 20:36:11 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2011.04.25 20:36:11 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2011.04.25 20:36:11 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2011.04.24 17:53:28 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2011.04.24 16:24:30 | 004,328,459 | R--- | M] () -- C:\Users\Melissa\Desktop\ComboFix.exe

[2011.04.20 23:33:07 | 000,674,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2011.04.20 23:33:07 | 000,634,202 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011.04.20 23:33:07 | 000,146,028 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2011.04.20 23:33:07 | 000,119,766 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011.04.20 00:26:48 | 000,040,504 | ---- | M] () -- C:\Users\Melissa\Desktop\Malvada.odt

[2011.04.19 19:33:17 | 000,050,477 | ---- | M] () -- C:\Users\Melissa\Desktop\Defogger.exe

[2011.04.19 18:49:41 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE

[2011.04.17 21:55:23 | 000,000,737 | ---- | M] () -- C:\Users\Melissa\Desktop\NTREGOPT.lnk

[2011.04.17 21:55:23 | 000,000,718 | ---- | M] () -- C:\Users\Melissa\Desktop\ERUNT.lnk

[2011.04.17 21:39:24 | 000,301,568 | ---- | M] () -- C:\Users\Melissa\Desktop\g2m3e4r.exe

[2011.04.17 21:39:23 | 000,791,393 | ---- | M] (Lars Hederer                                                ) -- C:\Users\Melissa\Desktop\Erunt-setup.exe

[2011.04.17 21:39:18 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Melissa\Desktop\TFC.exe

[2011.04.17 21:39:17 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Melissa\Desktop\OTL.exe

[2011.04.17 21:28:35 | 000,377,280 | ---- | M] () -- C:\Users\Melissa\Desktop\Load.exe

[2011.04.16 11:30:08 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat

[2011.04.16 11:30:08 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat

[2011.04.16 11:30:02 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll

[2011.04.16 11:30:02 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll

[2011.04.16 11:30:02 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll

[2011.04.16 11:30:02 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll

[2011.04.16 11:30:02 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe

[2011.04.16 11:30:02 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe

[2011.04.16 11:30:02 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll

[2011.04.16 11:30:02 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll

[2011.04.16 11:30:01 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec

[2011.04.16 11:30:01 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll

[2011.04.16 11:30:00 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat

[2011.04.16 11:30:00 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl

[2011.04.16 11:30:00 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll

[2011.04.16 11:30:00 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll

[2011.04.16 11:30:00 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll

[2011.04.16 11:30:00 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll

[2011.04.16 11:30:00 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll

[2011.04.16 11:30:00 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll

[2011.04.16 11:30:00 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe

[2011.04.16 11:30:00 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf

[2011.04.16 11:30:00 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll

[2011.04.16 11:30:00 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll

[2011.04.16 11:29:59 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb

[2011.04.16 11:29:59 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll

[2011.04.16 11:29:59 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll

[2011.04.16 11:29:59 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll

[2011.04.16 11:29:59 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll

[2011.04.16 11:29:59 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe

[2011.04.16 11:29:59 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe

[2011.04.16 11:29:59 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe

[2011.04.16 11:29:59 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll

[2011.04.16 11:29:59 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll

[2011.04.16 11:29:58 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll

[2011.04.16 11:29:58 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll

[2011.04.16 11:29:58 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll

[2011.04.16 11:29:58 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll

[2011.04.16 11:29:58 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll

[2011.04.16 11:29:58 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll

[2011.04.16 11:29:58 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll

[2011.04.16 11:29:58 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe

[2011.04.15 15:11:18 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.04.15 03:30:24 | 000,328,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011.04.13 12:51:32 | 000,001,706 | ---- | M] () -- C:\Users\Public\Desktop\Defraggler.lnk

[2011.04.11 20:43:57 | 092,643,550 | ---- | M] () -- C:\Users\Melissa\Documents\Megavideo.com - 2828C2AF60C2BB..C2AB5BNeverAlone5DC2BB..C2ABC2B4C2AF2929.flv

[2011.04.06 22:35:33 | 000,000,054 | ---- | M] () -- C:\Windows\mpsettings.ini

 
 ========== Files Created - No Company Name ==========

 

[2011.04.25 20:40:59 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader.lnk

[2011.04.24 16:24:14 | 004,328,459 | R--- | C] () -- C:\Users\Melissa\Desktop\ComboFix.exe

[2011.04.20 22:42:38 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe

[2011.04.20 22:42:38 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2011.04.20 22:42:38 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe

[2011.04.20 22:42:38 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2011.04.20 22:42:38 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2011.04.19 19:33:16 | 000,050,477 | ---- | C] () -- C:\Users\Melissa\Desktop\Defogger.exe

[2011.04.19 18:49:40 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE

[2011.04.18 21:23:54 | 000,040,504 | ---- | C] () -- C:\Users\Melissa\Desktop\Malvada.odt

[2011.04.17 21:55:23 | 000,000,737 | ---- | C] () -- C:\Users\Melissa\Desktop\NTREGOPT.lnk

[2011.04.17 21:55:23 | 000,000,718 | ---- | C] () -- C:\Users\Melissa\Desktop\ERUNT.lnk

[2011.04.17 21:30:47 | 000,301,568 | ---- | C] () -- C:\Users\Melissa\Desktop\g2m3e4r.exe

[2011.04.17 21:28:35 | 000,377,280 | ---- | C] () -- C:\Users\Melissa\Desktop\Load.exe

[2011.04.16 11:30:00 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf

[2011.04.15 15:11:18 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2011.04.13 12:51:32 | 000,001,706 | ---- | C] () -- C:\Users\Public\Desktop\Defraggler.lnk

[2011.04.11 20:43:58 | 092,643,550 | ---- | C] () -- C:\Users\Melissa\Documents\Megavideo.com - 2828C2AF60C2BB..C2AB5BNeverAlone5DC2BB..C2ABC2B4C2AF2929.flv

[2011.04.06 22:35:33 | 000,000,054 | ---- | C] () -- C:\Windows\mpsettings.ini

[2010.08.13 11:30:19 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI

[2010.06.14 19:12:53 | 000,000,130 | ---- | C] () -- C:\Windows\System32\rpireica.bin

[2009.11.12 20:27:13 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2009.11.12 20:27:13 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2009.11.12 20:27:08 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2009.11.12 20:27:07 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2009.11.12 20:27:06 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2009.11.09 19:19:44 | 000,000,000 | ---- | C] () -- C:\Windows\System32\swunilog.ini

[2009.11.04 23:47:55 | 000,237,568 | ---- | C] () -- C:\Windows\System32\rmc_rtspdl.dll

[2009.09.24 06:17:18 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009.09.24 06:17:17 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009.09.02 06:57:23 | 000,007,268 | ---- | C] () -- C:\Users\Melissa\AppData\Local\d3d9caps.dat

[2009.07.02 13:51:39 | 000,006,550 | ---- | C] () -- C:\Windows\jautoexp.dat

[2009.02.10 19:22:57 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib

[2009.01.28 20:46:28 | 000,000,096 | ---- | C] () -- C:\Users\Melissa\AppData\Roaming\wklnhst.dat

[2009.01.20 13:05:11 | 000,000,399 | ---- | C] () -- C:\Windows\vtplus32.ini

[2009.01.20 13:05:01 | 000,149,504 | ---- | C] () -- C:\Windows\System32\UNWISE.EXE

[2009.01.20 13:04:31 | 000,032,295 | ---- | C] () -- C:\Windows\Irremote.ini

[2009.01.20 13:04:21 | 000,065,536 | ---- | C] () -- C:\Windows\System32\dmcrypto.dll

[2009.01.20 13:03:53 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI

[2009.01.20 13:03:53 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI

[2009.01.20 13:03:51 | 000,163,840 | ---- | C] () -- C:\Windows\System32\hcwChDB.dll

[2009.01.20 13:02:53 | 000,006,315 | ---- | C] () -- C:\Windows\HCWPNP.INI

[2009.01.20 00:02:56 | 000,028,672 | ---- | C] () -- C:\Users\Melissa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009.01.19 23:11:52 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2009.01.19 22:39:59 | 000,000,095 | ---- | C] () -- C:\Users\Melissa\AppData\Local\fusioncache.dat

[2009.01.19 22:11:52 | 000,016,384 | ---- | C] () -- C:\Windows\System32\LauncheRyAgentUser.exe

[2008.11.06 18:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll

[2008.11.06 18:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll

[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll

[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll

[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll

[2008.10.06 06:48:51 | 000,000,044 | ---- | C] () -- C:\Windows\Acer(Normal).ini

[2008.10.06 06:48:51 | 000,000,042 | ---- | C] () -- C:\Windows\Acer(Wide).ini

[2008.01.21 09:15:58 | 000,674,344 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2008.01.21 09:15:58 | 000,146,028 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2007.04.11 19:30:48 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN4.dll

[2007.04.11 17:09:20 | 000,000,734 | ---- | C] () -- C:\Windows\generic.ini

[2007.04.11 17:09:20 | 000,000,125 | ---- | C] () -- C:\Windows\Alaunch.ini

[2007.04.11 17:07:33 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat

[2007.04.11 17:07:33 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll

[2007.04.11 17:07:32 | 000,144,773 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2007.04.11 09:20:03 | 000,015,656 | ---- | C] () -- C:\Windows\System32\drivers\int15_64.sys

[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006.11.02 14:47:37 | 000,328,032 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006.11.02 12:33:01 | 000,634,202 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006.11.02 12:33:01 | 000,119,766 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2005.01.06 15:04:00 | 000,049,152 | ---- | C] () -- C:\Windows\System32\unwlsdrv.exe

[2001.12.26 15:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll

[2001.09.03 22:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll

[2001.07.30 15:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll

[2001.07.23 21:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

[1997.06.14 13:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
 

< End of report >

--- --- ---

Zitat:

Results of screen317's Security Check version 0.99.10
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Avira AntiVir Personal - Free Antivirus
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Java(TM) 6 Update 25
Out of date Java installed!
Adobe Flash Player 10.0.32.18
````````````````````````````````
Process Check:
objlist.exe by Laurent
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Empowering Technology eSettings Service capuserv.exe
T-Online WLAN-Access Finder ToWLaAcF.exe
T-Online T-Online_Software_6 Basis-Software Basis2\kernel.exe
T-Online T-Online_Software_6 Basis-Software Basis2\sc_watch.exe
T-Online T-ONLI~1 BASIS-~1 Basis2\PROFIL~1.EXE
T-Online T-ONLI~1 Notifier Notifier.exe
``````````End of Log````````````

Gruß
Shinichi

Hallo Shinichi,

bevor wir zum Abschluss kommen, hätte ich noch folgende Anliegen an dich:

Schritt # 1: Deinstallation von Programmen
Bei der Installation von Foxit Reader hast du dir anscheinend die Ask Toolbar mit installiert. Diese erfüllt keinen sinnvollen Zweck. Daher bitte ich dich, diese Toolbar wieder zu deinstallieren.
Achte grundsätzlich immer darauf, welche zusätzlichen "Tools" du beim Installations-Setup auswählst.

Folge folgendem Pfad: Start -> Systemsteuerung -> Programme deinstallieren
Suche in der Liste Software mit dem folgenden Namen
- Ask Toolbar
und deinstalliere das Programm.
Solltest du am Ende der Deinstallation zu einem Neustart aufgefordert werden, so führe diesen durch.

Schritt # 2: Fix mit OTL

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die http://larusso.trojaner-board.de/Images/otlfix.jpg Textbox.

Code:

:OTL

O2 - BHO: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O3 - HKLM\..\Toolbar: (Foxit PDF Creator Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

[2011.04.25 20:40:46 | 000,000,000 | ---D | C] -- C:\Programme\Ask.com
 

:files

C:\Program Files\Windows Live\Messenger\msimg32.dll

C:\Program Files\Windows Live\Messenger\riched20.dll
 

:Commands

[emptytemp]

Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt # 3: Fragen beantworten
Bitte beantworte mir folgende Fragen:

Ich bitte dich um die Prüfung der folgenden Datei:

Zitat:

C:\Users\Melissa\Downloads\Neuer Ordner\HSS-1.37-install-anchorfree-76-conduit.exe

Worum handelt es sich hierbei genau? Benötigst du dieses Installationspaket noch? Ich empfehle dir, es zu löschen.
Was ist denn das? :wtf:

Zitat:

G:\Spiele\simcity\4dhotel\3D Sexvilla 2.058.002\3d_Sexvilla_2.058.002.exe

Laut ESET befinden sich in dieser Datei mehrere Gefahren. Ich empfehle dir, es zu löschen.
Letztendlich entscheidest du, was du mit diesen beiden Dateien machst. Ich halte sie allerdings für bedenklich.
Wie läuft dein Rechner derzeit? Gibt es noch Probleme oder läuft alles so wie es sein soll?

Schritt # 4: Systemscan mit OTL

Starte bitte OTL.exe.
Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.

Schritt # 5: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort

das Logfile des OTL-Fix,
die Beantwortung der gestellten Fragen und
die beiden neuen Logfiles von OTL (OTL.txt und Extras.txt).

Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen!