Trojaner-Board - BKA-Trojaner - Eilig Abschlussarbeit in Gefahr

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - BKA-Trojaner - Eilig Abschlussarbeit in Gefahr - OTLPE geht nicht (https://www.trojaner-board.de/100362-bka-trojaner-eilig-abschlussarbeit-gefahr-otlpe-geht.html)

BKA-Trojaner - Eilig Abschlussarbeit in Gefahr - OTLPE geht nicht

Hallo zusammen,

auch ich hab mir den beliebten BKA-Ukash Trojaner eingefangen. Ich hab mir auch schon einge Posts dazu durchgelesen und wollte ganz vorbildlich sein und gleich meinenOTL Log mit posten. Nur leider geamDiskht das nicht!

Ich hab ganz nach der Anleitung OTL geladen und gebrannt. Starten der Reatogo-X-Pe ging auch problemlos. Als ich dann OTLPE angeklickt habe hatte ich die Auswahl unter mehreren Laufwerken:

MyComputer
-> RamDISK (B: )
-> ACER(C: )
-> DATA (F: )
-> ReatogoPE (X: )
-> Shared Documents

Ich habe schon alle versucht immer mit dem Ergebnis "Target is not windows 2000 or later". Ich habe aber VISTA! Ich hab auch schon in allen Posts nach Lösungen gesucht aber keine gefunden.

Ich hab auch einen eingebauten Kartenleser. Kann es daran liegen?

Es ist wirklich sehr sehr sehr eilig. Meine Abschlussarbeit ist darauf und ohne meinen Laptop kann ich net arbeiten.

Vielen Dank schon mal

Schmiddi

hi,
du musst den ordner c: oder f: nehmen, wobei ich denke es ist f: dann dort zum ordner windows, und drauf klicken, dann gehts los.

Zitat:

Zitat von markusg (Beitrag 672386)

hi,
du musst den ordner c: oder f: nehmen, wobei ich denke es ist f: dann dort zum ordner windows, und drauf klicken, dann gehts los.

Danke für diese unheimlich schnelle Antwort

Okay falls du es schon mal irgendwo gepostet hast dann sorry für die dumme frage. Nebenbei....Es war C: :applaus:

So dann mal zu meiner OTL.txtOTL Logfile:

Code:

OTL logfile created on: 6/15/2011 1:06:53 PM - Run 

OTLPE by OldTimer - Version 3.1.46.0     Folder = X:\Programs\OTLPE

  (Version = .) - Type = 

Internet Explorer (Version = )

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

 

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 92.00% Memory free

3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 142.54 Gb Total Space | 41.68 Gb Free Space | 29.24% Space Free | Partition Type: NTFS

Drive F: | 139.00 Gb Total Space | 138.91 Gb Free Space | 99.94% Space Free | Partition Type: NTFS

Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

 

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet002

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2011/05/06 11:33:00 | 000,393,112 | ---- | M] (Spigot, Inc.) [Auto] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)

SRV - [2011/04/27 21:32:38 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011/03/16 15:47:27 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010/08/16 14:16:06 | 000,592,120 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)

SRV - [2010/08/02 06:40:56 | 000,199,600 | ---- | M] (Telefónica I+D) [Auto] -- C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc)

SRV - [2010/04/12 17:56:48 | 000,246,520 | ---- | M] () [Auto] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)

SRV - [2010/03/25 04:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)

SRV - [2010/01/26 06:41:08 | 000,652,800 | ---- | M] (Nokia) [On_Demand] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2009/11/15 14:31:08 | 000,049,152 | ---- | M] () [Auto] -- C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -- (dtpd)

SRV - [2009/11/15 14:29:10 | 000,716,800 | ---- | M] () [Auto] -- C:\Program Files\ShrewSoft\VPN Client\iked.exe -- (iked)

SRV - [2009/11/15 14:26:42 | 000,536,576 | ---- | M] () [Auto] -- C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -- (ipsecd)

SRV - [2009/10/02 14:28:09 | 002,969,600 | ---- | M] (ANSYS, Inc.) [Auto] -- C:\Program Files\ANSYS Inc\Shared Files\Licensing\win32\ansysli_server.exe -- (ANSYS, Inc. License Manager)

SRV - [2009/04/16 10:56:36 | 000,075,048 | ---- | M] () [Auto] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)

SRV - [2008/10/01 06:43:56 | 000,024,576 | ---- | M] () [Auto] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)

SRV - [2008/07/29 12:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)

SRV - [2008/07/19 10:13:44 | 000,233,472 | ---- | M] (Acer Incorporated) [Auto] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)

SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/12/06 11:15:28 | 000,110,592 | ---- | M] () [Auto] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand] --  -- (upperdev)

DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)

DRV - [2011/03/16 15:47:27 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2010/11/23 08:48:03 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010/08/16 14:02:49 | 000,019,680 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)

DRV - [2010/05/22 16:50:58 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)

DRV - [2010/04/09 03:24:12 | 000,063,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)

DRV - [2010/03/24 22:08:38 | 000,105,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2010/03/19 23:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)

DRV - [2010/03/19 22:28:12 | 000,116,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)

DRV - [2009/11/18 20:06:18 | 000,017,408 | ---- | M] (Shrew Soft Inc) [Kernel | System] -- C:\Windows\System32\drivers\vfilter.sys -- (vflt)

DRV - [2009/11/18 20:06:16 | 000,009,728 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand] -- C:\Windows\System32\drivers\virtualnet.sys -- (vnet)

DRV - [2009/09/16 04:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2009/09/16 04:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)

DRV - [2009/09/16 04:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)

DRV - [2009/09/16 04:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)

DRV - [2009/09/16 04:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)

DRV - [2009/09/05 06:25:50 | 000,081,408 | ---- | M] () [Kernel | System] -- C:\Windows\System32\drivers\SSHDRV86.sys -- (SSHDRV86)

DRV - [2009/05/11 05:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009/02/13 06:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2009/01/01 13:25:00 | 007,542,720 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2008/11/23 23:49:38 | 000,048,128 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E)

DRV - [2008/11/19 05:33:50 | 000,057,856 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)

DRV - [2008/11/03 06:31:40 | 000,107,360 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)

DRV - [2008/10/01 05:04:16 | 000,012,832 | ---- | M] (Acer, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\int15.sys -- (int15)

DRV - [2008/09/24 04:09:48 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)

DRV - [2008/08/29 02:48:46 | 003,664,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)

DRV - [2008/08/26 03:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2007/10/19 09:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

DRV - [2006/11/02 09:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

 

 

 

[2011/05/21 19:24:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/01/12 18:17:33 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2010/06/07 20:18:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010/06/07 20:17:54 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2010/07/05 03:52:11 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2010/07/05 03:52:11 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml

[2010/12/13 08:36:54 | 000,002,035 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrchddr.xml

[2010/07/05 03:52:12 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2010/07/05 03:52:12 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2010/07/05 03:52:12 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O13 - ftp Prefix: missing

O13 - gopher Prefix: missing

O13 - home Prefix: missing

O13 - mosaic Prefix: missing

O13 - www Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O20 - HKLM Winlogon: Shell - ( ) - (Registry key not found)

O20 - HKLM Winlogon: UserInit - ( ) - (Registry key not found)

O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O37 - HKLM\...com [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

O37 - HKLM\...exe [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011/06/08 00:57:08 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.5

[2011/05/21 19:24:31 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater

[2011/05/21 19:24:30 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar

[2011/05/18 20:08:59 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine

[2011/05/18 20:07:42 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2011/05/16 14:21:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

[2009/01/12 08:48:15 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

 
 ========== Files - Modified Within 30 Days ==========

 

[2011/06/15 05:01:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/06/15 05:01:14 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/06/15 05:01:13 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/06/15 05:01:13 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2011/06/14 16:28:36 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml

[2011/06/14 13:26:13 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2011/06/14 13:26:13 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/06/14 13:26:13 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2011/06/14 13:26:13 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/06/07 15:56:33 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

 
 ========== Files Created - No Company Name ==========

 

[2011/03/09 10:49:29 | 000,001,052 | R--- | C] () -- \reatogoMenu.ini

[2011/03/09 10:41:06 | 000,000,000 | R--- | C] () -- \WIN51IP.SP2

[2011/03/09 10:41:05 | 000,000,000 | R--- | C] () -- \WIN51IP

[2010/11/16 04:30:44 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2010/11/16 04:30:44 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2010/03/20 14:10:27 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI

[2010/03/19 07:24:42 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll

[2010/03/08 20:40:54 | 000,000,783 | ---- | C] () -- C:\Windows\NTIWVEDT.INI

[2010/01/12 18:18:11 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2010/01/01 15:08:31 | 000,147,939 | ---- | C] () -- C:\Windows\hpoins12.dat

[2009/11/21 08:41:11 | 000,000,231 | ---- | C] () -- C:\Windows\POWERPNT.INI

[2009/11/21 08:40:59 | 000,000,064 | ---- | C] () -- C:\Windows\exchng32.ini

[2009/11/21 08:40:59 | 000,000,026 | ---- | C] () -- C:\Windows\datalink.ini

[2009/11/21 08:40:41 | 000,000,032 | ---- | C] () -- C:\Windows\GRAPH5.INI

[2009/11/21 08:40:38 | 000,000,000 | ---- | C] () -- C:\Windows\WINHELP.INI

[2009/11/21 08:39:07 | 000,000,969 | ---- | C] () -- C:\Windows\ODBCINST.INI

[2009/11/08 14:55:50 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat

[2009/09/11 20:03:09 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009/09/11 20:01:19 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/09/06 17:57:08 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2009/09/05 08:46:11 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll

[2009/09/05 07:40:13 | 000,000,535 | ---- | C] () -- C:\Windows\eReg.dat

[2009/09/05 06:25:50 | 000,081,408 | ---- | C] () -- C:\Windows\System32\drivers\SSHDRV86.sys

[2009/08/03 10:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009/08/03 10:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe

[2009/03/04 15:28:02 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll

[2009/03/04 15:28:02 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe

[2009/03/04 15:28:02 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe

[2009/03/04 15:28:02 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini

[2009/01/12 02:23:18 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll

[2009/01/12 02:23:18 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll

[2009/01/12 01:50:53 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll

[2009/01/12 01:27:12 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat

[2009/01/12 01:27:12 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat

[2009/01/12 01:27:12 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat

[2009/01/12 01:27:12 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat

[2009/01/12 00:31:08 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2008/01/21 03:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2008/01/21 03:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2008/01/21 03:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2008/01/21 03:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2007/01/22 12:05:38 | 000,001,470 | ---- | C] () -- C:\Windows\hpomdl12.dat

[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 08:47:37 | 000,408,904 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 06:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 06:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2006/03/24 07:06:41 | 000,000,053 | R--- | C] () -- \AUTORUN.INF

[2005/07/16 17:36:50 | 000,240,128 | R--- | C] () -- \reatogoMenu.exe

[2003/09/23 08:14:42 | 001,099,264 | ---- | C] () -- C:\Windows\System32\cygxml2-2.dll

[2003/08/10 10:59:20 | 000,980,992 | ---- | C] () -- C:\Windows\System32\cygiconv-2.dll

[2003/08/08 20:28:16 | 000,061,440 | ---- | C] () -- C:\Windows\System32\cygz.dll

[2001/12/26 11:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll

[2001/11/14 08:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

[2001/09/03 18:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll

[2001/07/30 11:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll

[2001/07/23 17:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

[1997/06/14 08:26:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

[1995/08/09 19:00:00 | 000,913,952 | ---- | C] () -- C:\Windows\System32\WWINTL32.DLL

[1995/08/09 19:00:00 | 000,107,008 | ---- | C] () -- C:\Windows\System32\TTEMB32.DLL

[1995/08/09 19:00:00 | 000,068,096 | ---- | C] () -- C:\Windows\System32\MSROUTE.DLL

[1995/08/09 19:00:00 | 000,052,736 | ---- | C] () -- C:\Windows\System32\OPENDEU.DLL

[1995/08/09 19:00:00 | 000,010,512 | ---- | C] () -- C:\Windows\System32\VBADE32.DLL

[1995/08/09 19:00:00 | 000,006,352 | ---- | C] () -- C:\Windows\System32\VISXUTIL.DLL

[1995/08/09 19:00:00 | 000,002,041 | ---- | C] () -- C:\Windows\MSFNTMAP.INI

[1995/08/09 19:00:00 | 000,000,586 | ---- | C] () -- C:\Windows\MSTXTCNV.INI

[1995/08/09 19:00:00 | 000,000,280 | ---- | C] () -- C:\Windows\TTEMBED.INI

 
 ========== LOP Check ==========

 

[2011/03/09 10:53:54 | 000,000,000 | R--D | M] -- \I386

[2011/03/09 10:41:19 | 000,000,000 | R--D | M] -- \PROGRAMS

[2011/03/09 10:50:53 | 000,000,000 | R--D | M] -- \SFX

[2011/06/15 05:01:13 | 000,032,536 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

< End of report >

--- --- ---

Reicht dir das?

Vielen Vielen Dank

irgendwas ist hier aber falsch
• entferne den haken bei "Automatically Load All Remaining Users" wenn er gesetzt ist.

• OTL sollte nun starten.
• Drücke Run Scan um den Scan zu starten.
• Wenn er fertig ist werden die Dateien in C:\otl.txt gesichert
• Kopiere diesen Ordner auf deinen USB-Stick wenn du keine Internetverbindung auf diesem System hast.
poste beide logs

hast du otl so ausgeführt?

Bei dem Haken gab es ein Problem. Ich hab den zwar entfernt aber nicht auf OK gedrückt und aus Versehen geschlossen. Dann kam diese Auswahl nicht mehr. Wie bekomme ist es hin dass das Häkchen wieder kommt?

Edit: Hab es gefunden. Ein Moment neues Log kommt sofort

So und da bin ich schon wieder. SOrry nochmal..eifer des Gefechts und 26 Stunden ohne schlafOTL Logfile:

Code:

OTL logfile created on: 6/15/2011 1:40:18 PM - Run 

OTLPE by OldTimer - Version 3.1.46.0     Folder = X:\Programs\OTLPE

Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free

3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 142.54 Gb Total Space | 41.68 Gb Free Space | 29.24% Space Free | Partition Type: NTFS

Drive F: | 139.00 Gb Total Space | 138.91 Gb Free Space | 99.94% Space Free | Partition Type: NTFS

Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

 

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet002

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2011/05/06 11:33:00 | 000,393,112 | ---- | M] (Spigot, Inc.) [Auto] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)

SRV - [2011/04/27 21:32:38 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011/03/16 15:47:27 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010/08/16 14:16:06 | 000,592,120 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)

SRV - [2010/08/02 06:40:56 | 000,199,600 | ---- | M] (Telefónica I+D) [Auto] -- C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc)

SRV - [2010/04/12 17:56:48 | 000,246,520 | ---- | M] () [Auto] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)

SRV - [2010/03/25 04:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)

SRV - [2010/01/26 06:41:08 | 000,652,800 | ---- | M] (Nokia) [On_Demand] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2009/11/15 14:31:08 | 000,049,152 | ---- | M] () [Auto] -- C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -- (dtpd)

SRV - [2009/11/15 14:29:10 | 000,716,800 | ---- | M] () [Auto] -- C:\Program Files\ShrewSoft\VPN Client\iked.exe -- (iked)

SRV - [2009/11/15 14:26:42 | 000,536,576 | ---- | M] () [Auto] -- C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -- (ipsecd)

SRV - [2009/10/02 14:28:09 | 002,969,600 | ---- | M] (ANSYS, Inc.) [Auto] -- C:\Program Files\ANSYS Inc\Shared Files\Licensing\win32\ansysli_server.exe -- (ANSYS, Inc. License Manager)

SRV - [2009/04/16 10:56:36 | 000,075,048 | ---- | M] () [Auto] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)

SRV - [2008/10/01 06:43:56 | 000,024,576 | ---- | M] () [Auto] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)

SRV - [2008/07/29 12:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)

SRV - [2008/07/19 10:13:44 | 000,233,472 | ---- | M] (Acer Incorporated) [Auto] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)

SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/12/06 11:15:28 | 000,110,592 | ---- | M] () [Auto] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand] --  -- (upperdev)

DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)

DRV - [2011/03/16 15:47:27 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2010/11/23 08:48:03 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010/08/16 14:02:49 | 000,019,680 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)

DRV - [2010/05/22 16:50:58 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)

DRV - [2010/04/09 03:24:12 | 000,063,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)

DRV - [2010/03/24 22:08:38 | 000,105,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2010/03/19 23:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)

DRV - [2010/03/19 22:28:12 | 000,116,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)

DRV - [2009/11/18 20:06:18 | 000,017,408 | ---- | M] (Shrew Soft Inc) [Kernel | System] -- C:\Windows\System32\drivers\vfilter.sys -- (vflt)

DRV - [2009/11/18 20:06:16 | 000,009,728 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand] -- C:\Windows\System32\drivers\virtualnet.sys -- (vnet)

DRV - [2009/09/16 04:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2009/09/16 04:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)

DRV - [2009/09/16 04:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)

DRV - [2009/09/16 04:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)

DRV - [2009/09/16 04:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)

DRV - [2009/09/05 06:25:50 | 000,081,408 | ---- | M] () [Kernel | System] -- C:\Windows\System32\drivers\SSHDRV86.sys -- (SSHDRV86)

DRV - [2009/05/11 05:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009/02/13 06:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2009/01/01 13:25:00 | 007,542,720 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2008/11/23 23:49:38 | 000,048,128 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E)

DRV - [2008/11/19 05:33:50 | 000,057,856 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)

DRV - [2008/11/03 06:31:40 | 000,107,360 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)

DRV - [2008/10/01 05:04:16 | 000,012,832 | ---- | M] (Acer, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\int15.sys -- (int15)

DRV - [2008/09/24 04:09:48 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)

DRV - [2008/08/29 02:48:46 | 003,664,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)

DRV - [2008/08/26 03:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2007/10/19 09:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

DRV - [2006/11/02 09:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

IE - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = about:blank

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4

IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKLM\..\URLSearchHook: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Program Files\ooVoo_Chat\prxtbooVo.dll (Conduit Ltd.)

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.hs-albsig.de:8080

 

IE - HKU\Daniel_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0309&m=aspire_4935

IE - HKU\Daniel_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]

IE - HKU\Daniel_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = 

IE - HKU\Daniel_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\Daniel_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1572363

IE - HKU\Daniel_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\Daniel_ON_C\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKU\Daniel_ON_C\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKU\Daniel_ON_C\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.4\pdfforgeToolbarIE.dll (Spigot, Inc.)

IE - HKU\Daniel_ON_C\..\URLSearchHook: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Program Files\ooVoo_Chat\prxtbooVo.dll (Conduit Ltd.)

IE - HKU\Daniel_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.defaultthis.engineName: "ooVoo Video Chat Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1572363&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"

FF - prefs.js..browser.search.selectedEngine: "ooVoo Video Chat Customized Web Search"

FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT1572363&SearchSource=13"

FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.26

FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.2

FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2

FF - prefs.js..extensions.enabledItems: 5

FF - prefs.js..extensions.enabledItems: 2

FF - prefs.js..extensions.enabledItems: 2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.4

FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2

FF - prefs.js..keyword.URL: "hxxp://start.facemoods.com/results.php?f=5&a=ddr&q="

FF - prefs.js..network.proxy.autoconfig_url: "hxxp://proxy.fh-albsig.de/"

FF - prefs.js..network.proxy.ftp: "proxy.fh-albsig.de"

FF - prefs.js..network.proxy.ftp_port: 8080

FF - prefs.js..network.proxy.gopher: "proxy.fh-albsig.de"

FF - prefs.js..network.proxy.gopher_port: 8080

FF - prefs.js..network.proxy.http: "proxy.fh-albsig.de"

FF - prefs.js..network.proxy.http_port: 8080

FF - prefs.js..network.proxy.socks: "proxy.fh-albsig.de"

FF - prefs.js..network.proxy.socks_port: 8080

FF - prefs.js..network.proxy.socks_version: 4

FF - prefs.js..network.proxy.ssl: "proxy.fh-albsig.de"

FF - prefs.js..network.proxy.ssl_port: 8080

FF - prefs.js..network.proxy.type: 4

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/05/08 04:06:19 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/08 14:52:04 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/24 21:13:49 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/05/08 04:06:20 | 000,000,000 | ---D | M]

 

[2010/01/12 18:18:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Extensions

[2011/06/14 12:12:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\tzwqhn0e.default\extensions

[2011/04/20 14:19:34 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\tzwqhn0e.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}

[2010/05/31 04:39:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\tzwqhn0e.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/04/13 18:09:41 | 000,000,000 | ---D | M] (mediaplayerconnectivity) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\tzwqhn0e.default\extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6}

[2011/05/18 20:09:23 | 000,000,000 | ---D | M] (ooVoo Video Chat Community Toolbar) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\tzwqhn0e.default\extensions\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}

[2011/05/18 20:09:47 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\tzwqhn0e.default\extensions\engine@conduit.com

[2010/03/18 14:34:14 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\tzwqhn0e.default\extensions\firefox@tvunetworks.com

[2010/12/28 07:08:16 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\tzwqhn0e.default\extensions\vshare@toolbar

[2011/05/18 12:03:36 | 000,000,935 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\tzwqhn0e.default\searchplugins\conduit.xml

[2010/05/22 16:51:27 | 000,002,059 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\tzwqhn0e.default\searchplugins\daemon-search.xml

[2011/06/01 02:19:54 | 000,000,950 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\tzwqhn0e.default\searchplugins\icqplugin-1.xml

[2010/12/08 06:36:28 | 000,000,945 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\tzwqhn0e.default\searchplugins\icqplugin.xml

[2010/06/20 10:15:53 | 000,003,915 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\tzwqhn0e.default\searchplugins\sweetim.xml

[2011/05/21 19:24:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/01/12 18:17:33 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2010/06/07 20:18:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2011/05/21 19:24:31 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM

[2010/05/08 04:06:19 | 000,000,000 | ---D | M] (Firefox Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA OVI SUITE\CONNECTORS\BOOKMARKS CONNECTOR\FIREFOXEXTENSION

[2010/06/07 20:17:54 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2010/07/05 03:52:11 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2010/07/05 03:52:11 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml

[2010/12/13 08:36:54 | 000,002,035 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrchddr.xml

[2010/07/05 03:52:12 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2010/07/05 03:52:12 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2010/07/05 03:52:12 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)

O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.4\pdfforgeToolbarIE.dll (Spigot, Inc.)

O2 - BHO: (ooVoo Video Chat Toolbar) - {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Program Files\ooVoo_Chat\prxtbooVo.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)

O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.4\pdfforgeToolbarIE.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()

O3 - HKLM\..\Toolbar: (ooVoo Video Chat Toolbar) - {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Program Files\ooVoo_Chat\prxtbooVo.dll (Conduit Ltd.)

O3 - HKU\Daniel_ON_C\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

O3 - HKU\Daniel_ON_C\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()

O3 - HKU\Daniel_ON_C\..\Toolbar\WebBrowser: (ooVoo Video Chat Toolbar) - {E5A1E26F-0D1D-4307-868F-FBD9A374AB54} - C:\Program Files\ooVoo_Chat\prxtbooVo.dll (Conduit Ltd.)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)

O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)

O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)

O4 - HKLM..\Run: [eRecoveryService]  File not found

O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [mcagent_exe]  File not found

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()

O4 - HKLM..\Run: [SearchSettings]  File not found

O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [USB Storage Toolbox] C:\Windows\UMStor\Res.exe (ali)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\Daniel_ON_C..\Run: []  File not found

O4 - HKU\Daniel_ON_C..\Run: [ICQ] C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)

O4 - HKU\Daniel_ON_C..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)

O4 - HKU\Daniel_ON_C..\Run: [ooVoo.exe] C:\Program Files\ooVoo\oovoo.exe (ooVoo LLC)

O4 - HKU\Daniel_ON_C..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)

O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk =  File not found

O4 - Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)

O13 - gopher Prefix: missing

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\x-owacid {0215258f-f0a8-49de-bf1b-0ff02eda8807} - C:\Program Files\Microsoft\Outlook Web Access SMIME Client\mimectl.dll (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKU\Daniel_ON_C Winlogon: Shell - (C:\Users\Daniel\AppData\Local\Temp\0.15879086892799255.exe) - C:\Users\Daniel\AppData\Local\Temp\0.15879086892799255.exe (cp)

O24 - Desktop WallPaper: 

O24 - Desktop BackupWallPaper: 

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\{1b0465b3-47ff-11e0-a0ff-001e101fb4df}\Shell - "" = AutoRun

O33 - MountPoints2\{1b0465b3-47ff-11e0-a0ff-001e101fb4df}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{63560b6d-81ab-11e0-b427-00235a4b6b39}\Shell - "" = AutoRun

O33 - MountPoints2\{63560b6d-81ab-11e0-b427-00235a4b6b39}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

O33 - MountPoints2\{6f00a80c-4dd1-11e0-a2b2-001e101f1838}\Shell - "" = AutoRun

O33 - MountPoints2\{6f00a80c-4dd1-11e0-a2b2-001e101f1838}\Shell\AutoRun\command - "" = H:\AutoRun.exe

O33 - MountPoints2\{7d9e9cae-4c17-11e0-9f4f-001e101f2500}\Shell - "" = AutoRun

O33 - MountPoints2\{7d9e9cae-4c17-11e0-9f4f-001e101f2500}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\{7d9e9ccf-4c17-11e0-9f4f-001e101f3da8}\Shell - "" = AutoRun

O33 - MountPoints2\{7d9e9ccf-4c17-11e0-9f4f-001e101f3da8}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{7e0816c1-5a76-11df-9653-00235a4b6b39}\Shell\AutoRun\command - "" = E:\StartPortableApps.exe

O33 - MountPoints2\{c892ebba-4709-11e0-acaa-00235a4b6b39}\Shell - "" = AutoRun

O33 - MountPoints2\{c892ebba-4709-11e0-acaa-00235a4b6b39}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{c892ebd8-4709-11e0-acaa-001e101f21c1}\Shell - "" = AutoRun

O33 - MountPoints2\{c892ebd8-4709-11e0-acaa-001e101f21c1}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{ca73948e-48f8-11e0-bf48-001e101f1f81}\Shell - "" = AutoRun

O33 - MountPoints2\{ca73948e-48f8-11e0-bf48-001e101f1f81}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setupSNK.exe

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011/06/12 14:23:52 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\go

[2011/06/12 14:23:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Easybits GO

[2011/06/08 01:45:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.5

[2011/06/08 00:57:08 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.5

[2011/05/21 19:24:31 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater

[2011/05/21 19:24:30 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar

[2011/05/18 20:08:59 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine

[2011/05/18 20:08:54 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Conduit

[2011/05/18 20:07:42 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2011/05/16 14:22:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras

[2011/05/16 14:21:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2011/05/16 14:21:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

[2009/01/12 08:48:15 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

 
 ========== Files - Modified Within 30 Days ==========

 

[2011/06/15 05:01:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/06/15 05:01:14 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/06/15 05:01:13 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/06/15 05:01:13 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2011/06/15 04:59:53 | 000,048,734 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2011/06/15 04:59:53 | 000,048,734 | ---- | M] () -- C:\ProgramData\nvModes.001

[2011/06/14 16:28:36 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml

[2011/06/14 13:26:13 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2011/06/14 13:26:13 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/06/14 13:26:13 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2011/06/14 13:26:13 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/06/12 14:23:53 | 000,001,559 | ---- | M] () -- C:\Users\Daniel\Desktop\Spielen (EasyBits GO).lnk

[2011/06/10 21:11:03 | 000,083,904 | ---- | M] () -- C:\Users\Daniel\Pictures\Documents\Bildschirmfoto 2011-06-11 um 03.10.44.png

[2011/06/10 21:07:55 | 000,058,144 | ---- | M] () -- C:\Users\Daniel\Pictures\Documents\Bildschirmfoto 2011-06-11 um 03.06.51.png

[2011/06/09 12:05:57 | 000,096,768 | ---- | M] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/06/08 01:45:10 | 000,001,637 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ICQ7.5.lnk

[2011/06/08 01:45:10 | 000,001,613 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.5.lnk

[2011/06/08 01:45:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.5

[2011/06/07 15:56:33 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2011/06/05 11:24:41 | 001,465,403 | ---- | M] () -- C:\Users\Daniel\Desktop\index.pdf

[2011/06/04 20:49:06 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk

[2011/06/04 20:49:06 | 000,001,399 | ---- | M] () -- C:\Users\Daniel\Desktop\DivX Movies.lnk

[2011/06/04 20:48:34 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk

[2011/06/04 20:48:34 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus

[2011/06/04 11:22:34 | 003,121,451 | ---- | M] () -- C:\Users\Daniel\Pictures\Documents\grins.mp3.zip

[2011/06/04 10:20:24 | 000,109,033 | ---- | M] () -- C:\Users\Daniel\Pictures\Documents\....jpg

[2011/06/02 16:45:34 | 090,441,378 | ---- | M] () -- C:\Users\Daniel\Pictures\Documents\zwei.zip

[2011/06/02 16:33:00 | 095,898,033 | ---- | M] () -- C:\Users\Daniel\Pictures\Documents\eins.zip

[2011/06/02 13:47:30 | 006,694,322 | ---- | M] () -- C:\Users\Daniel\Pictures\Documents\ende.m4a

[2011/06/02 13:34:13 | 005,778,774 | ---- | M] () -- C:\Users\Daniel\Pictures\Documents\12 Olä Olä.m4a

[2011/06/02 13:31:09 | 006,846,408 | ---- | M] () -- C:\Users\Daniel\Pictures\Documents\ohlä_oleh.m4a

[2011/06/02 13:11:22 | 007,719,366 | ---- | M] () -- C:\Users\Daniel\Pictures\Documents\oana_geht_no.m4a

[2011/06/02 13:06:08 | 005,735,479 | ---- | M] () -- C:\Users\Daniel\Pictures\Documents\auch_net.m4a

[2011/06/02 12:59:39 | 006,375,149 | ---- | M] () -- C:\Users\Daniel\Pictures\Documents\vielleicht.m4a

[2011/06/02 05:18:00 | 000,595,291 | ---- | M] () -- C:\Users\Daniel\Pictures\Documents\Kleine Eidechse.pdf

[2011/05/30 12:58:34 | 000,000,926 | ---- | M] () -- C:\Users\Daniel\Desktop\Dropbox.lnk

[2011/05/30 12:58:34 | 000,000,906 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2011/05/27 17:34:19 | 020,533,281 | ---- | M] () -- C:\Users\Daniel\Pictures\Documents\vlc-1.1.9-win32.exe

[2011/05/22 17:46:04 | 000,973,606 | ---- | M] () -- C:\Users\Daniel\Pictures\Documents\Bildschirmfoto 2011-05-22 um 23.45.21.png

[2011/05/18 20:08:38 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\ooVoo.lnk

[2011/05/18 20:08:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ooVoo

[2011/05/17 18:22:31 | 000,021,352 | ---- | M] () -- C:\Users\Daniel\Pictures\Documents\Nackisch.JPG

[2011/05/16 14:21:23 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[2011/05/16 14:21:23 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

 
 ========== Files Created - No Company Name ==========

 

[2011/06/12 14:23:53 | 000,001,589 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spielen (EasyBits GO).lnk

[2011/06/12 14:23:53 | 000,001,559 | ---- | C] () -- C:\Users\Daniel\Desktop\Spielen (EasyBits GO).lnk

[2011/06/10 21:11:02 | 000,083,904 | ---- | C] () -- C:\Users\Daniel\Pictures\Documents\Bildschirmfoto 2011-06-11 um 03.10.44.png

[2011/06/10 21:07:54 | 000,058,144 | ---- | C] () -- C:\Users\Daniel\Pictures\Documents\Bildschirmfoto 2011-06-11 um 03.06.51.png

[2011/06/08 01:45:10 | 000,001,637 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ICQ7.5.lnk

[2011/06/08 01:45:10 | 000,001,613 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.5.lnk

[2011/06/05 11:24:41 | 001,465,403 | ---- | C] () -- C:\Users\Daniel\Desktop\index.pdf

[2011/06/04 20:49:06 | 000,001,901 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk

[2011/06/04 20:49:06 | 000,001,399 | ---- | C] () -- C:\Users\Daniel\Desktop\DivX Movies.lnk

[2011/06/04 20:48:34 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk

[2011/06/04 11:22:04 | 003,121,451 | ---- | C] () -- C:\Users\Daniel\Pictures\Documents\grins.mp3.zip

[2011/06/04 10:20:21 | 000,109,033 | ---- | C] () -- C:\Users\Daniel\Pictures\Documents\....jpg

[2011/06/02 16:33:17 | 090,441,378 | ---- | C] () -- C:\Users\Daniel\Pictures\Documents\zwei.zip

[2011/06/02 16:19:58 | 095,898,033 | ---- | C] () -- C:\Users\Daniel\Pictures\Documents\eins.zip

[2011/06/02 13:46:34 | 006,694,322 | ---- | C] () -- C:\Users\Daniel\Pictures\Documents\ende.m4a

[2011/06/02 13:33:26 | 005,778,774 | ---- | C] () -- C:\Users\Daniel\Pictures\Documents\12 Olä Olä.m4a

[2011/06/02 13:30:13 | 006,846,408 | ---- | C] () -- C:\Users\Daniel\Pictures\Documents\ohlä_oleh.m4a

[2011/06/02 13:10:17 | 007,719,366 | ---- | C] () -- C:\Users\Daniel\Pictures\Documents\oana_geht_no.m4a

[2011/06/02 13:05:21 | 005,735,479 | ---- | C] () -- C:\Users\Daniel\Pictures\Documents\auch_net.m4a

[2011/06/02 12:58:46 | 006,375,149 | ---- | C] () -- C:\Users\Daniel\Pictures\Documents\vielleicht.m4a

[2011/06/02 05:17:54 | 000,595,291 | ---- | C] () -- C:\Users\Daniel\Pictures\Documents\Kleine Eidechse.pdf

[2011/05/22 17:45:45 | 000,973,606 | ---- | C] () -- C:\Users\Daniel\Pictures\Documents\Bildschirmfoto 2011-05-22 um 23.45.21.png

[2011/05/17 18:22:29 | 000,021,352 | ---- | C] () -- C:\Users\Daniel\Pictures\Documents\Nackisch.JPG

[2011/05/16 14:21:23 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk

[2010/11/16 04:30:44 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2010/11/16 04:30:44 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2010/06/06 04:53:36 | 000,017,089 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\UserTile.png

[2010/03/20 14:10:27 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI

[2010/03/19 07:24:42 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll

[2010/03/08 20:40:54 | 000,000,783 | ---- | C] () -- C:\Windows\NTIWVEDT.INI

[2010/02/15 19:24:02 | 000,017,408 | ---- | C] () -- C:\Users\Daniel\AppData\Local\WebpageIcons.db

[2010/01/12 18:18:11 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2010/01/01 15:08:31 | 000,147,939 | ---- | C] () -- C:\Windows\hpoins12.dat

[2009/11/21 08:41:11 | 000,000,231 | ---- | C] () -- C:\Windows\POWERPNT.INI

[2009/11/21 08:40:59 | 000,000,064 | ---- | C] () -- C:\Windows\exchng32.ini

[2009/11/21 08:40:59 | 000,000,026 | ---- | C] () -- C:\Windows\datalink.ini

[2009/11/21 08:40:41 | 000,000,032 | ---- | C] () -- C:\Windows\GRAPH5.INI

[2009/11/21 08:40:38 | 000,000,000 | ---- | C] () -- C:\Windows\WINHELP.INI

[2009/11/21 08:39:07 | 000,000,969 | ---- | C] () -- C:\Windows\ODBCINST.INI

[2009/11/08 14:55:50 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat

[2009/09/18 01:42:03 | 000,000,134 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\wklnhst.dat

[2009/09/11 20:03:09 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009/09/11 20:01:19 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/09/06 17:57:08 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2009/09/05 09:10:25 | 000,096,768 | ---- | C] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/09/05 08:46:11 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll

[2009/09/05 07:40:13 | 000,000,535 | ---- | C] () -- C:\Windows\eReg.dat

[2009/09/05 06:25:50 | 000,081,408 | ---- | C] () -- C:\Windows\System32\drivers\SSHDRV86.sys

[2009/08/29 21:10:09 | 000,007,592 | ---- | C] () -- C:\Users\Daniel\AppData\Local\d3d9caps.dat

[2009/08/29 17:44:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2009/08/03 10:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009/08/03 10:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe

[2009/03/04 15:42:47 | 000,048,734 | ---- | C] () -- C:\ProgramData\nvModes.001

[2009/03/04 15:42:40 | 000,048,734 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2009/03/04 15:28:02 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll

[2009/03/04 15:28:02 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe

[2009/03/04 15:28:02 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe

[2009/03/04 15:28:02 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini

[2009/01/12 02:23:18 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll

[2009/01/12 02:23:18 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll

[2009/01/12 01:50:53 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll

[2009/01/12 01:27:12 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat

[2009/01/12 01:27:12 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat

[2009/01/12 01:27:12 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat

[2009/01/12 01:27:12 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat

[2009/01/12 00:31:08 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2008/01/21 03:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2008/01/21 03:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2008/01/21 03:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2008/01/21 03:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2007/01/22 12:05:38 | 000,001,470 | ---- | C] () -- C:\Windows\hpomdl12.dat

[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 08:47:37 | 000,408,904 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 06:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 06:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2003/09/23 08:14:42 | 001,099,264 | ---- | C] () -- C:\Windows\System32\cygxml2-2.dll

[2003/08/10 10:59:20 | 000,980,992 | ---- | C] () -- C:\Windows\System32\cygiconv-2.dll

[2003/08/08 20:28:16 | 000,061,440 | ---- | C] () -- C:\Windows\System32\cygz.dll

[2001/12/26 11:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll

[2001/11/14 08:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

[2001/09/03 18:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll

[2001/07/30 11:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll

[2001/07/23 17:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

[1997/06/14 08:26:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

[1995/08/09 19:00:00 | 000,913,952 | ---- | C] () -- C:\Windows\System32\WWINTL32.DLL

[1995/08/09 19:00:00 | 000,107,008 | ---- | C] () -- C:\Windows\System32\TTEMB32.DLL

[1995/08/09 19:00:00 | 000,068,096 | ---- | C] () -- C:\Windows\System32\MSROUTE.DLL

[1995/08/09 19:00:00 | 000,052,736 | ---- | C] () -- C:\Windows\System32\OPENDEU.DLL

[1995/08/09 19:00:00 | 000,010,512 | ---- | C] () -- C:\Windows\System32\VBADE32.DLL

[1995/08/09 19:00:00 | 000,006,352 | ---- | C] () -- C:\Windows\System32\VISXUTIL.DLL

[1995/08/09 19:00:00 | 000,002,041 | ---- | C] () -- C:\Windows\MSFNTMAP.INI

[1995/08/09 19:00:00 | 000,000,586 | ---- | C] () -- C:\Windows\MSTXTCNV.INI

[1995/08/09 19:00:00 | 000,000,280 | ---- | C] () -- C:\Windows\TTEMBED.INI

 
 ========== LOP Check ==========

 

[2009/09/05 15:10:40 | 000,000,000 | -HSD | M] -- C:\Users\Daniel\AppData\Roaming\.#

[2009/08/30 07:41:31 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Acer

[2009/01/12 02:21:17 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Acer GameZone Console

[2010/03/15 15:19:17 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Ansys

[2010/10/12 10:18:31 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Azureus

[2010/10/21 11:40:03 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\BitTorrent

[2010/05/22 16:58:04 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DAEMON Tools Lite

[2011/06/14 08:42:09 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Dropbox

[2010/01/13 06:02:32 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\eSobi

[2009/09/05 11:58:00 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\FloodLightGames

[2011/06/14 10:09:53 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\go

[2010/03/15 22:02:01 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\GrabPro

[2011/06/14 07:40:48 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ICQ

[2010/03/09 19:35:43 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Image Zone Express

[2009/09/20 13:32:03 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\My Games

[2010/05/08 03:59:39 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Nokia

[2010/05/30 16:17:08 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ooVoo Details

[2010/05/30 16:13:44 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\oovooinstaller

[2009/10/16 14:53:38 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\OpenOffice.org

[2011/02/16 17:13:09 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Orbit

[2009/09/10 13:02:24 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\PC Suite

[2010/06/06 04:53:36 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\PeerNetworking

[2009/09/06 17:36:04 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\PowerCinema

[2010/03/09 19:35:43 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Printer Info Cache

[2011/02/14 20:51:18 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ProgSense

[2009/09/17 20:46:43 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\SoftDMA

[2010/10/10 15:11:28 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\StreamTorrent

[2011/03/05 05:28:50 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Telefónica

[2010/12/29 20:31:16 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Template

[2009/01/12 02:21:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Acer GameZone Console

[2009/08/29 16:56:57 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten

[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data

[2010/11/20 06:04:03 | 000,000,000 | ---D | M] -- C:\ProgramData\Cisco

[2010/05/22 16:50:07 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite

[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop

[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents

[2009/08/29 16:56:57 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente

[2011/06/14 12:25:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Easybits GO

[2009/09/05 06:11:12 | 000,000,000 | ---D | M] -- C:\ProgramData\eSobi

[2009/08/29 16:56:57 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten

[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites

[2009/01/12 02:11:38 | 000,000,000 | ---D | M] -- C:\ProgramData\FloodLightGames

[2010/09/19 05:30:53 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ

[2009/12/21 05:36:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Installations

[2010/06/19 14:25:44 | 000,000,000 | ---D | M] -- C:\ProgramData\InterAction studios

[2010/10/16 12:52:27 | 000,000,000 | ---D | M] -- C:\ProgramData\NtiDvdCopy

[2009/09/05 10:16:39 | 000,000,000 | ---D | M] -- C:\ProgramData\Oberon Games

[2010/05/08 04:03:49 | 000,000,000 | ---D | M] -- C:\ProgramData\OviInstallerCache

[2009/09/10 13:01:19 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Suite

[2010/10/13 11:50:33 | 000,000,000 | ---D | M] -- C:\ProgramData\SAPGUI

[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu

[2009/08/29 16:56:57 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu

[2010/06/22 19:07:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp

[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates

[2009/08/29 16:56:57 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen

[2010/05/06 18:56:04 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch

[2009/09/24 18:18:57 | 000,000,000 | ---D | M] -- C:\ProgramData\ZDF

[2011/06/15 05:01:13 | 000,032,536 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:8AB6C1D7

@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:8173A019

@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:C95B63DA

@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:4F636E25

< End of report >

--- --- ---

Okay jetzt?

jetzt gehts los
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort rein:

Code:

:OTL

O20 - HKU\Daniel_ON_C Winlogon: Shell - (C:\Users\Daniel\AppData\Local\Temp\0.15879086892799255.exe) - C:\Users\Daniel\AppData\Local\Temp\0.15879086892799255.exe

(cp)

:Files

C:\Users\Daniel\AppData\Local\Temp\0.15879086892799255.exe

:Commands

[purity]

[EMPTYFLASH] 

[emptytemp]

[Reboot]

dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits in meinem post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

öffne computer, öffne C: dann _OTL
dort rechtsklick auf moved files
wähle zu moved files.rar oder zip hinzufügen.
http://www.trojaner-board.de/54791-a...ner-board.html

Vielen Dank Für die Fix.txt

Ich hab jetzt aber das Problem dass wenn ich die Datei in den OTLPE hochladen möchte eine Fehlermeldung kommt. Ich kann auf Run Fix klicken und er fragt mich auch nach der Fix.txt aber wenn ich das Verzeichnis durchsuchen möchte kommt:

Access violation at address 7CA0C936 in module 'Shell32.dll'. Read of address 00000006.

Mit Notepad das ganze manuell abzutippen und in den Ordner Mydocuments abzulegen welcher noch angezeigt wird hilft auch nicht da ich dann kein zweites mal Run Fix drücken kann

ne du sollst otl laden, bis es bereit wäre zum scannen, dann hast du doch ein feld, wo du eingaben machen kannst, dort tippst du den fix rein, per hand und klickst auf fix.

Jaaaaaaaaa Es geht....wenn du kein Kerl wärst würde ich dich jetzt knutschen!!!

Also die OTL hat sich nicht von selbst geöffnet aber ich schick dir mal die die ich auf der Festplatte gefunden habe. Ich kann sie nicht anhängen da zu groß.OTL Logfile:

Code:

OTL logfile created on: 6/15/2011 1:40:18 PM - Run 

OTLPE by OldTimer - Version 3.1.46.0     Folder = X:\Programs\OTLPE

Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free

3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 142.54 Gb Total Space | 41.68 Gb Free Space | 29.24% Space Free | Partition Type: NTFS

Drive F: | 139.00 Gb Total Space | 138.91 Gb Free Space | 99.94% Space Free | Partition Type: NTFS

Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

 

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet002

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2011/05/06 11:33:00 | 000,393,112 | ---- | M] (Spigot, Inc.) [Auto] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)

SRV - [2011/04/27 21:32:38 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011/03/16 15:47:27 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010/08/16 14:16:06 | 000,592,120 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)

SRV - [2010/08/02 06:40:56 | 000,199,600 | ---- | M] (Telefónica I+D) [Auto] -- C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc)

SRV - [2010/04/12 17:56:48 | 000,246,520 | ---- | M] () [Auto] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)

SRV - [2010/03/25 04:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)

SRV - [2010/01/26 06:41:08 | 000,652,800 | ---- | M] (Nokia) [On_Demand] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2009/11/15 14:31:08 | 000,049,152 | ---- | M] () [Auto] -- C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -- (dtpd)

SRV - [2009/11/15 14:29:10 | 000,716,800 | ---- | M] () [Auto] -- C:\Program Files\ShrewSoft\VPN Client\iked.exe -- (iked)

SRV - [2009/11/15 14:26:42 | 000,536,576 | ---- | M] () [Auto] -- C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -- (ipsecd)

SRV - [2009/10/02 14:28:09 | 002,969,600 | ---- | M] (ANSYS, Inc.) [Auto] -- C:\Program Files\ANSYS Inc\Shared Files\Licensing\win32\ansysli_server.exe -- (ANSYS, Inc. License Manager)

SRV - [2009/04/16 10:56:36 | 000,075,048 | ---- | M] () [Auto] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)

SRV - [2008/10/01 06:43:56 | 000,024,576 | ---- | M] () [Auto] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)

SRV - [2008/07/29 12:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)

SRV - [2008/07/19 10:13:44 | 000,233,472 | ---- | M] (Acer Incorporated) [Auto] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)

SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/12/06 11:15:28 | 000,110,592 | ---- | M] () [Auto] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand] --  -- (upperdev)

DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)

DRV - [2011/03/16 15:47:27 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2010/11/23 08:48:03 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010/08/16 14:02:49 | 000,019,680 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)

DRV - [2010/05/22 16:50:58 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)

DRV - [2010/04/09 03:24:12 | 000,063,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)

DRV - [2010/03/24 22:08:38 | 000,105,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2010/03/19 23:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)

DRV - [2010/03/19 22:28:12 | 000,116,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)

DRV - [2009/11/18 20:06:18 | 000,017,408 | ---- | M] (Shrew Soft Inc) [Kernel | System] -- C:\Windows\System32\drivers\vfilter.sys -- (vflt)

DRV - [2009/11/18 20:06:16 | 000,009,728 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand] -- C:\Windows\System32\drivers\virtualnet.sys -- (vnet)

DRV - [2009/09/16 04:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2009/09/16 04:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)

DRV - [2009/09/16 04:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)

DRV - [2009/09/16 04:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)

DRV - [2009/09/16 04:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)

DRV - [2009/09/05 06:25:50 | 000,081,408 | ---- | M] () [Kernel | System] -- C:\Windows\System32\drivers\SSHDRV86.sys -- (SSHDRV86)

DRV - [2009/05/11 05:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009/02/13 06:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2009/01/01 13:25:00 | 007,542,720 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2008/11/23 23:49:38 | 000,048,128 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E)

DRV - [2008/11/19 05:33:50 | 000,057,856 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)

DRV - [2008/11/03 06:31:40 | 000,107,360 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)

DRV - [2008/10/01 05:04:16 | 000,012,832 | ---- | M] (Acer, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\int15.sys -- (int15)

DRV - [2008/09/24 04:09:48 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)

DRV - [2008/08/29 02:48:46 | 003,664,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)

DRV - [2008/08/26 03:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2007/10/19 09:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

DRV - [2006/11/02 09:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

IE - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = about:blank

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4

IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKLM\..\URLSearchHook: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Program Files\ooVoo_Chat\prxtbooVo.dll (Conduit Ltd.)

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.hs-albsig.de:8080

 

IE - HKU\Daniel_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0309&m=aspire_4935

IE - HKU\Daniel_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]

IE - HKU\Daniel_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = 

IE - HKU\Daniel_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\Daniel_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1572363

IE - HKU\Daniel_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\Daniel_ON_C\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKU\Daniel_ON_C\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKU\Daniel_ON_C\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.4\pdfforgeToolbarIE.dll (Spigot, Inc.)

IE - HKU\Daniel_ON_C\..\URLSearchHook: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Program Files\ooVoo_Chat\prxtbooVo.dll (Conduit Ltd.)

IE - HKU\Daniel_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.defaultthis.engineName: "ooVoo Video Chat Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1572363&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"

FF - prefs.js..browser.search.selectedEngine: "ooVoo Video Chat Customized Web Search"

FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT1572363&SearchSource=13"

FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.26

FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.2

FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2

FF - prefs.js..extensions.enabledItems: 5

FF - prefs.js..extensions.enabledItems: 2

FF - prefs.js..extensions.enabledItems: 2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.4

FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2

FF - prefs.js..keyword.URL: "hxxp://start.facemoods.com/results.php?f=5&a=ddr&q="

FF - prefs.js..network.proxy.autoconfig_url: "hxxp://proxy.fh-albsig.de/"

FF - prefs.js..network.proxy.ftp: "proxy.fh-albsig.de"

FF - prefs.js..network.proxy.ftp_port: 8080

FF - prefs.js..network.proxy.gopher: "proxy.fh-albsig.de"

FF - prefs.js..network.proxy.gopher_port: 8080

FF - prefs.js..network.proxy.http: "proxy.fh-albsig.de"

FF - prefs.js..network.proxy.http_port: 8080

FF - prefs.js..network.proxy.socks: "proxy.fh-albsig.de"

FF - prefs.js..network.proxy.socks_port: 8080

FF - prefs.js..network.proxy.socks_version: 4

FF - prefs.js..network.proxy.ssl: "proxy.fh-albsig.de"

FF - prefs.js..network.proxy.ssl_port: 8080

FF - prefs.js..network.proxy.type: 4

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/05/08 04:06:19 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/08 14:52:04 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/24 21:13:49 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/05/08 04:06:20 | 000,000,000 | ---D | M]

 

[2010/01/12 18:18:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Extensions

[2011/06/14 12:12:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\tzwqhn0e.default\extensions

[2011/04/20 14:19:34 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\tzwqhn0e.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}

[2010/05/31 04:39:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\tzwqhn0e.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/04/13 18:09:41 | 000,000,000 | ---D | M] (mediaplayerconnectivity) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\tzwqhn0e.default\extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6}

[2011/05/18 20:09:23 | 000,000,000 | ---D | M] (ooVoo Video Chat Community Toolbar) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\tzwqhn0e.default\extensions\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}

[2011/05/18 20:09:47 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\tzwqhn0e.default\extensions\engine@conduit.com

[2010/03/18 14:34:14 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\tzwqhn0e.default\extensions\firefox@tvunetworks.com

[2010/12/28 07:08:16 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\tzwqhn0e.default\extensions\vshare@toolbar

[2011/05/18 12:03:36 | 000,000,935 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\tzwqhn0e.default\searchplugins\conduit.xml

[2010/05/22 16:51:27 | 000,002,059 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\tzwqhn0e.default\searchplugins\daemon-search.xml

[2011/06/01 02:19:54 | 000,000,950 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\tzwqhn0e.default\searchplugins\icqplugin-1.xml

[2010/12/08 06:36:28 | 000,000,945 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\tzwqhn0e.default\searchplugins\icqplugin.xml

[2010/06/20 10:15:53 | 000,003,915 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\tzwqhn0e.default\searchplugins\sweetim.xml

[2011/05/21 19:24:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/01/12 18:17:33 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2010/06/07 20:18:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2011/05/21 19:24:31 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM

[2010/05/08 04:06:19 | 000,000,000 | ---D | M] (Firefox Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA OVI SUITE\CONNECTORS\BOOKMARKS CONNECTOR\FIREFOXEXTENSION

[2010/06/07 20:17:54 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2010/07/05 03:52:11 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2010/07/05 03:52:11 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml

[2010/12/13 08:36:54 | 000,002,035 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrchddr.xml

[2010/07/05 03:52:12 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2010/07/05 03:52:12 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2010/07/05 03:52:12 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)

O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.4\pdfforgeToolbarIE.dll (Spigot, Inc.)

O2 - BHO: (ooVoo Video Chat Toolbar) - {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Program Files\ooVoo_Chat\prxtbooVo.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)

O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.4\pdfforgeToolbarIE.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()

O3 - HKLM\..\Toolbar: (ooVoo Video Chat Toolbar) - {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Program Files\ooVoo_Chat\prxtbooVo.dll (Conduit Ltd.)

O3 - HKU\Daniel_ON_C\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

O3 - HKU\Daniel_ON_C\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()

O3 - HKU\Daniel_ON_C\..\Toolbar\WebBrowser: (ooVoo Video Chat Toolbar) - {E5A1E26F-0D1D-4307-868F-FBD9A374AB54} - C:\Program Files\ooVoo_Chat\prxtbooVo.dll (Conduit Ltd.)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)

O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)

O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)

O4 - HKLM..\Run: [eRecoveryService]  File not found

O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [mcagent_exe]  File not found

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()

O4 - HKLM..\Run: [SearchSettings]  File not found

O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [USB Storage Toolbox] C:\Windows\UMStor\Res.exe (ali)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\Daniel_ON_C..\Run: []  File not found

O4 - HKU\Daniel_ON_C..\Run: [ICQ] C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)

O4 - HKU\Daniel_ON_C..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)

O4 - HKU\Daniel_ON_C..\Run: [ooVoo.exe] C:\Program Files\ooVoo\oovoo.exe (ooVoo LLC)

O4 - HKU\Daniel_ON_C..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)

O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk =  File not found

O4 - Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)

O13 - gopher Prefix: missing

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\x-owacid {0215258f-f0a8-49de-bf1b-0ff02eda8807} - C:\Program Files\Microsoft\Outlook Web Access SMIME Client\mimectl.dll (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKU\Daniel_ON_C Winlogon: Shell - (C:\Users\Daniel\AppData\Local\Temp\0.15879086892799255.exe) - C:\Users\Daniel\AppData\Local\Temp\0.15879086892799255.exe (cp)

O24 - Desktop WallPaper: 

O24 - Desktop BackupWallPaper: 

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\{1b0465b3-47ff-11e0-a0ff-001e101fb4df}\Shell - "" = AutoRun

O33 - MountPoints2\{1b0465b3-47ff-11e0-a0ff-001e101fb4df}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{63560b6d-81ab-11e0-b427-00235a4b6b39}\Shell - "" = AutoRun

O33 - MountPoints2\{63560b6d-81ab-11e0-b427-00235a4b6b39}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

O33 - MountPoints2\{6f00a80c-4dd1-11e0-a2b2-001e101f1838}\Shell - "" = AutoRun

O33 - MountPoints2\{6f00a80c-4dd1-11e0-a2b2-001e101f1838}\Shell\AutoRun\command - "" = H:\AutoRun.exe

O33 - MountPoints2\{7d9e9cae-4c17-11e0-9f4f-001e101f2500}\Shell - "" = AutoRun

O33 - MountPoints2\{7d9e9cae-4c17-11e0-9f4f-001e101f2500}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\{7d9e9ccf-4c17-11e0-9f4f-001e101f3da8}\Shell - "" = AutoRun

O33 - MountPoints2\{7d9e9ccf-4c17-11e0-9f4f-001e101f3da8}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{7e0816c1-5a76-11df-9653-00235a4b6b39}\Shell\AutoRun\command - "" = E:\StartPortableApps.exe

O33 - MountPoints2\{c892ebba-4709-11e0-acaa-00235a4b6b39}\Shell - "" = AutoRun

O33 - MountPoints2\{c892ebba-4709-11e0-acaa-00235a4b6b39}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{c892ebd8-4709-11e0-acaa-001e101f21c1}\Shell - "" = AutoRun

O33 - MountPoints2\{c892ebd8-4709-11e0-acaa-001e101f21c1}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{ca73948e-48f8-11e0-bf48-001e101f1f81}\Shell - "" = AutoRun

O33 - MountPoints2\{ca73948e-48f8-11e0-bf48-001e101f1f81}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setupSNK.exe

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011/06/12 14:23:52 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\go

[2011/06/12 14:23:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Easybits GO

[2011/06/08 01:45:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.5

[2011/06/08 00:57:08 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.5

[2011/05/21 19:24:31 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater

[2011/05/21 19:24:30 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar

[2011/05/18 20:08:59 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine

[2011/05/18 20:08:54 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Conduit

[2011/05/18 20:07:42 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2011/05/16 14:22:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype Extras

[2011/05/16 14:21:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

[2011/05/16 14:21:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype

[2009/01/12 08:48:15 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

 
 ========== Files - Modified Within 30 Days ==========

 

[2011/06/15 05:01:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/06/15 05:01:14 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/06/15 05:01:13 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/06/15 05:01:13 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2011/06/15 04:59:53 | 000,048,734 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2011/06/15 04:59:53 | 000,048,734 | ---- | M] () -- C:\ProgramData\nvModes.001

[2011/06/14 16:28:36 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml

[2011/06/14 13:26:13 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2011/06/14 13:26:13 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/06/14 13:26:13 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2011/06/14 13:26:13 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/06/12 14:23:53 | 000,001,559 | ---- | M] () -- C:\Users\Daniel\Desktop\Spielen (EasyBits GO).lnk

[2011/06/10 21:11:03 | 000,083,904 | ---- | M] () -- C:\Users\Daniel\Pictures\Documents\Bildschirmfoto 2011-06-11 um 03.10.44.png

[2011/06/10 21:07:55 | 000,058,144 | ---- | M] () -- C:\Users\Daniel\Pictures\Documents\Bildschirmfoto 2011-06-11 um 03.06.51.png

[2011/06/09 12:05:57 | 000,096,768 | ---- | M] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/06/08 01:45:10 | 000,001,637 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ICQ7.5.lnk

[2011/06/08 01:45:10 | 000,001,613 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.5.lnk

[2011/06/08 01:45:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.5

[2011/06/07 15:56:33 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2011/06/05 11:24:41 | 001,465,403 | ---- | M] () -- C:\Users\Daniel\Desktop\index.pdf

[2011/06/04 20:49:06 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk

[2011/06/04 20:49:06 | 000,001,399 | ---- | M] () -- C:\Users\Daniel\Desktop\DivX Movies.lnk

[2011/06/04 20:48:34 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk

[2011/06/04 20:48:34 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus

[2011/06/04 11:22:34 | 003,121,451 | ---- | M] () -- C:\Users\Daniel\Pictures\Documents\grins.mp3.zip

[2011/06/04 10:20:24 | 000,109,033 | ---- | M] () -- C:\Users\Daniel\Pictures\Documents\....jpg

[2011/06/02 16:45:34 | 090,441,378 | ---- | M] () -- C:\Users\Daniel\Pictures\Documents\zwei.zip

[2011/06/02 16:33:00 | 095,898,033 | ---- | M] () -- C:\Users\Daniel\Pictures\Documents\eins.zip

[2011/06/02 13:47:30 | 006,694,322 | ---- | M] () -- C:\Users\Daniel\Pictures\Documents\ende.m4a

[2011/06/02 13:34:13 | 005,778,774 | ---- | M] () -- C:\Users\Daniel\Pictures\Documents\12 Olä Olä.m4a

[2011/06/02 13:31:09 | 006,846,408 | ---- | M] () -- C:\Users\Daniel\Pictures\Documents\ohlä_oleh.m4a

[2011/06/02 13:11:22 | 007,719,366 | ---- | M] () -- C:\Users\Daniel\Pictures\Documents\oana_geht_no.m4a

[2011/06/02 13:06:08 | 005,735,479 | ---- | M] () -- C:\Users\Daniel\Pictures\Documents\auch_net.m4a

[2011/06/02 12:59:39 | 006,375,149 | ---- | M] () -- C:\Users\Daniel\Pictures\Documents\vielleicht.m4a

[2011/06/02 05:18:00 | 000,595,291 | ---- | M] () -- C:\Users\Daniel\Pictures\Documents\Kleine Eidechse.pdf

[2011/05/30 12:58:34 | 000,000,926 | ---- | M] () -- C:\Users\Daniel\Desktop\Dropbox.lnk

[2011/05/30 12:58:34 | 000,000,906 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2011/05/27 17:34:19 | 020,533,281 | ---- | M] () -- C:\Users\Daniel\Pictures\Documents\vlc-1.1.9-win32.exe

[2011/05/22 17:46:04 | 000,973,606 | ---- | M] () -- C:\Users\Daniel\Pictures\Documents\Bildschirmfoto 2011-05-22 um 23.45.21.png

[2011/05/18 20:08:38 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\ooVoo.lnk

[2011/05/18 20:08:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ooVoo

[2011/05/17 18:22:31 | 000,021,352 | ---- | M] () -- C:\Users\Daniel\Pictures\Documents\Nackisch.JPG

[2011/05/16 14:21:23 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[2011/05/16 14:21:23 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

 
 ========== Files Created - No Company Name ==========

 

[2011/06/12 14:23:53 | 000,001,589 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spielen (EasyBits GO).lnk

[2011/06/12 14:23:53 | 000,001,559 | ---- | C] () -- C:\Users\Daniel\Desktop\Spielen (EasyBits GO).lnk

[2011/06/10 21:11:02 | 000,083,904 | ---- | C] () -- C:\Users\Daniel\Pictures\Documents\Bildschirmfoto 2011-06-11 um 03.10.44.png

[2011/06/10 21:07:54 | 000,058,144 | ---- | C] () -- C:\Users\Daniel\Pictures\Documents\Bildschirmfoto 2011-06-11 um 03.06.51.png

[2011/06/08 01:45:10 | 000,001,637 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ICQ7.5.lnk

[2011/06/08 01:45:10 | 000,001,613 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.5.lnk

[2011/06/05 11:24:41 | 001,465,403 | ---- | C] () -- C:\Users\Daniel\Desktop\index.pdf

[2011/06/04 20:49:06 | 000,001,901 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk

[2011/06/04 20:49:06 | 000,001,399 | ---- | C] () -- C:\Users\Daniel\Desktop\DivX Movies.lnk

[2011/06/04 20:48:34 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk

[2011/06/04 11:22:04 | 003,121,451 | ---- | C] () -- C:\Users\Daniel\Pictures\Documents\grins.mp3.zip

[2011/06/04 10:20:21 | 000,109,033 | ---- | C] () -- C:\Users\Daniel\Pictures\Documents\....jpg

[2011/06/02 16:33:17 | 090,441,378 | ---- | C] () -- C:\Users\Daniel\Pictures\Documents\zwei.zip

[2011/06/02 16:19:58 | 095,898,033 | ---- | C] () -- C:\Users\Daniel\Pictures\Documents\eins.zip

[2011/06/02 13:46:34 | 006,694,322 | ---- | C] () -- C:\Users\Daniel\Pictures\Documents\ende.m4a

[2011/06/02 13:33:26 | 005,778,774 | ---- | C] () -- C:\Users\Daniel\Pictures\Documents\12 Olä Olä.m4a

[2011/06/02 13:30:13 | 006,846,408 | ---- | C] () -- C:\Users\Daniel\Pictures\Documents\ohlä_oleh.m4a

[2011/06/02 13:10:17 | 007,719,366 | ---- | C] () -- C:\Users\Daniel\Pictures\Documents\oana_geht_no.m4a

[2011/06/02 13:05:21 | 005,735,479 | ---- | C] () -- C:\Users\Daniel\Pictures\Documents\auch_net.m4a

[2011/06/02 12:58:46 | 006,375,149 | ---- | C] () -- C:\Users\Daniel\Pictures\Documents\vielleicht.m4a

[2011/06/02 05:17:54 | 000,595,291 | ---- | C] () -- C:\Users\Daniel\Pictures\Documents\Kleine Eidechse.pdf

[2011/05/22 17:45:45 | 000,973,606 | ---- | C] () -- C:\Users\Daniel\Pictures\Documents\Bildschirmfoto 2011-05-22 um 23.45.21.png

[2011/05/17 18:22:29 | 000,021,352 | ---- | C] () -- C:\Users\Daniel\Pictures\Documents\Nackisch.JPG

[2011/05/16 14:21:23 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk

[2010/11/16 04:30:44 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2010/11/16 04:30:44 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2010/06/06 04:53:36 | 000,017,089 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\UserTile.png

[2010/03/20 14:10:27 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI

[2010/03/19 07:24:42 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll

[2010/03/08 20:40:54 | 000,000,783 | ---- | C] () -- C:\Windows\NTIWVEDT.INI

[2010/02/15 19:24:02 | 000,017,408 | ---- | C] () -- C:\Users\Daniel\AppData\Local\WebpageIcons.db

[2010/01/12 18:18:11 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2010/01/01 15:08:31 | 000,147,939 | ---- | C] () -- C:\Windows\hpoins12.dat

[2009/11/21 08:41:11 | 000,000,231 | ---- | C] () -- C:\Windows\POWERPNT.INI

[2009/11/21 08:40:59 | 000,000,064 | ---- | C] () -- C:\Windows\exchng32.ini

[2009/11/21 08:40:59 | 000,000,026 | ---- | C] () -- C:\Windows\datalink.ini

[2009/11/21 08:40:41 | 000,000,032 | ---- | C] () -- C:\Windows\GRAPH5.INI

[2009/11/21 08:40:38 | 000,000,000 | ---- | C] () -- C:\Windows\WINHELP.INI

[2009/11/21 08:39:07 | 000,000,969 | ---- | C] () -- C:\Windows\ODBCINST.INI

[2009/11/08 14:55:50 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat

[2009/09/18 01:42:03 | 000,000,134 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\wklnhst.dat

[2009/09/11 20:03:09 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009/09/11 20:01:19 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/09/06 17:57:08 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2009/09/05 09:10:25 | 000,096,768 | ---- | C] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/09/05 08:46:11 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll

[2009/09/05 07:40:13 | 000,000,535 | ---- | C] () -- C:\Windows\eReg.dat

[2009/09/05 06:25:50 | 000,081,408 | ---- | C] () -- C:\Windows\System32\drivers\SSHDRV86.sys

[2009/08/29 21:10:09 | 000,007,592 | ---- | C] () -- C:\Users\Daniel\AppData\Local\d3d9caps.dat

[2009/08/29 17:44:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2009/08/03 10:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009/08/03 10:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe

[2009/03/04 15:42:47 | 000,048,734 | ---- | C] () -- C:\ProgramData\nvModes.001

[2009/03/04 15:42:40 | 000,048,734 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2009/03/04 15:28:02 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll

[2009/03/04 15:28:02 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe

[2009/03/04 15:28:02 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe

[2009/03/04 15:28:02 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini

[2009/01/12 02:23:18 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll

[2009/01/12 02:23:18 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll

[2009/01/12 01:50:53 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll

[2009/01/12 01:27:12 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat

[2009/01/12 01:27:12 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat

[2009/01/12 01:27:12 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat

[2009/01/12 01:27:12 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat

[2009/01/12 00:31:08 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2008/01/21 03:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2008/01/21 03:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2008/01/21 03:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2008/01/21 03:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2007/01/22 12:05:38 | 000,001,470 | ---- | C] () -- C:\Windows\hpomdl12.dat

[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 08:47:37 | 000,408,904 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 06:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 06:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2003/09/23 08:14:42 | 001,099,264 | ---- | C] () -- C:\Windows\System32\cygxml2-2.dll

[2003/08/10 10:59:20 | 000,980,992 | ---- | C] () -- C:\Windows\System32\cygiconv-2.dll

[2003/08/08 20:28:16 | 000,061,440 | ---- | C] () -- C:\Windows\System32\cygz.dll

[2001/12/26 11:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll

[2001/11/14 08:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

[2001/09/03 18:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll

[2001/07/30 11:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll

[2001/07/23 17:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

[1997/06/14 08:26:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

[1995/08/09 19:00:00 | 000,913,952 | ---- | C] () -- C:\Windows\System32\WWINTL32.DLL

[1995/08/09 19:00:00 | 000,107,008 | ---- | C] () -- C:\Windows\System32\TTEMB32.DLL

[1995/08/09 19:00:00 | 000,068,096 | ---- | C] () -- C:\Windows\System32\MSROUTE.DLL

[1995/08/09 19:00:00 | 000,052,736 | ---- | C] () -- C:\Windows\System32\OPENDEU.DLL

[1995/08/09 19:00:00 | 000,010,512 | ---- | C] () -- C:\Windows\System32\VBADE32.DLL

[1995/08/09 19:00:00 | 000,006,352 | ---- | C] () -- C:\Windows\System32\VISXUTIL.DLL

[1995/08/09 19:00:00 | 000,002,041 | ---- | C] () -- C:\Windows\MSFNTMAP.INI

[1995/08/09 19:00:00 | 000,000,586 | ---- | C] () -- C:\Windows\MSTXTCNV.INI

[1995/08/09 19:00:00 | 000,000,280 | ---- | C] () -- C:\Windows\TTEMBED.INI

 
 ========== LOP Check ==========

 

[2009/09/05 15:10:40 | 000,000,000 | -HSD | M] -- C:\Users\Daniel\AppData\Roaming\.#

[2009/08/30 07:41:31 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Acer

[2009/01/12 02:21:17 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Acer GameZone Console

[2010/03/15 15:19:17 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Ansys

[2010/10/12 10:18:31 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Azureus

[2010/10/21 11:40:03 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\BitTorrent

[2010/05/22 16:58:04 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DAEMON Tools Lite

[2011/06/14 08:42:09 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Dropbox

[2010/01/13 06:02:32 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\eSobi

[2009/09/05 11:58:00 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\FloodLightGames

[2011/06/14 10:09:53 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\go

[2010/03/15 22:02:01 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\GrabPro

[2011/06/14 07:40:48 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ICQ

[2010/03/09 19:35:43 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Image Zone Express

[2009/09/20 13:32:03 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\My Games

[2010/05/08 03:59:39 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Nokia

[2010/05/30 16:17:08 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ooVoo Details

[2010/05/30 16:13:44 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\oovooinstaller

[2009/10/16 14:53:38 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\OpenOffice.org

[2011/02/16 17:13:09 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Orbit

[2009/09/10 13:02:24 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\PC Suite

[2010/06/06 04:53:36 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\PeerNetworking

[2009/09/06 17:36:04 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\PowerCinema

[2010/03/09 19:35:43 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Printer Info Cache

[2011/02/14 20:51:18 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ProgSense

[2009/09/17 20:46:43 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\SoftDMA

[2010/10/10 15:11:28 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\StreamTorrent

[2011/03/05 05:28:50 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Telefónica

[2010/12/29 20:31:16 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Template

[2009/01/12 02:21:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Acer GameZone Console

[2009/08/29 16:56:57 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten

[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data

[2010/11/20 06:04:03 | 000,000,000 | ---D | M] -- C:\ProgramData\Cisco

[2010/05/22 16:50:07 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite

[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop

[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents

[2009/08/29 16:56:57 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente

[2011/06/14 12:25:05 | 000,000,000 | ---D | M] -- C:\ProgramData\Easybits GO

[2009/09/05 06:11:12 | 000,000,000 | ---D | M] -- C:\ProgramData\eSobi

[2009/08/29 16:56:57 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten

[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites

[2009/01/12 02:11:38 | 000,000,000 | ---D | M] -- C:\ProgramData\FloodLightGames

[2010/09/19 05:30:53 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ

[2009/12/21 05:36:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Installations

[2010/06/19 14:25:44 | 000,000,000 | ---D | M] -- C:\ProgramData\InterAction studios

[2010/10/16 12:52:27 | 000,000,000 | ---D | M] -- C:\ProgramData\NtiDvdCopy

[2009/09/05 10:16:39 | 000,000,000 | ---D | M] -- C:\ProgramData\Oberon Games

[2010/05/08 04:03:49 | 000,000,000 | ---D | M] -- C:\ProgramData\OviInstallerCache

[2009/09/10 13:01:19 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Suite

[2010/10/13 11:50:33 | 000,000,000 | ---D | M] -- C:\ProgramData\SAPGUI

[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu

[2009/08/29 16:56:57 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu

[2010/06/22 19:07:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp

[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates

[2009/08/29 16:56:57 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen

[2010/05/06 18:56:04 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch

[2009/09/24 18:18:57 | 000,000,000 | ---D | M] -- C:\ProgramData\ZDF

[2011/06/15 05:01:13 | 000,032,536 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:8AB6C1D7

@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:8173A019

@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:C95B63DA

@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:4F636E25

< End of report >

--- --- ---

Und du bekommst acuh die movedfiles

Bitte sag mir dass alles gut ist

nachträglich noch gezipt und nun gehts

hi.
gott sei dank, aufs abknutschen verzichte ich gern hehe
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Arrrrrrrrrrrrrrrrrrrrrggggghhhhhhh

Jetzt hab ich versucht daheim - glücklich wie ich war - Comboifx noch zu machen und hab meinen Rechner angeschmissen und das Internet auf. Was ich jedoch nicht bedacht hatte, meine Registerkarten im Firefox noch auf der befallen Seite war......:headbang:

Was das heißt? Naja er ist wieder da!!!

Ich hab jetzt gleich versucht mit der alten Fix datei das ganze zu beheben was nicht ging.

Kann es daran liegen? Würdest du mir nochmal helfen? Soll ich dir gleich ne OTL machen? (naja ist eh schon in mache)

Danke danke danke

Fürs nächste Mal: reicht es wenn ich die WLAN-Karte ausmache und so keine Verbindung mehr zum internet habe und dann den Firefox komplett leere? (Cache, Coookies, Registerkarten schließen) ?

OTL Logfile:

Code:

OTL logfile created on: 6/16/2011 1:26:46 AM - Run 

OTLPE by OldTimer - Version 3.1.46.0     Folder = X:\Programs\OTLPE

Windows Vista (TM) Home Premium Service Pack 2 (Version = 6.0.6002) - Type = System

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free

3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 142.54 Gb Total Space | 41.78 Gb Free Space | 29.31% Space Free | Partition Type: NTFS

Drive E: | 139.00 Gb Total Space | 138.91 Gb Free Space | 99.94% Space Free | Partition Type: NTFS

Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

 

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet002

 
 ========== Win32 Services (SafeList) ==========

 

SRV - [2011/05/06 11:33:00 | 000,393,112 | ---- | M] (Spigot, Inc.) [Auto] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)

SRV - [2011/04/27 21:32:38 | 000,136,360 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011/03/16 15:47:27 | 000,269,480 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2010/08/16 14:16:06 | 000,592,120 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)

SRV - [2010/08/02 06:40:56 | 000,199,600 | ---- | M] (Telefónica I+D) [Auto] -- C:\Program Files\o2\Mobile Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc)

SRV - [2010/04/12 17:56:48 | 000,246,520 | ---- | M] () [Auto] -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)

SRV - [2010/03/25 04:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)

SRV - [2010/01/26 06:41:08 | 000,652,800 | ---- | M] (Nokia) [On_Demand] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)

SRV - [2009/11/15 14:31:08 | 000,049,152 | ---- | M] () [Auto] -- C:\Program Files\ShrewSoft\VPN Client\dtpd.exe -- (dtpd)

SRV - [2009/11/15 14:29:10 | 000,716,800 | ---- | M] () [Auto] -- C:\Program Files\ShrewSoft\VPN Client\iked.exe -- (iked)

SRV - [2009/11/15 14:26:42 | 000,536,576 | ---- | M] () [Auto] -- C:\Program Files\ShrewSoft\VPN Client\ipsecd.exe -- (ipsecd)

SRV - [2009/10/02 14:28:09 | 002,969,600 | ---- | M] (ANSYS, Inc.) [Auto] -- C:\Program Files\ANSYS Inc\Shared Files\Licensing\win32\ansysli_server.exe -- (ANSYS, Inc. License Manager)

SRV - [2009/04/16 10:56:36 | 000,075,048 | ---- | M] () [Auto] -- C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)

SRV - [2008/10/01 06:43:56 | 000,024,576 | ---- | M] () [Auto] -- C:\Program Files\Acer\Empowering Technology\Service\ETService.exe -- (ETService)

SRV - [2008/07/29 12:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto] -- C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)

SRV - [2008/07/19 10:13:44 | 000,233,472 | ---- | M] (Acer Incorporated) [Auto] -- C:\Program Files\Acer\Acer VCM\RS_Service.exe -- (RS_Service)

SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2007/12/06 11:15:28 | 000,110,592 | ---- | M] () [Auto] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand] --  -- (upperdev)

DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)

DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)

DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)

DRV - [2011/03/16 15:47:27 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2010/11/23 08:48:03 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2010/08/16 14:02:49 | 000,019,680 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)

DRV - [2010/05/22 16:50:58 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)

DRV - [2010/04/09 03:24:12 | 000,063,616 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)

DRV - [2010/03/24 22:08:38 | 000,105,984 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)

DRV - [2010/03/19 23:56:04 | 000,101,504 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)

DRV - [2010/03/19 22:28:12 | 000,116,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)

DRV - [2009/11/18 20:06:18 | 000,017,408 | ---- | M] (Shrew Soft Inc) [Kernel | System] -- C:\Windows\System32\drivers\vfilter.sys -- (vflt)

DRV - [2009/11/18 20:06:16 | 000,009,728 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand] -- C:\Windows\System32\drivers\virtualnet.sys -- (vnet)

DRV - [2009/09/16 04:22:48 | 000,214,664 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)

DRV - [2009/09/16 04:22:48 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)

DRV - [2009/09/16 04:22:48 | 000,040,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)

DRV - [2009/09/16 04:22:48 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)

DRV - [2009/09/16 04:22:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)

DRV - [2009/09/05 06:25:50 | 000,081,408 | ---- | M] () [Kernel | System] -- C:\Windows\System32\drivers\SSHDRV86.sys -- (SSHDRV86)

DRV - [2009/05/11 05:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2009/02/13 06:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)

DRV - [2009/01/01 13:25:00 | 007,542,720 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2008/11/23 23:49:38 | 000,048,128 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E)

DRV - [2008/11/19 05:33:50 | 000,057,856 | ---- | M] (ENE TECHNOLOGY INC.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\enecir.sys -- (enecir)

DRV - [2008/11/03 06:31:40 | 000,107,360 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)

DRV - [2008/10/01 05:04:16 | 000,012,832 | ---- | M] (Acer, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\int15.sys -- (int15)

DRV - [2008/09/24 04:09:48 | 000,045,600 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)

DRV - [2008/08/29 02:48:46 | 003,664,384 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NETw5v32.sys -- (NETw5v32) Intel(R)

DRV - [2008/08/26 03:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)

DRV - [2007/10/19 09:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)

DRV - [2006/11/02 09:27:36 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System] -- C:\Program Files\Launch Manager\DPortIO.sys -- (DritekPortIO)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank

IE - HKLM\Software\Microsoft\Internet Explorer\Main,First Home Page = about:blank

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4

IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKLM\..\URLSearchHook: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Program Files\ooVoo_Chat\prxtbooVo.dll (Conduit Ltd.)

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.hs-albsig.de:8080

 

IE - HKU\Daniel_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0309&m=aspire_4935

IE - HKU\Daniel_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]

IE - HKU\Daniel_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = 

IE - HKU\Daniel_ON_C\Software\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1

IE - HKU\Daniel_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1572363

IE - HKU\Daniel_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKU\Daniel_ON_C\..\URLSearchHook:  - Reg Error: Key error. File not found

IE - HKU\Daniel_ON_C\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)

IE - HKU\Daniel_ON_C\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.4\pdfforgeToolbarIE.dll (Spigot, Inc.)

IE - HKU\Daniel_ON_C\..\URLSearchHook: {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Program Files\ooVoo_Chat\prxtbooVo.dll (Conduit Ltd.)

IE - HKU\Daniel_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"

FF - prefs.js..browser.search.defaultthis.engineName: "ooVoo Video Chat Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1572363&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"

FF - prefs.js..browser.search.selectedEngine: "ooVoo Video Chat Customized Web Search"

FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT1572363&SearchSource=13"

FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.26

FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.2

FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2

FF - prefs.js..extensions.enabledItems: 5

FF - prefs.js..extensions.enabledItems: 2

FF - prefs.js..extensions.enabledItems: 2

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.4

FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.3.3.2

FF - prefs.js..keyword.URL: "hxxp://start.facemoods.com/results.php?f=5&a=ddr&q="

FF - prefs.js..network.proxy.autoconfig_url: "hxxp://proxy.fh-albsig.de/"

FF - prefs.js..network.proxy.ftp: "proxy.fh-albsig.de"

FF - prefs.js..network.proxy.ftp_port: 8080

FF - prefs.js..network.proxy.gopher: "proxy.fh-albsig.de"

FF - prefs.js..network.proxy.gopher_port: 8080

FF - prefs.js..network.proxy.http: "proxy.fh-albsig.de"

FF - prefs.js..network.proxy.http_port: 8080

FF - prefs.js..network.proxy.socks: "proxy.fh-albsig.de"

FF - prefs.js..network.proxy.socks_port: 8080

FF - prefs.js..network.proxy.socks_version: 4

FF - prefs.js..network.proxy.ssl: "proxy.fh-albsig.de"

FF - prefs.js..network.proxy.ssl_port: 8080

FF - prefs.js..network.proxy.type: 4

 

FF - HKLM\software\mozilla\Firefox\Extensions\\{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\ [2010/05/08 04:06:19 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/08 14:52:04 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/24 21:13:49 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2010/05/08 04:06:20 | 000,000,000 | ---D | M]

 

[2010/01/12 18:18:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Extensions

[2011/06/14 12:12:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\tzwqhn0e.default\extensions

[2011/04/20 14:19:34 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\tzwqhn0e.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}

[2010/05/31 04:39:04 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\tzwqhn0e.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/04/13 18:09:41 | 000,000,000 | ---D | M] (mediaplayerconnectivity) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\tzwqhn0e.default\extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6}

[2011/05/18 20:09:23 | 000,000,000 | ---D | M] (ooVoo Video Chat Community Toolbar) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\tzwqhn0e.default\extensions\{e5a1e26f-0d1d-4307-868f-fbd9a374ab54}

[2011/05/18 20:09:47 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\tzwqhn0e.default\extensions\engine@conduit.com

[2010/03/18 14:34:14 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\tzwqhn0e.default\extensions\firefox@tvunetworks.com

[2010/12/28 07:08:16 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\tzwqhn0e.default\extensions\vshare@toolbar

[2011/05/18 12:03:36 | 000,000,935 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\tzwqhn0e.default\searchplugins\conduit.xml

[2010/05/22 16:51:27 | 000,002,059 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\tzwqhn0e.default\searchplugins\daemon-search.xml

[2011/06/01 02:19:54 | 000,000,950 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\tzwqhn0e.default\searchplugins\icqplugin-1.xml

[2010/12/08 06:36:28 | 000,000,945 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\tzwqhn0e.default\searchplugins\icqplugin.xml

[2010/06/20 10:15:53 | 000,003,915 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\tzwqhn0e.default\searchplugins\sweetim.xml

[2011/05/21 19:24:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

[2010/01/12 18:17:33 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2010/06/07 20:18:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2011/05/21 19:24:31 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM

[2010/05/08 04:06:19 | 000,000,000 | ---D | M] (Firefox Synchronisation Extension) -- C:\PROGRAM FILES\NOKIA\NOKIA OVI SUITE\CONNECTORS\BOOKMARKS CONNECTOR\FIREFOXEXTENSION

[2010/06/07 20:17:54 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2010/07/05 03:52:11 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2010/07/05 03:52:11 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml

[2010/12/13 08:36:54 | 000,002,035 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrchddr.xml

[2010/07/05 03:52:12 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2010/07/05 03:52:12 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2010/07/05 03:52:12 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O1 - Hosts: ::1             localhost

O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)

O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)

O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.4\pdfforgeToolbarIE.dll (Spigot, Inc.)

O2 - BHO: (ooVoo Video Chat Toolbar) - {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Program Files\ooVoo_Chat\prxtbooVo.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)

O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\4.4\pdfforgeToolbarIE.dll (Spigot, Inc.)

O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()

O3 - HKLM\..\Toolbar: (ooVoo Video Chat Toolbar) - {e5a1e26f-0d1d-4307-868f-fbd9a374ab54} - C:\Program Files\ooVoo_Chat\prxtbooVo.dll (Conduit Ltd.)

O3 - HKU\Daniel_ON_C\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)

O3 - HKU\Daniel_ON_C\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()

O3 - HKU\Daniel_ON_C\..\Toolbar\WebBrowser: (ooVoo Video Chat Toolbar) - {E5A1E26F-0D1D-4307-868F-FBD9A374AB54} - C:\Program Files\ooVoo_Chat\prxtbooVo.dll (Conduit Ltd.)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)

O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)

O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()

O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)

O4 - HKLM..\Run: [eDataSecurity Loader] C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)

O4 - HKLM..\Run: [ePower_DMC] C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)

O4 - HKLM..\Run: [eRecoveryService]  File not found

O4 - HKLM..\Run: [LManager] C:\Program Files\Launch Manager\LManager.exe (Dritek System Inc.)

O4 - HKLM..\Run: [mcagent_exe]  File not found

O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()

O4 - HKLM..\Run: [SearchSettings]  File not found

O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)

O4 - HKLM..\Run: [USB Storage Toolbox] C:\Windows\UMStor\Res.exe (ali)

O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

O4 - HKU\Daniel_ON_C..\Run: []  File not found

O4 - HKU\Daniel_ON_C..\Run: [ICQ] C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)

O4 - HKU\Daniel_ON_C..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)

O4 - HKU\Daniel_ON_C..\Run: [ooVoo.exe] C:\Program Files\ooVoo\oovoo.exe (ooVoo LLC)

O4 - HKU\Daniel_ON_C..\Run: [Speech Recognition] C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation)

O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)

O4 - Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk =  File not found

O4 - Startup: C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: An OneNote s&enden - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)

O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)

O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe (ICQ, LLC.)

O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)

O13 - gopher Prefix: missing

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18 - Protocol\Handler\x-owacid {0215258f-f0a8-49de-bf1b-0ff02eda8807} - C:\Program Files\Microsoft\Outlook Web Access SMIME Client\mimectl.dll (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKU\Daniel_ON_C Winlogon: Shell - (C:\Users\Daniel\AppData\Local\Temp\0.9174180207262921.exe) - C:\Users\Daniel\AppData\Local\Temp\0.9174180207262921.exe (cp)

O24 - Desktop WallPaper: 

O24 - Desktop BackupWallPaper: 

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O33 - MountPoints2\{1b0465b3-47ff-11e0-a0ff-001e101fb4df}\Shell - "" = AutoRun

O33 - MountPoints2\{1b0465b3-47ff-11e0-a0ff-001e101fb4df}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{63560b6d-81ab-11e0-b427-00235a4b6b39}\Shell - "" = AutoRun

O33 - MountPoints2\{63560b6d-81ab-11e0-b427-00235a4b6b39}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a

O33 - MountPoints2\{6f00a80c-4dd1-11e0-a2b2-001e101f1838}\Shell - "" = AutoRun

O33 - MountPoints2\{6f00a80c-4dd1-11e0-a2b2-001e101f1838}\Shell\AutoRun\command - "" = H:\AutoRun.exe

O33 - MountPoints2\{7d9e9cae-4c17-11e0-9f4f-001e101f2500}\Shell - "" = AutoRun

O33 - MountPoints2\{7d9e9cae-4c17-11e0-9f4f-001e101f2500}\Shell\AutoRun\command - "" = G:\AutoRun.exe

O33 - MountPoints2\{7d9e9ccf-4c17-11e0-9f4f-001e101f3da8}\Shell - "" = AutoRun

O33 - MountPoints2\{7d9e9ccf-4c17-11e0-9f4f-001e101f3da8}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{7e0816c1-5a76-11df-9653-00235a4b6b39}\Shell\AutoRun\command - "" = E:\StartPortableApps.exe

O33 - MountPoints2\{c892ebba-4709-11e0-acaa-00235a4b6b39}\Shell - "" = AutoRun

O33 - MountPoints2\{c892ebba-4709-11e0-acaa-00235a4b6b39}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{c892ebd8-4709-11e0-acaa-001e101f21c1}\Shell - "" = AutoRun

O33 - MountPoints2\{c892ebd8-4709-11e0-acaa-001e101f21c1}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\{ca73948e-48f8-11e0-bf48-001e101f1f81}\Shell - "" = AutoRun

O33 - MountPoints2\{ca73948e-48f8-11e0-bf48-001e101f1f81}\Shell\AutoRun\command - "" = E:\AutoRun.exe

O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\setupSNK.exe

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011/06/15 15:23:12 | 002,234,368 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe

[2011/06/15 15:23:01 | 000,000,000 | ---D | C] -- C:\_OTL

[2011/06/12 14:23:52 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\go

[2011/06/12 14:23:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Easybits GO

[2011/06/08 01:45:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.5

[2011/06/08 00:57:08 | 000,000,000 | ---D | C] -- C:\Program Files\ICQ7.5

[2011/05/21 19:24:31 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater

[2011/05/21 19:24:30 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar

[2011/05/18 20:08:59 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine

[2011/05/18 20:08:54 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Conduit

[2011/05/18 20:07:42 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2009/01/12 08:48:15 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

 
 ========== Files - Modified Within 30 Days ==========

 

[2011/06/15 13:43:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011/06/15 13:43:09 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat

[2011/06/15 13:42:37 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml

[2011/06/15 13:42:07 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0

[2011/06/15 13:42:06 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0

[2011/06/15 13:42:02 | 000,048,734 | ---- | M] () -- C:\ProgramData\nvModes.001

[2011/06/15 12:08:40 | 000,048,734 | ---- | M] () -- C:\ProgramData\nvModes.dat

[2011/06/15 10:21:12 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2011/06/15 10:21:12 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011/06/15 10:21:12 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2011/06/15 10:21:12 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011/06/12 14:23:53 | 000,001,559 | ---- | M] () -- C:\Users\Daniel\Desktop\Spielen (EasyBits GO).lnk

[2011/06/10 21:11:03 | 000,083,904 | ---- | M] () -- C:\Users\Daniel\Pictures\Documents\Bildschirmfoto 2011-06-11 um 03.10.44.png

[2011/06/10 21:07:55 | 000,058,144 | ---- | M] () -- C:\Users\Daniel\Pictures\Documents\Bildschirmfoto 2011-06-11 um 03.06.51.png

[2011/06/09 12:05:57 | 000,096,768 | ---- | M] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/06/08 01:45:10 | 000,001,637 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ICQ7.5.lnk

[2011/06/08 01:45:10 | 000,001,613 | ---- | M] () -- C:\Users\Public\Desktop\ICQ7.5.lnk

[2011/06/08 01:45:10 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ7.5

[2011/06/07 15:56:33 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl

[2011/06/05 11:24:41 | 001,465,403 | ---- | M] () -- C:\Users\Daniel\Desktop\index.pdf

[2011/06/04 20:49:06 | 000,001,901 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk

[2011/06/04 20:49:06 | 000,001,399 | ---- | M] () -- C:\Users\Daniel\Desktop\DivX Movies.lnk

[2011/06/04 20:48:34 | 000,000,921 | ---- | M] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk

[2011/06/04 20:48:34 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus

[2011/06/04 11:22:34 | 003,121,451 | ---- | M] () -- C:\Users\Daniel\Pictures\Documents\grins.mp3.zip

[2011/06/04 10:20:24 | 000,109,033 | ---- | M] () -- C:\Users\Daniel\Pictures\Documents\....jpg

[2011/06/02 16:45:34 | 090,441,378 | ---- | M] () -- C:\Users\Daniel\Pictures\Documents\zwei.zip

[2011/06/02 16:33:00 | 095,898,033 | ---- | M] () -- C:\Users\Daniel\Pictures\Documents\eins.zip

[2011/06/02 13:47:30 | 006,694,322 | ---- | M] () -- C:\Users\Daniel\Pictures\Documents\ende.m4a

[2011/06/02 13:34:13 | 005,778,774 | ---- | M] () -- C:\Users\Daniel\Pictures\Documents\12 Olä Olä.m4a

[2011/06/02 13:31:09 | 006,846,408 | ---- | M] () -- C:\Users\Daniel\Pictures\Documents\ohlä_oleh.m4a

[2011/06/02 13:11:22 | 007,719,366 | ---- | M] () -- C:\Users\Daniel\Pictures\Documents\oana_geht_no.m4a

[2011/06/02 13:06:08 | 005,735,479 | ---- | M] () -- C:\Users\Daniel\Pictures\Documents\auch_net.m4a

[2011/06/02 12:59:39 | 006,375,149 | ---- | M] () -- C:\Users\Daniel\Pictures\Documents\vielleicht.m4a

[2011/06/02 05:18:00 | 000,595,291 | ---- | M] () -- C:\Users\Daniel\Pictures\Documents\Kleine Eidechse.pdf

[2011/05/30 12:58:34 | 000,000,926 | ---- | M] () -- C:\Users\Daniel\Desktop\Dropbox.lnk

[2011/05/30 12:58:34 | 000,000,906 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

[2011/05/27 17:34:19 | 020,533,281 | ---- | M] () -- C:\Users\Daniel\Pictures\Documents\vlc-1.1.9-win32.exe

[2011/05/22 17:46:04 | 000,973,606 | ---- | M] () -- C:\Users\Daniel\Pictures\Documents\Bildschirmfoto 2011-05-22 um 23.45.21.png

[2011/05/18 20:08:38 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\ooVoo.lnk

[2011/05/18 20:08:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ooVoo

[2011/05/17 18:22:31 | 000,021,352 | ---- | M] () -- C:\Users\Daniel\Pictures\Documents\Nackisch.JPG

 
 ========== Files Created - No Company Name ==========

 

[2011/06/12 14:23:53 | 000,001,589 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spielen (EasyBits GO).lnk

[2011/06/12 14:23:53 | 000,001,559 | ---- | C] () -- C:\Users\Daniel\Desktop\Spielen (EasyBits GO).lnk

[2011/06/10 21:11:02 | 000,083,904 | ---- | C] () -- C:\Users\Daniel\Pictures\Documents\Bildschirmfoto 2011-06-11 um 03.10.44.png

[2011/06/10 21:07:54 | 000,058,144 | ---- | C] () -- C:\Users\Daniel\Pictures\Documents\Bildschirmfoto 2011-06-11 um 03.06.51.png

[2011/06/08 01:45:10 | 000,001,637 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ICQ7.5.lnk

[2011/06/08 01:45:10 | 000,001,613 | ---- | C] () -- C:\Users\Public\Desktop\ICQ7.5.lnk

[2011/06/05 11:24:41 | 001,465,403 | ---- | C] () -- C:\Users\Daniel\Desktop\index.pdf

[2011/06/04 20:49:06 | 000,001,901 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Converter.lnk

[2011/06/04 20:49:06 | 000,001,399 | ---- | C] () -- C:\Users\Daniel\Desktop\DivX Movies.lnk

[2011/06/04 20:48:34 | 000,000,921 | ---- | C] () -- C:\Users\Public\Desktop\DivX Plus Player.lnk

[2011/06/04 11:22:04 | 003,121,451 | ---- | C] () -- C:\Users\Daniel\Pictures\Documents\grins.mp3.zip

[2011/06/04 10:20:21 | 000,109,033 | ---- | C] () -- C:\Users\Daniel\Pictures\Documents\....jpg

[2011/06/02 16:33:17 | 090,441,378 | ---- | C] () -- C:\Users\Daniel\Pictures\Documents\zwei.zip

[2011/06/02 16:19:58 | 095,898,033 | ---- | C] () -- C:\Users\Daniel\Pictures\Documents\eins.zip

[2011/06/02 13:46:34 | 006,694,322 | ---- | C] () -- C:\Users\Daniel\Pictures\Documents\ende.m4a

[2011/06/02 13:33:26 | 005,778,774 | ---- | C] () -- C:\Users\Daniel\Pictures\Documents\12 Olä Olä.m4a

[2011/06/02 13:30:13 | 006,846,408 | ---- | C] () -- C:\Users\Daniel\Pictures\Documents\ohlä_oleh.m4a

[2011/06/02 13:10:17 | 007,719,366 | ---- | C] () -- C:\Users\Daniel\Pictures\Documents\oana_geht_no.m4a

[2011/06/02 13:05:21 | 005,735,479 | ---- | C] () -- C:\Users\Daniel\Pictures\Documents\auch_net.m4a

[2011/06/02 12:58:46 | 006,375,149 | ---- | C] () -- C:\Users\Daniel\Pictures\Documents\vielleicht.m4a

[2011/06/02 05:17:54 | 000,595,291 | ---- | C] () -- C:\Users\Daniel\Pictures\Documents\Kleine Eidechse.pdf

[2011/05/22 17:45:45 | 000,973,606 | ---- | C] () -- C:\Users\Daniel\Pictures\Documents\Bildschirmfoto 2011-05-22 um 23.45.21.png

[2011/05/17 18:22:29 | 000,021,352 | ---- | C] () -- C:\Users\Daniel\Pictures\Documents\Nackisch.JPG

[2010/11/16 04:30:44 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2010/11/16 04:30:44 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2010/06/06 04:53:36 | 000,017,089 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\UserTile.png

[2010/03/20 14:10:27 | 000,000,162 | ---- | C] () -- C:\Windows\ODBC.INI

[2010/03/19 07:24:42 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll

[2010/03/08 20:40:54 | 000,000,783 | ---- | C] () -- C:\Windows\NTIWVEDT.INI

[2010/02/15 19:24:02 | 000,017,408 | ---- | C] () -- C:\Users\Daniel\AppData\Local\WebpageIcons.db

[2010/01/12 18:18:11 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2010/01/01 15:08:31 | 000,147,939 | ---- | C] () -- C:\Windows\hpoins12.dat

[2009/11/21 08:41:11 | 000,000,231 | ---- | C] () -- C:\Windows\POWERPNT.INI

[2009/11/21 08:40:59 | 000,000,064 | ---- | C] () -- C:\Windows\exchng32.ini

[2009/11/21 08:40:59 | 000,000,026 | ---- | C] () -- C:\Windows\datalink.ini

[2009/11/21 08:40:41 | 000,000,032 | ---- | C] () -- C:\Windows\GRAPH5.INI

[2009/11/21 08:40:38 | 000,000,000 | ---- | C] () -- C:\Windows\WINHELP.INI

[2009/11/21 08:39:07 | 000,000,969 | ---- | C] () -- C:\Windows\ODBCINST.INI

[2009/11/08 14:55:50 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat

[2009/09/18 01:42:03 | 000,000,134 | ---- | C] () -- C:\Users\Daniel\AppData\Roaming\wklnhst.dat

[2009/09/11 20:03:09 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin

[2009/09/11 20:01:19 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll

[2009/09/06 17:57:08 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2009/09/05 09:10:25 | 000,096,768 | ---- | C] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2009/09/05 08:46:11 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll

[2009/09/05 07:40:13 | 000,000,535 | ---- | C] () -- C:\Windows\eReg.dat

[2009/09/05 06:25:50 | 000,081,408 | ---- | C] () -- C:\Windows\System32\drivers\SSHDRV86.sys

[2009/08/29 21:10:09 | 000,007,592 | ---- | C] () -- C:\Users\Daniel\AppData\Local\d3d9caps.dat

[2009/08/29 17:44:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2009/08/03 10:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll

[2009/08/03 10:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe

[2009/03/04 15:42:47 | 000,048,734 | ---- | C] () -- C:\ProgramData\nvModes.001

[2009/03/04 15:42:40 | 000,048,734 | ---- | C] () -- C:\ProgramData\nvModes.dat

[2009/03/04 15:28:02 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll

[2009/03/04 15:28:02 | 000,200,704 | ---- | C] () -- C:\Windows\PLFSetI.exe

[2009/03/04 15:28:02 | 000,020,480 | ---- | C] () -- C:\Windows\USB_VIDEO_REG.exe

[2009/03/04 15:28:02 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini

[2009/01/12 02:23:18 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIOFM4.dll

[2009/01/12 02:23:18 | 000,001,024 | RH-- | C] () -- C:\Windows\System32\NTIBUN5.dll

[2009/01/12 01:50:53 | 000,487,424 | ---- | C] () -- C:\Windows\System32\INT15.dll

[2009/01/12 01:27:12 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat

[2009/01/12 01:27:12 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat

[2009/01/12 01:27:12 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat

[2009/01/12 01:27:12 | 000,000,008 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat

[2009/01/12 00:31:08 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin

[2008/01/21 03:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2008/01/21 03:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2008/01/21 03:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2008/01/21 03:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2007/01/22 12:05:38 | 000,001,470 | ---- | C] () -- C:\Windows\hpomdl12.dat

[2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2006/11/02 08:47:37 | 000,408,904 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll

[2006/11/02 06:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2006/11/02 06:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini

[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2003/09/23 08:14:42 | 001,099,264 | ---- | C] () -- C:\Windows\System32\cygxml2-2.dll

[2003/08/10 10:59:20 | 000,980,992 | ---- | C] () -- C:\Windows\System32\cygiconv-2.dll

[2003/08/08 20:28:16 | 000,061,440 | ---- | C] () -- C:\Windows\System32\cygz.dll

[2001/12/26 11:12:30 | 000,065,536 | ---- | C] () -- C:\Windows\System32\multiplex_vcd.dll

[2001/11/14 08:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

[2001/09/03 18:46:38 | 000,110,592 | ---- | C] () -- C:\Windows\System32\Hmpg12.dll

[2001/07/30 11:33:56 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC.dll

[2001/07/23 17:04:36 | 000,118,784 | ---- | C] () -- C:\Windows\System32\HMPV2_ENC_MMX.dll

[1997/06/14 08:26:08 | 000,056,832 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll

[1995/08/09 19:00:00 | 000,913,952 | ---- | C] () -- C:\Windows\System32\WWINTL32.DLL

[1995/08/09 19:00:00 | 000,107,008 | ---- | C] () -- C:\Windows\System32\TTEMB32.DLL

[1995/08/09 19:00:00 | 000,068,096 | ---- | C] () -- C:\Windows\System32\MSROUTE.DLL

[1995/08/09 19:00:00 | 000,052,736 | ---- | C] () -- C:\Windows\System32\OPENDEU.DLL

[1995/08/09 19:00:00 | 000,010,512 | ---- | C] () -- C:\Windows\System32\VBADE32.DLL

[1995/08/09 19:00:00 | 000,006,352 | ---- | C] () -- C:\Windows\System32\VISXUTIL.DLL

[1995/08/09 19:00:00 | 000,002,041 | ---- | C] () -- C:\Windows\MSFNTMAP.INI

[1995/08/09 19:00:00 | 000,000,586 | ---- | C] () -- C:\Windows\MSTXTCNV.INI

[1995/08/09 19:00:00 | 000,000,280 | ---- | C] () -- C:\Windows\TTEMBED.INI

 
 ========== LOP Check ==========

 

[2009/09/05 15:10:40 | 000,000,000 | -HSD | M] -- C:\Users\Daniel\AppData\Roaming\.#

[2009/08/30 07:41:31 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Acer

[2009/01/12 02:21:17 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Acer GameZone Console

[2010/03/15 15:19:17 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Ansys

[2010/10/12 10:18:31 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Azureus

[2010/10/21 11:40:03 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\BitTorrent

[2010/05/22 16:58:04 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\DAEMON Tools Lite

[2011/06/15 09:31:14 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Dropbox

[2010/01/13 06:02:32 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\eSobi

[2009/09/05 11:58:00 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\FloodLightGames

[2011/06/15 10:01:40 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\go

[2010/03/15 22:02:01 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\GrabPro

[2011/06/14 07:40:48 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ICQ

[2010/03/09 19:35:43 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Image Zone Express

[2009/09/20 13:32:03 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\My Games

[2010/05/08 03:59:39 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Nokia

[2010/05/30 16:17:08 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ooVoo Details

[2010/05/30 16:13:44 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\oovooinstaller

[2009/10/16 14:53:38 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\OpenOffice.org

[2011/02/16 17:13:09 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Orbit

[2009/09/10 13:02:24 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\PC Suite

[2010/06/06 04:53:36 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\PeerNetworking

[2009/09/06 17:36:04 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\PowerCinema

[2010/03/09 19:35:43 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Printer Info Cache

[2011/02/14 20:51:18 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\ProgSense

[2009/09/17 20:46:43 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\SoftDMA

[2010/10/10 15:11:28 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\StreamTorrent

[2011/03/05 05:28:50 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Telefónica

[2010/12/29 20:31:16 | 000,000,000 | ---D | M] -- C:\Users\Daniel\AppData\Roaming\Template

[2009/01/12 02:21:17 | 000,000,000 | ---D | M] -- C:\ProgramData\Acer GameZone Console

[2009/08/29 16:56:57 | 000,000,000 | -HSD | M] -- C:\ProgramData\Anwendungsdaten

[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data

[2010/11/20 06:04:03 | 000,000,000 | ---D | M] -- C:\ProgramData\Cisco

[2010/05/22 16:50:07 | 000,000,000 | ---D | M] -- C:\ProgramData\DAEMON Tools Lite

[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Desktop

[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Documents

[2009/08/29 16:56:57 | 000,000,000 | -HSD | M] -- C:\ProgramData\Dokumente

[2011/06/15 12:08:23 | 000,000,000 | ---D | M] -- C:\ProgramData\Easybits GO

[2009/09/05 06:11:12 | 000,000,000 | ---D | M] -- C:\ProgramData\eSobi

[2009/08/29 16:56:57 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favoriten

[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Favorites

[2009/01/12 02:11:38 | 000,000,000 | ---D | M] -- C:\ProgramData\FloodLightGames

[2010/09/19 05:30:53 | 000,000,000 | ---D | M] -- C:\ProgramData\ICQ

[2009/12/21 05:36:21 | 000,000,000 | ---D | M] -- C:\ProgramData\Installations

[2010/06/19 14:25:44 | 000,000,000 | ---D | M] -- C:\ProgramData\InterAction studios

[2010/10/16 12:52:27 | 000,000,000 | ---D | M] -- C:\ProgramData\NtiDvdCopy

[2009/09/05 10:16:39 | 000,000,000 | ---D | M] -- C:\ProgramData\Oberon Games

[2010/05/08 04:03:49 | 000,000,000 | ---D | M] -- C:\ProgramData\OviInstallerCache

[2009/09/10 13:01:19 | 000,000,000 | ---D | M] -- C:\ProgramData\PC Suite

[2010/10/13 11:50:33 | 000,000,000 | ---D | M] -- C:\ProgramData\SAPGUI

[2006/11/02 09:02:03 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu

[2009/08/29 16:56:57 | 000,000,000 | -HSD | M] -- C:\ProgramData\Start Menu

[2010/06/22 19:07:37 | 000,000,000 | ---D | M] -- C:\ProgramData\Temp

[2006/11/02 09:02:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\Templates

[2009/08/29 16:56:57 | 000,000,000 | -HSD | M] -- C:\ProgramData\Vorlagen

[2010/05/06 18:56:04 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch

[2009/09/24 18:18:57 | 000,000,000 | ---D | M] -- C:\ProgramData\ZDF

[2011/06/15 13:43:10 | 000,032,536 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:8AB6C1D7

@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:8173A019

@Alternate Data Stream - 113 bytes -> C:\ProgramData\Temp:C95B63DA

@Alternate Data Stream - 110 bytes -> C:\ProgramData\Temp:4F636E25

< End of report >

--- --- ---

ja reicht.
sende mir dann ma l die seite als private nachicht

auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort rein:

Code:

:OTL

O20 - HKU\Daniel_ON_C Winlogon: Shell - (C:\Users\Daniel\AppData\Local\Temp\0.9174180207262921.exe) - C:\Users\Daniel\AppData\Local\Temp\0.9174180207262921.exe

(cp)

:Files

E:\Users\Admin\AppData\Roaming\appconf32.exe

E:\Users\Admin\AppData\Local\Temp\0.2230839340972408.exe

:Commands

[purity]

[EMPTYFLASH] 

[emptytemp]

[Reboot]

HEllo,

ich hab das jetzt manuell eingegeben und es läuft aber es läuft jetzt schon ne ganze Weile unter dem Punkt EMPTYFLASH. Läuft jetzt schon gute 10 min. Gestern hat das noch nicht so lange gedauert. Abbrechen???

hat sich erledigt...Reboot läuft..hoffentlich ..dauert auch schon wieder :D

immer mit der ruhe, dann mit nem ruck :-)

Das erinnert mich jetzt an was ganz anderes :knuddel: aber lassen wir das

Wie lange soll ich eigentlich auf den Reboot warten? Weill irgendwie hab ich das gefühl da passiert nix

dann machs mal manuell

Okay ich hab manuell neu gestartet also unter dem Betreibssystem auf der CD. Ich muss leider sagen dass der Virus immer noch drauf ist.

Kann es daran liegen dass in der Fix.txt die Dateien in der ersten Zeile andere sind als unten? Bei meiner letzten Fix war das anders

versuchs noch mal
mit folgendem
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort rein:

Code:

:OTL

O20 - HKU\Daniel_ON_C Winlogon: Shell - (C:\Users\Daniel\AppData\Local\Temp\0.9174180207262921.exe) - C:\Users\Daniel\AppData\Local\Temp\0.9174180207262921.exe (cp)

:Files

C:\Users\Daniel\AppData\Local\Temp\0.9174180207262921.exe

:Commands

[purity]

[EMPTYFLASH] 

[emptytemp]

[Reboot]

So neuer Versuch und es hat geklappt....

Danke dir...In der Danksagung meiner Thesis stehst du übrigens schon drin

Anbei erhälst du noch die OTL
Die movedfiles muss ich dir heute abend schicken da die vom System hier sinnigerweise als Virus abgelehnt wird. :p

PN mit der Seite bekommst du gleich. Will mir die Chance offen halten zu heulen falls ich den Virus wieder habe ;)

So drück mir die Daumen ich öffne jetzt den Firefox

na wlan abschalten vorher, seite speichern und dann schließen und seite senden, seite natürlich in nem word dokument oder so speichern.
moved files brauch ich net noch mal

Ich war sogar noch besser: Hab es im Editor gespeichert weil keine Verlinkung...weniger Gefahr und ich hab mich an einen Ort verzogen an dem es kein WLAN gibt. Nur LAN

man bin ich kluk :D :D

Siehe PN

weiter gehts :-)
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Ja das mach ich dann wenn ich zu Hause bin. Ich hab ja iwe gesagt hier kein WLAN und ans LAN kann ich mich hier net einloggen. Wenn es gut läuft hast du das Zeug dann heute abend.

Avira ist auch schon voll am Arbeiten...

Mal ne andere Frage: Was macht ihr mit den gesammelten Daten eigentlich?

an antiviren hersteller einsenden.

Sowas dachte ich mir schon...dafür können sie gerne meine Daten haben. Jetzt hoff ich mal dass nichts hängen geblieben ist. Aber das wirst du mir sicherlich nach der Combofix sagen

So hat ein bisschen länger gedauert....Irgendwie war die Hochzeit meines Bruders wichtiger :p

Anbei die Log datei

download malwarebytes:
Malwarebytes : Malwarebytes Anti-Malware is a free download that removes viruses and malware from your computer
instalieren, öffnen, registerkarte aktualisierung, programm updaten.
schalte alle laufenden programme ab, trenne die internetverbindung.
registerkarte scanner, komplett scan, funde entfernen, log posten.

So auch schon erledigt

lade den CCleaner standard:
CCleaner - Standard
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

gut den hab ich schon drauf...sollte also net so lange dauern wie sonst

deinstaliere
Adobe Reader 9
download:
Adobe - Adobe Reader herunterladen - Alle Versionen
bitte zusatz software den haken raus nehmen

nach instalation öffne adobe, bearbeiten voreinstellungen, internet, alle haken raus, java haken raus, updates auf instalieren stellen, übernehmen ok
deinstaliere:
Agatha Christie
Alice Greenfingers
Azada
Backspin
Big Kahuna
BitTorrent
Bricks of Egypt
Cake Mania
Chicken Invaders
Chuzzle
Conduit
Diner Dash
Dropbox ist sehr unsicher, würd ich auf keinem meiner pcs haben wollen und denen auch keine dateien anvertrauen

EasyBits
Google Desktop
ICQ Toolbar

Java
Java SE Downloads
download jre, lade offline installer und instaliere.

deinstaliere
JDownloader
Jewel Quest
Kick N Rush
Mahjong beide
Microsoft SQL
Mozilla Firefox öffnen, hilfe update, version 5 ist aktuell
deinstaliere:
Mystery beide
MyVideoConverter
pdfforge Toolbar
PhotoNow
Skype Toolbars
StreamTorrent 1
Turbo Pizza
TVUPlayer
Unity
Veetle
Zattoo4
ZDFmediathek
Zuma
bereinige mit dem ccleaner

noch probleme, oder läuft er jetzt?

Nein alles läuft super...danke dir
Nur bei bei den Windows Updates gibt es eine Datei die sich nicht runterladen lässt

und woher soll ich wissen welche wenn dus mir nicht sagst... sitze ich etwa vor deinem pc

ist auch kein großer Akt...ich such nochmal raus welche es ist..

Bis dahin danke ich dir erstmal sehr