Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Fehler beim Laden von C:\Wondows\system32\sshnas.dll (https://www.trojaner-board.de/84758-fehler-beim-laden-c-wondows-system32-sshnas-dll.html)

RR_Diablo 10.04.2010 18:18
Fehler beim Laden von C:\Wondows\system32\sshnas.dll
 
Guten Abend


Ich weiß dieses problem wurde des öfteren schon besprochen und audiskutiert aber ich komme einfach nicht weiter.

"Fehler beim Laden von C:\Wondows\system32\sshnas.dll

Das angegebene Modul wurde nicht gefunden "

seit dem diese fehlermeldung kommt öffnet sich auch in unregelmäsigen abständen der Internetexplorer mit eine willkürlichen Werbung von Browsergames Handywerbung und und und.

Ich habe in diesem Forum schon einige antworten gefunden aber es hat mir nicht weiter geholfen :(
Ich habe schon Antivir durchlaufen lassen und Ad Aware ... leider ohne erfolg !

nun weiß ich auch nichtmehr weiter bitte helft mir :(

(habe windows7 64bit version ) falls das weiter hilft




LG RR_Diablo

Prevof 10.04.2010 21:21
Diese Datei wurde bei mir als Virus angezeigt (sshnas21.dll) ... und habe sie gelöscht. Kann es sein, dass es eine Fehlmeldung ist?

Hat zwar nicht mit deinem Problem zu tun, aber naja.

Chris4You 10.04.2010 21:42
Hi,

MAM sollte das Problem lösen können:

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread

chris

RR_Diablo 10.04.2010 21:42
Ja das ist eine fehlermeldung die jedes mal beim hochfahren des PC´s kommt

(hab mich mal nun etwas mehr durchs Forum gewühlt)
und bin dabei öfters auf Malewarebytes gestoßen da habe ich recherschiert und es mal runter geladen, ein scan gemacht PC neu gestartet und nun ist es weg :applaus:

Aber woher weiß ich nun das dieser Virus/Trojaner was auch immer 100% weg ist? ich tätige ja auch Online Banking am PC...

LG

RR_Diablo 10.04.2010 22:21
OTL logfile created on: 10.04.2010 23:14:11 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\Standard\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 59,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 341,77 Gb Total Space | 285,90 Gb Free Space | 83,65% Space Free | Partition Type: NTFS
Drive D: | 341,77 Gb Total Space | 294,94 Gb Free Space | 86,30% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DIABLO
Current User Name: Standard
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Standard\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe (Crawler.com)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
PRC - D:\Datein\Antivir\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - D:\Datein\Antivir\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - D:\Datein\Antivir\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe (Acer Corp.)
PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe (Microsoft Corporation)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)


========== Modules (SafeList) ==========

MOD - C:\Users\Standard\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation)
MOD - C:\Windows\SysWOW64\comdlg32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV:64bit: - (WwanSvc) -- C:\Windows\SysNative\wwansvc.dll (Microsoft Corporation)
SRV:64bit: - (WbioSrvc) -- C:\Windows\SysNative\wbiosrvc.dll (Microsoft Corporation)
SRV:64bit: - (Power) -- C:\Windows\SysNative\umpo.dll (Microsoft Corporation)
SRV:64bit: - (Themes) -- C:\Windows\SysNative\themeservice.dll (Microsoft Corporation)
SRV:64bit: - (sppuinotify) -- C:\Windows\SysNative\sppuinotify.dll (Microsoft Corporation)
SRV:64bit: - (SensrSvc) -- C:\Windows\SysNative\sensrsvc.dll (Microsoft Corporation)
SRV:64bit: - (PNRPsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (p2pimsvc) -- C:\Windows\SysNative\pnrpsvc.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupProvider) -- C:\Windows\SysNative\provsvc.dll (Microsoft Corporation)
SRV:64bit: - (RpcEptMapper) -- C:\Windows\SysNative\RpcEpMap.dll (Microsoft Corporation)
SRV:64bit: - (PNRPAutoReg) -- C:\Windows\SysNative\pnrpauto.dll (Microsoft Corporation)
SRV:64bit: - (HomeGroupListener) -- C:\Windows\SysNative\ListSvc.dll (Microsoft Corporation)
SRV:64bit: - (FontCache) -- C:\Windows\SysNative\FntCache.dll (Microsoft Corporation)
SRV:64bit: - (Dhcp) -- C:\Windows\SysNative\dhcpcore.dll (Microsoft Corporation)
SRV:64bit: - (defragsvc) -- C:\Windows\SysNative\defragsvc.dll (Microsoft Corporation)
SRV:64bit: - (bthserv) -- C:\Windows\SysNative\bthserv.dll (Microsoft Corporation)
SRV:64bit: - (BDESVC) -- C:\Windows\SysNative\bdesvc.dll (Microsoft Corporation)
SRV:64bit: - (AxInstSV) -- C:\Windows\SysNative\AxInstSv.dll (Microsoft Corporation)
SRV:64bit: - (AppIDSvc) -- C:\Windows\SysNative\appidsvc.dll (Microsoft Corporation)
SRV:64bit: - (wbengine) -- C:\Windows\SysNative\wbengine.exe (Microsoft Corporation)
SRV:64bit: - (sppsvc) -- C:\Windows\SysNative\sppsvc.exe (Microsoft Corporation)
SRV:64bit: - (Fax) -- C:\Windows\SysNative\FXSSVC.exe (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (sp_rssrv) -- C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe (Crawler.com)
SRV - (AntiVirService) -- D:\Datein\Antivir\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- D:\Datein\Antivir\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (VSS) -- C:\Windows\Vss [2009.07.14 05:20:14 | 000,000,000 | ---D | M]
SRV - (MSDTC) -- C:\Windows\SysWOW64\Msdtc [2009.07.14 05:20:14 | 000,000,000 | ---D | M]
SRV - (HomeGroupProvider) -- C:\Windows\SysWOW64\provsvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\SysWOW64\dhcpcore.dll (Microsoft Corporation)
SRV - (vds) -- C:\Windows\SysWOW64\wbem\vds.mof ()
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (clr_optimization_v2.0.50727_64) -- C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)


========== Driver Services (SafeList) ==========

DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (Lbd) -- C:\Windows\SysNative\drivers\Lbd.sys (Lavasoft AB)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (KSecPkg) -- C:\Windows\SysNative\drivers\ksecpkg.sys (Microsoft Corporation)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (hwpolicy) -- C:\Windows\SysNative\drivers\hwpolicy.sys (Microsoft Corporation)
DRV:64bit: - (FsDepends) -- C:\Windows\SysNative\drivers\fsdepends.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (WIMMount) -- C:\Windows\SysNative\drivers\wimmount.sys (Microsoft Corporation)
DRV:64bit: - (vhdmp) -- C:\Windows\SysNative\drivers\vhdmp.sys (Microsoft Corporation)
DRV:64bit: - (vdrvroot) -- C:\Windows\SysNative\drivers\vdrvroot.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (rdyboost) -- C:\Windows\SysNative\drivers\rdyboost.sys (Microsoft Corporation)
DRV:64bit: - (pcw) -- C:\Windows\SysNative\drivers\pcw.sys (Microsoft Corporation)
DRV:64bit: - (CNG) -- C:\Windows\SysNative\drivers\cng.sys (Microsoft Corporation)
DRV:64bit: - (fvevol) -- C:\Windows\SysNative\drivers\fvevol.sys (Microsoft Corporation)
DRV:64bit: - (rdpbus) -- C:\Windows\SysNative\drivers\rdpbus.sys (Microsoft Corporation)
DRV:64bit: - (RDPREFMP) -- C:\Windows\SysNative\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV:64bit: - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\SysNative\drivers\agilevpn.sys (Microsoft Corporation)
DRV:64bit: - (WfpLwf) -- C:\Windows\SysNative\drivers\wfplwf.sys (Microsoft Corporation)
DRV:64bit: - (NdisCap) -- C:\Windows\SysNative\drivers\ndiscap.sys (Microsoft Corporation)
DRV:64bit: - (vwifimp) -- C:\Windows\SysNative\drivers\vwifimp.sys (Microsoft Corporation)
DRV:64bit: - (vwififlt) -- C:\Windows\SysNative\drivers\vwififlt.sys (Microsoft Corporation)
DRV:64bit: - (vwifibus) -- C:\Windows\SysNative\drivers\vwifibus.sys (Microsoft Corporation)
DRV:64bit: - (1394ohci) -- C:\Windows\SysNative\drivers\1394ohci.sys (Microsoft Corporation)
DRV:64bit: - (HdAudAddService) -- C:\Windows\SysNative\drivers\HdAudio.sys (Microsoft Corporation)
DRV:64bit: - (usbvideo) USB Video Device (WDM) -- C:\Windows\SysNative\drivers\usbvideo.sys (Microsoft Corporation)
DRV:64bit: - (BthPan) Bluetooth-Gerät (PAN) -- C:\Windows\SysNative\drivers\bthpan.sys (Microsoft Corporation)
DRV:64bit: - (BTHPORT) -- C:\Windows\SysNative\drivers\bthport.sys (Microsoft Corporation)
DRV:64bit: - (RFCOMM) Bluetooth-Gerät (RFCOMM-Protokoll-TDI) -- C:\Windows\SysNative\drivers\rfcomm.sys (Microsoft Corporation)
DRV:64bit: - (BthEnum) -- C:\Windows\SysNative\drivers\bthenum.sys (Microsoft Corporation)
DRV:64bit: - (BTHUSB) -- C:\Windows\SysNative\drivers\BTHUSB.SYS (Microsoft Corporation)
DRV:64bit: - (UmPass) -- C:\Windows\SysNative\drivers\umpass.sys (Microsoft Corporation)
DRV:64bit: - (mshidkmdf) -- C:\Windows\SysNative\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV:64bit: - (WudfPf) -- C:\Windows\SysNative\drivers\WUDFPf.sys (Microsoft Corporation)
DRV:64bit: - (MTConfig) -- C:\Windows\SysNative\drivers\MTConfig.sys (Microsoft Corporation)
DRV:64bit: - (CompositeBus) -- C:\Windows\SysNative\drivers\CompositeBus.sys (Microsoft Corporation)
DRV:64bit: - (Beep) -- C:\Windows\SysNative\drivers\beep.sys (Microsoft Corporation)
DRV:64bit: - (AppID) -- C:\Windows\SysNative\drivers\appid.sys (Microsoft Corporation)
DRV:64bit: - (scfilter) -- C:\Windows\SysNative\drivers\scfilter.sys (Microsoft Corporation)
DRV:64bit: - (discache) -- C:\Windows\SysNative\drivers\discache.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HidBatt) -- C:\Windows\SysNative\drivers\hidbatt.sys (Microsoft Corporation)
DRV:64bit: - (CmBatt) -- C:\Windows\SysNative\drivers\CmBatt.sys (Microsoft Corporation)
DRV:64bit: - (AcpiPmi) -- C:\Windows\SysNative\drivers\acpipmi.sys (Microsoft Corporation)
DRV:64bit: - (AmdPPM) -- C:\Windows\SysNative\drivers\amdppm.sys (Microsoft Corporation)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (itecir) -- C:\Windows\SysNative\drivers\itecir.sys (ITE Tech. Inc. )
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AVPolDIR) -- C:\Windows\SysNative\drivers\AVPolDIR.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV:64bit: - (AVerPola) -- C:\Windows\SysNative\drivers\AVerPola.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (NetBIOS) -- C:\Windows\SysWOW64\netbios.dll (Microsoft Corporation)
DRV - (mpsdrv) -- C:\Windows\SysWOW64\wbem\mpsdrv.mof ()
DRV - (Tcpip) -- C:\Windows\SysWOW64\wbem\tcpip.mof ()
DRV - (mwlPSDVDisk) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlPSDVdisk.sys (Egis Technology Inc.)
DRV - (mwlPSDNServ) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlPSDNServ.sys (Egis Technology Inc.)
DRV - (mwlPSDFilter) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlPSDFilter.sys (Egis Technology Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_z5600&r=17360310e700p0347y115w4781t310
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_z5600&r=17360310e700p0347y115w4781t310
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_z5600&r=17360310e700p0347y115w4781t310
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_z5600&r=17360310e700p0347y115w4781t310

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_z5600&r=17360310e700p0347y115w4781t310
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.1&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}: C:\Program Files (x86)\Crawler\Toolbar\firefox\ [2010.04.10 17:30:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010.04.05 11:51:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010.04.05 11:51:12 | 000,000,000 | ---D | M]

[2010.03.18 21:31:40 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\mozilla\Extensions
[2010.04.10 22:53:54 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\8siz7289.default\extensions
[2010.04.06 23:40:37 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\8siz7289.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.04.10 18:27:52 | 000,000,947 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\Mozilla\FireFox\Profiles\8siz7289.default\searchplugins\icqplugin.xml
[2010.03.18 21:31:14 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\mozilla firefox\extensions
[2010.04.05 11:51:10 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2009.09.21 11:24:16 | 000,001,329 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\crawlersrch.xml
[2010.04.05 11:51:10 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.04.05 11:51:10 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.04.05 11:51:10 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.04.05 11:51:10 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.04.10 18:36:13 | 000,000,822 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg64.dll (Google Inc.)
O2 - BHO: () - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Crawler Toolbar) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TouchORB] C:\Program Files (x86)\TouchSettings\TouchPortalOBR.exe (Acer Corp.)
O4:64bit: - HKLM..\Run: [TouchPortal] C:\Program Files (x86)\Acer\Acer Touch Suite\TouchPortal.exe (Acer Corp.)
O4 - HKLM..\Run: [avgnt] D:\Datein\Antivir\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [SpyHunter Security Suite] C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter3.exe (Enigma Software Group USA, LLC.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [MusicGadget] C:\Program Files (x86)\Acer\Acer Touch Suite\TouchMusic.exe ()
O4 - HKCU..\Run: [PhotoGadget] C:\Program Files (x86)\Acer\Acer Touch Suite\TouchPhotoShow.exe (acer)
O4 - HKCU..\Run: [PhotoGadgetFirstRun] Reg Error: Invalid data type. File not found
O4 - HKCU..\Run: [PhotoGadgetFirstRun_Portal] Reg Error: Invalid data type. File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [TouchMemo] C:\Program Files (x86)\Acer\Acer Touch Suite\TouchMemo.exe (Acer Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files (x86)\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysNative\wshbth.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Windows\SysWOW64\wshbth.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tbr {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~2\Crawler\Toolbar\ctbr.dll (Crawler.com)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.04.10 23:12:45 | 000,561,664 | ---- | C] (OldTimer Tools) -- C:\Users\Standard\Desktop\OTL.exe
[2010.04.10 20:33:26 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Roaming\Malwarebytes
[2010.04.10 20:33:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.04.10 20:33:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.04.10 20:33:01 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.04.10 20:33:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2010.04.10 18:52:34 | 000,069,152 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2010.04.10 18:52:34 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2010.04.10 18:52:15 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010.04.10 18:52:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010.04.10 18:52:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2010.04.10 18:35:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Enigma Software Group
[2010.04.10 17:30:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Crawler
[2010.04.10 17:30:05 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Roaming\Spyware Terminator
[2010.04.10 17:30:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2010.04.10 17:30:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator
[2010.04.10 16:47:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.04.10 16:47:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2010.04.05 14:46:21 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Roaming\Avira
[2010.04.05 14:41:29 | 000,116,568 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2010.04.05 14:41:29 | 000,081,072 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2010.04.05 14:41:29 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntdd.sys
[2010.04.05 14:41:29 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\SysWow64\drivers\avgntmgr.sys
[2010.04.05 14:41:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.04.05 14:37:08 | 000,000,000 | -H-D | C] -- C:\Users\Standard\Documents\Runes of Magic
[2010.04.05 14:35:47 | 000,000,000 | ---D | C] -- C:\CrashReport
[2010.04.02 13:05:04 | 000,000,000 | ---D | C] -- C:\RMS-Diamodul
[2010.03.31 09:55:20 | 001,192,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wininet.dll
[2010.03.31 09:55:20 | 001,026,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstime.dll
[2010.03.31 09:55:20 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstime.dll
[2010.03.31 09:55:19 | 000,977,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wininet.dll
[2010.03.31 09:55:19 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iedkcs32.dll
[2010.03.31 09:55:19 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iedkcs32.dll
[2010.03.31 09:55:19 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedsbs.dll
[2010.03.31 09:55:19 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedsbs.dll
[2010.03.27 16:10:15 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2010.03.27 12:49:48 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\Adobe
[2010.03.25 22:41:15 | 000,000,000 | ---D | C] -- C:\Users\Standard\Documents\Meine empfangenen Dateien
[2010.03.24 01:09:15 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2010.03.23 14:57:42 | 000,000,000 | ---D | C] -- C:\Users\Standard\Documents\SCi
[2010.03.23 14:55:19 | 000,188,416 | ---- | C] (Creative Technology Ltd) -- C:\Windows\SysWow64\eax.dll
[2010.03.22 11:12:43 | 000,000,000 | ---D | C] -- C:\Users\Standard\Desktop\Mediaplayer Homecinema
[2010.03.21 19:56:51 | 000,000,000 | ---D | C] -- C:\Users\Standard\Desktop\Touch
[2010.03.21 18:21:00 | 000,000,000 | ---D | C] -- C:\Users\Standard\Documents\DVDVideoSoft
[2010.03.21 18:20:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2010.03.21 18:20:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2010.03.21 14:55:02 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Roaming\Nero
[2010.03.21 14:04:22 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\Diagnostics
[2010.03.20 00:43:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2010.03.19 21:47:54 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\Gas Powered Games
[2010.03.19 21:32:59 | 014,629,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2010.03.19 21:32:58 | 011,406,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2010.03.19 21:32:58 | 001,975,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CertEnroll.dll
[2010.03.19 21:32:57 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2010.03.19 21:32:57 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CertEnroll.dll
[2010.03.19 21:32:56 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2010.03.19 21:31:51 | 002,870,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010.03.19 21:31:51 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2010.03.19 21:31:51 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winlogon.exe
[2010.03.19 21:23:21 | 000,960,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010.03.19 21:23:21 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010.03.19 21:23:21 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2010.03.19 21:23:21 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010.03.19 21:23:21 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2010.03.19 21:23:21 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010.03.19 21:23:21 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010.03.19 21:22:51 | 000,000,000 | ---D | C] -- C:\Users\Standard\Documents\My Games
[2010.03.19 20:44:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ6Toolbar
[2010.03.19 20:44:05 | 000,000,000 | ---D | C] -- C:\ProgramData\ICQ
[2010.03.19 20:39:44 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Roaming\ICQ
[2010.03.19 20:39:43 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\AOL
[2010.03.19 20:39:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ICQ7.0
[2010.03.19 19:54:18 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc.dll
[2010.03.19 19:54:18 | 000,422,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_isv.dll
[2010.03.19 19:54:18 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc.dll
[2010.03.19 19:54:18 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_isv.dll
[2010.03.19 19:54:18 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_isv.exe
[2010.03.19 19:54:18 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate.exe
[2010.03.19 19:54:18 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_isv.exe
[2010.03.19 19:54:18 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate.exe
[2010.03.19 19:54:18 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp.exe
[2010.03.19 19:54:18 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RMActivate_ssp_isv.exe
[2010.03.19 19:54:18 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp.exe
[2010.03.19 19:54:18 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
[2010.03.19 19:54:18 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp_isv.dll
[2010.03.19 19:54:18 | 000,121,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secproc_ssp.dll
[2010.03.19 19:54:18 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp_isv.dll
[2010.03.19 19:54:18 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\secproc_ssp.dll
[2010.03.19 19:53:03 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010.03.19 19:53:03 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010.03.19 19:53:03 | 000,148,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2010.03.19 19:53:03 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2010.03.19 19:53:03 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fontsub.dll
[2010.03.19 19:53:03 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fontsub.dll
[2010.03.19 18:51:41 | 000,000,000 | ---D | C] -- C:\Users\Standard\Documents\CyberLink
[2010.03.19 18:51:34 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Roaming\PowerCinema
[2010.03.19 18:51:32 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\PowerCinema
[2010.03.19 18:27:06 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2010.03.19 18:27:05 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2010.03.19 18:27:05 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2010.03.19 18:27:05 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2010.03.19 18:27:05 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2010.03.19 18:27:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2010.03.19 18:13:25 | 001,572,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2010.03.19 18:13:25 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2010.03.19 18:13:25 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\avifil32.dll
[2010.03.19 18:13:25 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mciavi32.dll
[2010.03.19 18:13:25 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iyuv_32.dll
[2010.03.19 18:13:25 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvidc32.dll
[2010.03.19 18:13:25 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msyuv.dll
[2010.03.19 18:13:25 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrle32.dll
[2010.03.19 18:13:25 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsbyuv.dll
[2010.03.19 18:05:51 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2010.03.19 18:05:50 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2010.03.19 18:02:56 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msasn1.dll
[2010.03.18 22:34:59 | 000,000,000 | ---D | C] -- C:\Users\Standard\Documents\Youcam
[2010.03.18 22:34:59 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Roaming\CyberLink
[2010.03.18 22:34:54 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\CyberLink
[2010.03.18 22:30:58 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Roaming\Media Player Classic
[2010.03.18 22:11:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft
[2010.03.18 22:02:49 | 000,000,000 | ---D | C] -- C:\Windows\de-DE
[2010.03.18 22:02:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\XPSViewer
[2010.03.18 22:02:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\drivers\de-DE
[2010.03.18 22:02:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\de-DE
[2010.03.18 22:02:48 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\0407
[2010.03.18 22:02:48 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0407
[2010.03.18 22:02:47 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\de
[2010.03.18 22:02:32 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\usbrpm.sys.mui
[2010.03.18 22:02:27 | 000,017,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\fvevol.sys.mui
[2010.03.18 22:02:22 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\qwavedrv.sys.mui
[2010.03.18 22:02:21 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\nwifi.sys.mui
[2010.03.18 22:02:21 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\qwavedrv.sys.mui
[2010.03.18 22:02:19 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\volsnap.sys.mui
[2010.03.18 22:02:19 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\usbport.sys.mui
[2010.03.18 22:02:19 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\processr.sys.mui
[2010.03.18 22:02:19 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\intelppm.sys.mui
[2010.03.18 22:02:19 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\amdppm.sys.mui
[2010.03.18 22:02:19 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\amdk8.sys.mui
[2010.03.18 22:02:19 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\usbhub.sys.mui
[2010.03.18 22:02:19 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\serial.sys.mui
[2010.03.18 22:02:19 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ohci1394.sys.mui
[2010.03.18 22:02:19 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\1394ohci.sys.mui
[2010.03.18 22:02:19 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerId.sys.mui
[2010.03.18 22:02:19 | 000,011,776 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerIb.sys.mui
[2010.03.18 22:02:19 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\i8042prt.sys.mui
[2010.03.18 22:02:19 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\acpi.sys.mui
[2010.03.18 22:02:19 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\battc.sys.mui
[2010.03.18 22:02:19 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\pci.sys.mui
[2010.03.18 22:02:19 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\IPMIDrv.sys.mui
[2010.03.18 22:02:19 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\sermouse.sys.mui
[2010.03.18 22:02:19 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\kbdclass.sys.mui
[2010.03.18 22:02:19 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mouclass.sys.mui
[2010.03.18 22:02:19 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\wacompen.sys.mui
[2010.03.18 22:02:19 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vhdmp.sys.mui
[2010.03.18 22:02:19 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vdrvroot.sys.mui
[2010.03.18 22:02:19 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\tpm.sys.mui
[2010.03.18 22:02:19 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\isapnp.sys.mui
[2010.03.18 22:02:19 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\hdaudbus.sys.mui
[2010.03.18 22:02:19 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\parport.sys.mui
[2010.03.18 22:02:19 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ataport.sys.mui
[2010.03.18 22:02:19 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\umbus.sys.mui
[2010.03.18 22:02:19 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mssmbios.sys.mui
[2010.03.18 22:02:19 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mouhid.sys.mui
[2010.03.18 22:02:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vwifibus.sys.mui
[2010.03.18 22:02:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ULIAGPKX.SYS.mui
[2010.03.18 22:02:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\UAGP35.SYS.mui
[2010.03.18 22:02:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\NV_AGP.SYS.mui
[2010.03.18 22:02:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\MTConfig.sys.mui
[2010.03.18 22:02:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\kbdhid.sys.mui
[2010.03.18 22:02:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\GAGP30KX.SYS.mui
[2010.03.18 22:02:19 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\AGP440.sys.mui
[2010.03.18 22:02:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\wd.sys.mui
[2010.03.18 22:02:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\disk.sys.mui
[2010.03.18 22:02:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\cdrom.sys.mui
[2010.03.18 22:02:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\amdide.sys.mui
[2010.03.18 22:02:18 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\tcpip.sys.mui
[2010.03.18 22:02:18 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mpio.sys.mui
[2010.03.18 22:02:18 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\bthport.sys.mui
[2010.03.18 22:02:18 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\msdsm.sys.mui
[2010.03.18 22:02:18 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\pcmcia.sys.mui
[2010.03.18 22:02:18 | 000,004,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\bthpan.sys.mui
[2010.03.18 22:02:18 | 000,004,096 | ---- | C] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\de-DE\pscr.sys.mui
[2010.03.18 22:02:18 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\portcls.sys.mui
[2010.03.18 22:02:18 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\HdAudio.sys.mui
[2010.03.18 22:02:18 | 000,003,584 | ---- | C] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\de-DE\atikmdag.sys.mui
[2010.03.18 22:02:18 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\serscan.sys.mui
[2010.03.18 22:02:18 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\rndismpx.sys.mui
[2010.03.18 22:02:18 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\rndismp6.sys.mui
[2010.03.18 22:02:18 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\hidbth.sys.mui
[2010.03.18 22:02:18 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\pnpmem.sys.mui
[2010.03.18 22:02:18 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\Dot4usb.sys.mui
[2010.03.18 22:02:18 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\BTHUSB.SYS.mui
[2010.03.18 22:02:18 | 000,002,560 | ---- | C] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrParwdm.sys.mui
[2010.03.18 22:02:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ws2ifsl.sys.mui
[2010.03.18 22:02:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\bthenum.sys.mui
[2010.03.18 22:02:15 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\bfe.dll.mui
[2010.03.18 22:02:15 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\pacer.sys.mui
[2010.03.18 22:02:14 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\modem.sys.mui
[2010.03.18 22:02:12 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\afd.sys.mui
[2010.03.18 22:02:12 | 000,003,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ipnat.sys.mui
[2010.03.18 22:02:12 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\volmgrx.sys.mui
[2010.03.18 22:02:11 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ntfs.sys.mui
[2010.03.18 22:02:11 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\tunnel.sys.mui
[2010.03.18 22:02:11 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\luafv.sys.mui
[2010.03.18 22:02:11 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\ndiscap.sys.mui
[2010.03.18 22:02:11 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\rdbss.sys.mui
[2010.03.18 22:02:11 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\srv.sys.mui
[2010.03.18 22:02:11 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\scfilter.sys.mui
[2010.03.18 22:02:10 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ndisuio.sys.mui
[2010.03.18 22:02:10 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\partmgr.sys.mui
[2010.03.18 22:02:10 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mountmgr.sys.mui
[2010.03.18 22:02:09 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\tcpip.sys.mui
[2010.03.18 22:02:09 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ndiscap.sys.mui
[2010.03.18 22:02:09 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\RNDISMP.sys.mui
[2010.03.18 22:02:09 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\scfilter.sys.mui
[2010.03.18 22:02:08 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ndis.sys.mui
[2010.03.18 22:02:08 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\fltmgr.sys.mui
[2010.03.18 22:02:08 | 000,002,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\wdf01000.sys.mui
[2010.03.18 22:02:07 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\http.sys.mui
[2010.03.18 22:02:07 | 000,029,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\bfe.dll.mui
[2010.03.18 22:02:07 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\pacer.sys.mui
[2010.03.18 22:02:07 | 000,003,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\scsiport.sys.mui
[2010.03.18 21:31:30 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Roaming\Mozilla
[2010.03.18 21:31:30 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\Mozilla
[2010.03.18 21:31:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2010.03.18 21:28:48 | 000,000,000 | ---D | C] -- C:\Users\Standard\Tracing
[2010.03.18 20:25:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Friends Games
[2010.03.18 20:16:45 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Roaming\skypePM
[2010.03.18 20:15:58 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Roaming\Skype
[2010.03.18 20:14:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010.03.18 20:14:22 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2010.03.18 20:14:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010.03.18 20:01:52 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\Microsoft Games
[2010.03.18 19:55:01 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Roaming\Adobe
[2010.03.18 19:44:31 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Roaming\Google
[2010.03.18 19:44:30 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\Google
[2010.03.18 14:16:45 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Screensaver
[2010.03.18 14:16:45 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Roaming\Macromedia
[2010.03.18 14:15:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2010.03.18 14:14:54 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\Microsoft Help
[2010.03.18 14:11:52 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2010.03.18 14:09:05 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2010.03.18 14:09:05 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2010.03.18 14:08:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010.03.18 14:08:07 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010.03.18 14:08:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010.03.18 14:07:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2010.03.18 14:07:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2010.03.18 14:05:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CyberLink
[2010.03.18 14:04:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2010.03.18 14:02:19 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\Broadcom
[2010.03.18 14:02:19 | 000,000,000 | ---D | C] -- C:\Users\Standard\Documents\Bluetooth-Exchange-Ordner
[2010.03.18 14:02:02 | 000,035,104 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwl2cap.sys
[2010.03.18 14:02:01 | 000,132,648 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwavdt.sys
[2010.03.18 14:02:01 | 000,098,344 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwaudio.sys
[2010.03.18 14:02:01 | 000,021,160 | ---- | C] (Broadcom Corporation.) -- C:\Windows\SysNative\drivers\btwrchid.sys
[2010.03.18 14:01:52 | 000,000,000 | ---D | C] -- C:\Programme\WIDCOMM
[2010.03.18 13:59:11 | 000,024,576 | ---- | C] (Conexant Systems Inc.) -- C:\Windows\SysNative\cxtvrate.dll
[2010.03.18 13:59:11 | 000,018,944 | ---- | C] (AVerMedia TECHNOLOGIES, Inc.) -- C:\Windows\SysNative\cpnotify.ax
[2010.03.18 13:57:25 | 000,060,416 | ---- | C] (ITE Tech. Inc. ) -- C:\Windows\SysNative\drivers\itecir.sys
[2010.03.18 13:57:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ITE
[2010.03.18 13:57:15 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Roaming\InstallShield
[2010.03.18 13:56:01 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Roaming\TouchGadget
[2010.03.18 13:55:55 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Roaming\ATI
[2010.03.18 13:55:55 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\ATI
[2010.03.18 13:55:55 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2010.03.18 13:55:52 | 000,000,000 | ---D | C] -- C:\ProgramData\McQcModifier-5c47-a7b0
[2010.03.18 13:55:52 | 000,000,000 | ---D | C] -- C:\book
[2010.03.18 13:55:51 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\EgisTec
[2010.03.18 13:55:38 | 000,000,000 | R--D | C] -- C:\Users\Standard\Searches
[2010.03.18 13:55:31 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Roaming\Identities
[2010.03.18 13:55:29 | 000,000,000 | R--D | C] -- C:\Users\Standard\Contacts
[2010.03.18 13:55:28 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\VirtualStore
[2010.03.18 13:52:54 | 000,000,000 | ---D | C] -- C:\Programme\Acer Accessory Store
[2010.03.18 13:52:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OEM
[2010.03.18 13:52:22 | 000,000,000 | --SD | C] -- C:\Users\Standard\AppData\Roaming\Microsoft
[2010.03.18 13:52:22 | 000,000,000 | R--D | C] -- C:\Users\Standard\Videos
[2010.03.18 13:52:22 | 000,000,000 | R--D | C] -- C:\Users\Standard\Saved Games
[2010.03.18 13:52:22 | 000,000,000 | R--D | C] -- C:\Users\Standard\Pictures
[2010.03.18 13:52:22 | 000,000,000 | R--D | C] -- C:\Users\Standard\Music
[2010.03.18 13:52:22 | 000,000,000 | R--D | C] -- C:\Users\Standard\Links
[2010.03.18 13:52:22 | 000,000,000 | R--D | C] -- C:\Users\Standard\Favorites
[2010.03.18 13:52:22 | 000,000,000 | R--D | C] -- C:\Users\Standard\Downloads
[2010.03.18 13:52:22 | 000,000,000 | R--D | C] -- C:\Users\Standard\Documents
[2010.03.18 13:52:22 | 000,000,000 | R--D | C] -- C:\Users\Standard\Desktop
[2010.03.18 13:52:22 | 000,000,000 | -HSD | C] -- C:\Users\Standard\Vorlagen
[2010.03.18 13:52:22 | 000,000,000 | -HSD | C] -- C:\Users\Standard\AppData\Local\Verlauf
[2010.03.18 13:52:22 | 000,000,000 | -HSD | C] -- C:\Users\Standard\AppData\Local\Temporary Internet Files
[2010.03.18 13:52:22 | 000,000,000 | -HSD | C] -- C:\Users\Standard\Startmenü
[2010.03.18 13:52:22 | 000,000,000 | -HSD | C] -- C:\Users\Standard\SendTo
[2010.03.18 13:52:22 | 000,000,000 | -HSD | C] -- C:\Users\Standard\Recent
[2010.03.18 13:52:22 | 000,000,000 | -HSD | C] -- C:\Users\Standard\Netzwerkumgebung
[2010.03.18 13:52:22 | 000,000,000 | -HSD | C] -- C:\Users\Standard\Lokale Einstellungen
[2010.03.18 13:52:22 | 000,000,000 | -HSD | C] -- C:\Users\Standard\Documents\Eigene Videos
[2010.03.18 13:52:22 | 000,000,000 | -HSD | C] -- C:\Users\Standard\Documents\Eigene Musik
[2010.03.18 13:52:22 | 000,000,000 | -HSD | C] -- C:\Users\Standard\Eigene Dateien
[2010.03.18 13:52:22 | 000,000,000 | -HSD | C] -- C:\Users\Standard\Documents\Eigene Bilder
[2010.03.18 13:52:22 | 000,000,000 | -HSD | C] -- C:\Users\Standard\Druckumgebung
[2010.03.18 13:52:22 | 000,000,000 | -HSD | C] -- C:\Users\Standard\Cookies
[2010.03.18 13:52:22 | 000,000,000 | -HSD | C] -- C:\Users\Standard\AppData\Local\Anwendungsdaten
[2010.03.18 13:52:22 | 000,000,000 | -HSD | C] -- C:\Users\Standard\Anwendungsdaten
[2010.03.18 13:52:22 | 000,000,000 | -H-D | C] -- C:\Users\Standard\AppData
[2010.03.18 13:52:22 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\Temp
[2010.03.18 13:52:22 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\Microsoft
[2010.03.18 13:52:22 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Roaming\Media Center Programs
[2010.03.18 13:52:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2010.03.18 13:52:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2010.03.18 13:52:14 | 000,000,000 | -HSD | C] -- C:\Recovery
[2010.03.18 13:52:14 | 000,000,000 | -HSD | C] -- C:\Programme
[2010.03.18 13:52:14 | 000,000,000 | -HSD | C] -- C:\Programme\Gemeinsame Dateien
[2010.03.18 13:52:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2010.03.18 13:52:14 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2010.03.18 13:52:14 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2010.03.18 13:52:14 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2010.03.18 13:52:14 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2010.03.18 13:52:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2010.03.18 13:52:14 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2010.03.18 13:31:19 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2010.03.18 13:31:19 | 000,000,000 | ---D | C] -- C:\Programme\Realtek
[2010.03.18 13:31:15 | 001,603,104 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2010.03.18 13:31:15 | 001,355,808 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2010.03.18 13:31:15 | 001,167,904 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2010.03.18 13:31:15 | 000,611,360 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2010.03.18 13:31:15 | 000,513,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2010.03.18 13:31:15 | 000,417,824 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2010.03.18 13:31:15 | 000,332,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2010.03.18 13:31:15 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2010.03.18 13:31:15 | 000,304,640 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2010.03.18 13:31:15 | 000,211,376 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2010.03.18 13:31:15 | 000,193,536 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2010.03.18 13:31:15 | 000,150,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2010.03.18 13:31:15 | 000,149,536 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2010.03.18 13:31:15 | 000,063,008 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInst64.dll
[2010.03.18 13:31:14 | 000,831,488 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2010.03.18 13:31:14 | 000,311,296 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2010.03.18 13:31:14 | 000,294,400 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2010.03.18 13:31:14 | 000,166,400 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2010.03.18 13:31:14 | 000,108,032 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2010.03.18 13:31:14 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2010.03.18 13:31:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2010.03.18 13:29:40 | 000,000,000 | ---D | C] -- C:\Programme\ATI
[2010.03.18 13:29:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2010.03.18 13:29:27 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2010.03.18 13:26:56 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2009.09.16 04:59:59 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe

RR_Diablo 10.04.2010 22:22
========== Files - Modified Within 30 Days ==========

[2010.04.10 23:15:27 | 005,505,024 | -HS- | M] () -- C:\Users\Standard\ntuser.dat
[2010.04.10 23:12:57 | 000,561,664 | ---- | M] (OldTimer Tools) -- C:\Users\Standard\Desktop\OTL.exe
[2010.04.10 23:10:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.04.10 21:10:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.04.10 20:47:42 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.04.10 20:47:42 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.04.10 20:45:09 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010.04.10 20:45:09 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2010.04.10 20:45:09 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010.04.10 20:45:09 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2010.04.10 20:45:09 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010.04.10 20:40:28 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.04.10 20:40:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.04.10 20:40:18 | 3219,197,952 | -HS- | M] () -- C:\hiberfil.sys
[2010.04.10 20:39:36 | 003,933,260 | -H-- | M] () -- C:\Users\Standard\AppData\Local\IconCache.db
[2010.04.10 20:33:06 | 000,001,017 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.10 18:52:14 | 000,001,154 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.04.10 18:35:56 | 000,001,254 | ---- | M] () -- C:\Users\Public\Desktop\SpyHunter.lnk
[2010.04.10 17:51:43 | 000,000,269 | ---- | M] () -- C:\Windows\wininit.ini
[2010.04.10 17:34:24 | 000,001,130 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator.lnk
[2010.04.10 17:30:06 | 000,142,592 | ---- | M] () -- C:\Windows\SysWow64\drivers\sp_rsdrv2.sys
[2010.04.10 16:47:51 | 000,001,266 | ---- | M] () -- C:\Users\Standard\Desktop\Spybot - Search & Destroy.lnk
[2010.04.09 21:20:23 | 000,181,248 | ---- | M] () -- C:\Windows\Ofomia.exe
[2010.04.08 15:21:25 | 000,000,772 | ---- | M] () -- C:\Users\Standard\Desktop\Sacred.lnk
[2010.04.05 23:04:20 | 000,001,048 | ---- | M] () -- C:\Users\Standard\Desktop\Runes of Magic.lnk
[2010.04.05 22:54:48 | 000,023,552 | ---- | M] () -- C:\Users\Standard\Documents\Offdöerfer - HH.xls
[2010.04.05 14:41:31 | 000,000,990 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.04.05 01:22:27 | 000,524,288 | -HS- | M] () -- C:\Users\Standard\ntuser.dat{85cd0502-401c-11df-9f84-000df07101d4}.TMContainer00000000000000000002.regtrans-ms
[2010.04.05 01:22:27 | 000,524,288 | -HS- | M] () -- C:\Users\Standard\ntuser.dat{85cd0502-401c-11df-9f84-000df07101d4}.TMContainer00000000000000000001.regtrans-ms
[2010.04.05 01:22:27 | 000,065,536 | -HS- | M] () -- C:\Users\Standard\ntuser.dat{85cd0502-401c-11df-9f84-000df07101d4}.TM.blf
[2010.04.02 13:32:03 | 000,000,755 | ---- | M] () -- C:\Users\Public\Desktop\Far Cry.lnk
[2010.04.01 22:51:42 | 000,007,611 | ---- | M] () -- C:\Users\Standard\AppData\Local\Resmon.ResmonCfg
[2010.03.29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010.03.29 15:24:46 | 000,024,664 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010.03.24 22:24:04 | 000,000,355 | ---- | M] () -- C:\Users\Standard\Desktop\COMPUTER.lnk
[2010.03.23 14:55:28 | 000,000,744 | ---- | M] () -- C:\Users\Public\Desktop\Conflict Vietnam starten.lnk
[2010.03.21 18:21:00 | 000,001,247 | ---- | M] () -- C:\Users\Standard\Desktop\DVDVideoSoft Free Studio.lnk
[2010.03.20 10:43:17 | 000,342,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010.03.20 00:41:44 | 000,000,510 | ---- | M] () -- C:\Windows\win.ini
[2010.03.19 23:21:36 | 000,314,373 | ---- | M] () -- C:\Users\Standard\Documents\Lyneath.jpg
[2010.03.18 22:02:41 | 000,295,922 | ---- | M] () -- C:\Windows\SysNative\perfi007.dat
[2010.03.18 22:02:41 | 000,038,104 | ---- | M] () -- C:\Windows\SysNative\perfd007.dat
[2010.03.18 22:02:32 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\usbrpm.sys.mui
[2010.03.18 22:02:27 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\fvevol.sys.mui
[2010.03.18 22:02:25 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\UMDF\de-DE\WpdMtpDr.dll.mui
[2010.03.18 22:02:22 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\qwavedrv.sys.mui
[2010.03.18 22:02:21 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\nwifi.sys.mui
[2010.03.18 22:02:21 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\qwavedrv.sys.mui
[2010.03.18 22:02:19 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\volsnap.sys.mui
[2010.03.18 22:02:19 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\usbport.sys.mui
[2010.03.18 22:02:19 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\processr.sys.mui
[2010.03.18 22:02:19 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\intelppm.sys.mui
[2010.03.18 22:02:19 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\amdppm.sys.mui
[2010.03.18 22:02:19 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\amdk8.sys.mui
[2010.03.18 22:02:19 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\usbhub.sys.mui
[2010.03.18 22:02:19 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\serial.sys.mui
[2010.03.18 22:02:19 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ohci1394.sys.mui
[2010.03.18 22:02:19 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\1394ohci.sys.mui
[2010.03.18 22:02:19 | 000,011,776 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerId.sys.mui
[2010.03.18 22:02:19 | 000,011,776 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrSerIb.sys.mui
[2010.03.18 22:02:19 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\i8042prt.sys.mui
[2010.03.18 22:02:19 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\acpi.sys.mui
[2010.03.18 22:02:19 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\battc.sys.mui
[2010.03.18 22:02:19 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\pci.sys.mui
[2010.03.18 22:02:19 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\IPMIDrv.sys.mui
[2010.03.18 22:02:19 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\sermouse.sys.mui
[2010.03.18 22:02:19 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\kbdclass.sys.mui
[2010.03.18 22:02:19 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mouclass.sys.mui
[2010.03.18 22:02:19 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\wacompen.sys.mui
[2010.03.18 22:02:19 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vhdmp.sys.mui
[2010.03.18 22:02:19 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vdrvroot.sys.mui
[2010.03.18 22:02:19 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\tpm.sys.mui
[2010.03.18 22:02:19 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\isapnp.sys.mui
[2010.03.18 22:02:19 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\hdaudbus.sys.mui
[2010.03.18 22:02:19 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\parport.sys.mui
[2010.03.18 22:02:19 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ataport.sys.mui
[2010.03.18 22:02:19 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\umbus.sys.mui
[2010.03.18 22:02:19 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mssmbios.sys.mui
[2010.03.18 22:02:19 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mouhid.sys.mui
[2010.03.18 22:02:19 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\vwifibus.sys.mui
[2010.03.18 22:02:19 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ULIAGPKX.SYS.mui
[2010.03.18 22:02:19 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\UAGP35.SYS.mui
[2010.03.18 22:02:19 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\NV_AGP.SYS.mui
[2010.03.18 22:02:19 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\MTConfig.sys.mui
[2010.03.18 22:02:19 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\kbdhid.sys.mui
[2010.03.18 22:02:19 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\GAGP30KX.SYS.mui
[2010.03.18 22:02:19 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\AGP440.sys.mui
[2010.03.18 22:02:19 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\wd.sys.mui
[2010.03.18 22:02:19 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\disk.sys.mui
[2010.03.18 22:02:19 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\cdrom.sys.mui
[2010.03.18 22:02:19 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\amdide.sys.mui
[2010.03.18 22:02:18 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\tcpip.sys.mui
[2010.03.18 22:02:18 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mpio.sys.mui
[2010.03.18 22:02:18 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\bthport.sys.mui
[2010.03.18 22:02:18 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\UMDF\de-DE\WUDFUsbccidDriver.dll.mui
[2010.03.18 22:02:18 | 000,006,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\msdsm.sys.mui
[2010.03.18 22:02:18 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\pcmcia.sys.mui
[2010.03.18 22:02:18 | 000,004,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\bthpan.sys.mui
[2010.03.18 22:02:18 | 000,004,096 | ---- | M] (SCM Microsystems, Inc.) -- C:\Windows\SysNative\drivers\de-DE\pscr.sys.mui
[2010.03.18 22:02:18 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\portcls.sys.mui
[2010.03.18 22:02:18 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\HdAudio.sys.mui
[2010.03.18 22:02:18 | 000,003,584 | ---- | M] (ATI Technologies Inc.) -- C:\Windows\SysNative\drivers\de-DE\atikmdag.sys.mui
[2010.03.18 22:02:18 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\serscan.sys.mui
[2010.03.18 22:02:18 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\rndismpx.sys.mui
[2010.03.18 22:02:18 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\rndismp6.sys.mui
[2010.03.18 22:02:18 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\hidbth.sys.mui
[2010.03.18 22:02:18 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\pnpmem.sys.mui
[2010.03.18 22:02:18 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\Dot4usb.sys.mui
[2010.03.18 22:02:18 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\BTHUSB.SYS.mui
[2010.03.18 22:02:18 | 000,002,560 | ---- | M] (Brother Industries Ltd.) -- C:\Windows\SysNative\drivers\de-DE\BrParwdm.sys.mui
[2010.03.18 22:02:18 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ws2ifsl.sys.mui
[2010.03.18 22:02:18 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\bthenum.sys.mui
[2010.03.18 22:02:15 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\bfe.dll.mui
[2010.03.18 22:02:15 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\pacer.sys.mui
[2010.03.18 22:02:14 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\modem.sys.mui
[2010.03.18 22:02:12 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\afd.sys.mui
[2010.03.18 22:02:12 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ipnat.sys.mui
[2010.03.18 22:02:12 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\volmgrx.sys.mui
[2010.03.18 22:02:11 | 000,072,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ntfs.sys.mui
[2010.03.18 22:02:11 | 000,009,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\tunnel.sys.mui
[2010.03.18 22:02:11 | 000,007,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\luafv.sys.mui
[2010.03.18 22:02:11 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\ndiscap.sys.mui
[2010.03.18 22:02:11 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\rdbss.sys.mui
[2010.03.18 22:02:11 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\srv.sys.mui
[2010.03.18 22:02:11 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\scfilter.sys.mui
[2010.03.18 22:02:10 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ndisuio.sys.mui
[2010.03.18 22:02:10 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\partmgr.sys.mui
[2010.03.18 22:02:10 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\mountmgr.sys.mui
[2010.03.18 22:02:09 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\tcpip.sys.mui
[2010.03.18 22:02:09 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ndiscap.sys.mui
[2010.03.18 22:02:09 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\RNDISMP.sys.mui
[2010.03.18 22:02:09 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\scfilter.sys.mui
[2010.03.18 22:02:08 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\ndis.sys.mui
[2010.03.18 22:02:08 | 000,005,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\fltmgr.sys.mui
[2010.03.18 22:02:08 | 000,002,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\wdf01000.sys.mui
[2010.03.18 22:02:07 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\http.sys.mui
[2010.03.18 22:02:07 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\bfe.dll.mui
[2010.03.18 22:02:07 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\drivers\de-DE\pacer.sys.mui
[2010.03.18 22:02:07 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\scsiport.sys.mui
[2010.03.18 21:31:33 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010.03.18 21:31:16 | 000,001,947 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.03.18 20:16:46 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010.03.18 20:14:23 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.03.18 14:29:56 | 000,079,152 | ---- | M] () -- C:\Users\Standard\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.03.18 14:29:45 | 000,001,125 | ---- | M] () -- C:\Users\Standard\Desktop\CyberLink YouCam.lnk
[2010.03.18 14:28:24 | 000,524,288 | -HS- | M] () -- C:\Users\Standard\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010.03.18 14:28:24 | 000,524,288 | -HS- | M] () -- C:\Users\Standard\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010.03.18 14:28:24 | 000,065,536 | -HS- | M] () -- C:\Users\Standard\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010.03.18 14:12:55 | 000,002,145 | ---- | M] () -- C:\Users\Public\Desktop\CyberLink PowerCinema.lnk
[2010.03.18 14:08:52 | 000,000,020 | ---- | M] () -- C:\Windows\äø7
[2010.03.18 14:02:07 | 000,000,834 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2010.03.18 13:52:22 | 000,000,020 | -HS- | M] () -- C:\Users\Standard\ntuser.ini
[2010.03.18 13:51:59 | 000,052,953 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2010.03.18 13:51:59 | 000,052,953 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2010.03.18 13:33:16 | 000,000,006 | ---- | M] () -- C:\Windows\SysNative\PLD_Framework.cmd
[2010.03.18 13:27:31 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin

========== Files Created - No Company Name ==========

[2010.04.10 20:33:06 | 000,001,017 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.10 19:35:32 | 000,015,880 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2010.04.10 18:52:14 | 000,001,154 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.04.10 18:35:56 | 000,001,254 | ---- | C] () -- C:\Users\Public\Desktop\SpyHunter.lnk
[2010.04.10 17:34:24 | 000,001,130 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator.lnk
[2010.04.10 17:30:06 | 000,142,592 | ---- | C] () -- C:\Windows\SysWow64\drivers\sp_rsdrv2.sys
[2010.04.10 17:05:22 | 000,000,269 | ---- | C] () -- C:\Windows\wininit.ini
[2010.04.10 16:47:51 | 000,001,266 | ---- | C] () -- C:\Users\Standard\Desktop\Spybot - Search & Destroy.lnk
[2010.04.09 21:20:27 | 000,181,248 | ---- | C] () -- C:\Windows\Ofomia.exe
[2010.04.08 15:21:25 | 000,000,772 | ---- | C] () -- C:\Users\Standard\Desktop\Sacred.lnk
[2010.04.05 22:50:42 | 000,001,048 | ---- | C] () -- C:\Users\Standard\Desktop\Runes of Magic.lnk
[2010.04.05 22:44:56 | 000,023,552 | ---- | C] () -- C:\Users\Standard\Documents\Offdöerfer - HH.xls
[2010.04.05 14:41:31 | 000,000,990 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.04.04 21:02:13 | 000,524,288 | -HS- | C] () -- C:\Users\Standard\ntuser.dat{85cd0502-401c-11df-9f84-000df07101d4}.TMContainer00000000000000000002.regtrans-ms
[2010.04.04 21:02:13 | 000,524,288 | -HS- | C] () -- C:\Users\Standard\ntuser.dat{85cd0502-401c-11df-9f84-000df07101d4}.TMContainer00000000000000000001.regtrans-ms
[2010.04.04 21:02:13 | 000,065,536 | -HS- | C] () -- C:\Users\Standard\ntuser.dat{85cd0502-401c-11df-9f84-000df07101d4}.TM.blf
[2010.04.02 13:32:03 | 000,000,755 | ---- | C] () -- C:\Users\Public\Desktop\Far Cry.lnk
[2010.03.24 22:24:04 | 000,000,355 | ---- | C] () -- C:\Users\Standard\Desktop\COMPUTER.lnk
[2010.03.23 14:55:28 | 000,000,744 | ---- | C] () -- C:\Users\Public\Desktop\Conflict Vietnam starten.lnk
[2010.03.21 18:21:00 | 000,001,247 | ---- | C] () -- C:\Users\Standard\Desktop\DVDVideoSoft Free Studio.lnk
[2010.03.19 23:20:45 | 000,314,373 | ---- | C] () -- C:\Users\Standard\Documents\Lyneath.jpg
[2010.03.18 22:03:05 | 000,643,628 | ---- | C] () -- C:\Windows\SysNative\perfh007.dat
[2010.03.18 22:03:05 | 000,295,922 | ---- | C] () -- C:\Windows\SysNative\perfi007.dat
[2010.03.18 22:03:05 | 000,126,188 | ---- | C] () -- C:\Windows\SysNative\perfc007.dat
[2010.03.18 22:03:05 | 000,038,104 | ---- | C] () -- C:\Windows\SysNative\perfd007.dat
[2010.03.18 21:31:33 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.03.18 21:31:16 | 000,001,947 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.03.18 21:28:35 | 000,001,108 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.03.18 21:28:34 | 000,001,104 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.03.18 20:16:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.03.18 20:14:23 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.03.18 20:05:57 | 000,007,611 | ---- | C] () -- C:\Users\Standard\AppData\Local\Resmon.ResmonCfg
[2010.03.18 14:13:02 | 000,000,114 | ---- | C] () -- C:\ProgramData\{70CC0095-AA68-45BE-AE98-D8170182E9EB}.log
[2010.03.18 14:12:55 | 000,002,145 | ---- | C] () -- C:\Users\Public\Desktop\CyberLink PowerCinema.lnk
[2010.03.18 14:11:59 | 000,000,108 | ---- | C] () -- C:\ProgramData\{2637C347-9DAD-11D6-9EA2-00055D0CA761}.log
[2010.03.18 14:08:52 | 000,000,020 | ---- | C] () -- C:\Windows\äø7
[2010.03.18 14:06:42 | 000,001,125 | ---- | C] () -- C:\Users\Standard\Desktop\CyberLink YouCam.lnk
[2010.03.18 14:01:57 | 000,000,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
[2010.03.18 13:59:11 | 000,016,382 | ---- | C] () -- C:\Windows\SysNative\drivers\MerlinD.rom
[2010.03.18 13:52:22 | 005,505,024 | -HS- | C] () -- C:\Users\Standard\ntuser.dat
[2010.03.18 13:52:22 | 000,524,288 | -HS- | C] () -- C:\Users\Standard\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2010.03.18 13:52:22 | 000,524,288 | -HS- | C] () -- C:\Users\Standard\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2010.03.18 13:52:22 | 000,262,144 | -HS- | C] () -- C:\Users\Standard\ntuser.dat.LOG1
[2010.03.18 13:52:22 | 000,065,536 | -HS- | C] () -- C:\Users\Standard\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2010.03.18 13:52:22 | 000,000,020 | -HS- | C] () -- C:\Users\Standard\ntuser.ini
[2010.03.18 13:52:22 | 000,000,000 | -HS- | C] () -- C:\Users\Standard\ntuser.dat.LOG2
[2010.03.18 13:31:16 | 000,189,796 | ---- | C] () -- C:\Windows\SysNative\drivers\RTConvEQ.dat
[2010.03.18 13:31:16 | 000,001,112 | ---- | C] () -- C:\Windows\SysNative\drivers\RtHdatEx.dat
[2010.03.18 13:27:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.03.18 13:26:55 | 3219,197,952 | -HS- | C] () -- C:\hiberfil.sys
[2009.09.16 04:59:39 | 000,192,484 | ---- | C] () -- C:\Program Files (x86)\Common Files\Acer GameZone online.ico
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:0B9176C0
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\ProgramData\Temp:A8ADE5D8
< End of report >

Chris4You 10.04.2010 22:32
Hi,

das sieht nicht schlecht aus, über das hier lässt sich streiten:
Zitat:
O4 - HKLM..\Run: [SpyHunter Security Suite] C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter3.exe (Enigma Software Group USA, LLC.)
Abschließend Cureit:
http://www.trojaner-board.de/59299-a...eb-cureit.html
Nach Beendigung des Scans findes Du das Log unter %USERPROFILE%\DoctorWeb\CureIt.log.
Bevor du irgendwelche Aktionen unternimmst, kopiere bitte den Inhalt des Logs und poste ihn.
Die Log Datei ist sehr groß, ca. über 5MB Text. Benutzt einfach die Suche nach "infiziert" und kopiert betreffende Teile heraus, bevor Du sie postet.

chris

RR_Diablo 10.04.2010 22:40
diese Spyhunter3.exe datei ist ein Spyware prgramm was ich gesucht habe um mein Problem zu lösen... (habe das programm nun deinstalliert )

theoretisch müsste dann ja alles wech sein... ?!

Chris4You 10.04.2010 23:13
Hi,

die Sicherheit kann Dir leider keiner geben...
Wenn sich der Rechner wieder normal verhält, im Moment sehe ich nichts mehr...

chris

RR_Diablo 11.04.2010 13:14
joa tut sich eigentlich auch nichtmehr besonderes... (auffallend schlimmes)

denke mal das Problem ist gelöst

Danke für die schnelle hilfe macht weiter so !!! :applaus::applaus::applaus:

LG

laevalalala 14.04.2010 12:21
Hallo!

Ich habe genau das gleiche Problem. Habe inzwischen schon das OTL Programm runtergeladen und (hoffentlich) alle Hinweise beachtet.
Wäre nett wenn sich hier mal jemand meldet, dann kann ich die 2 Logfiles posten.

Vielen Dank
lg eva

Chris4You 14.04.2010 13:04
Hi,

lass erst MAM laufen und dann mache nochmal ein OTL-Log...
Eigentlich muß ein neuer Thread aufgemacht werden, aber wenn wir es schnell "abhandeln" können lassen wir es mal so...

Malwarebytes Antimalware (MAM)
Anleitung&Download hier: http://www.trojaner-board.de/51187-m...i-malware.html
Falls der Download nicht klappt, bitte hierüber eine generische Version runterladen:
http://filepony.de/download-chameleon/
Danach bitte update der Signaturdateien (Reiter "Update" -> Suche nach Aktualisierungen")
Fullscan und alles bereinigen lassen! Log posten.

chris

laevalalala 14.04.2010 16:33
okay danke!

angeblich 16 infizierte Objekte gefunden,
ich hoffe das stimmt so!?:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 3986

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

14.04.2010 17:32:32
mbam-log-2010-04-14 (17-32-32).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 284088
Laufzeit: 3 Stunde(n), 16 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 3
Infizierte Verzeichnisse: 0
Infizierte Dateien: 7

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\WEK9EMDHI9 (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yvibbbha8c (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\canaveral (Trojan.Downloader) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: c:\windows\system32\sdra64.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Spyware.Zbot) -> Data: system32\sdra64.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\Windows\system32\userinit.exe,C:\Windows\system32\sdra64.exe,) Good: (Userinit.exe) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Eva-Maria\AppData\Local\Temp\Dfz.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
C:\Users\Eva-Maria\AppData\Roaming\Desktopicon\eBayShortcuts.exe (Adware.ADON) -> Quarantined and deleted successfully.
C:\Users\Eva-Maria\Downloads\Down.by.the.riverside.piano.sheet.music.pdf.52007.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
C:\Users\Eva-Maria\AppData\Local\Temp\Df1.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\sdra64.exe (Spyware.Zbot) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

Chris4You 14.04.2010 16:43
Hi,

ja bitte noch ein OTL-Log:

OTL
Lade Dir OTL von Oldtimer herunter (http://filepony.de/download-otl/) und speichere es auf Deinem Desktop
* Doppelklick auf die OTL.exe
* Vista/Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
* Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
* Unter Extra Registry, wähle bitte Use SafeList
* Klicke nun auf Run Scan links oben
* Wenn der Scan beendet wurde werden 2 Logfiles erstellt
* Poste die Logfiles hier in den Thread.

chris

laevalalala 14.04.2010 17:27
OTL Extras logfile created on: 14.04.2010 18:19:49 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\Eva-Maria\Documents\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 40,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,99 Gb Total Space | 306,04 Gb Free Space | 67,11% Space Free | Partition Type: NTFS
Drive D: | 126,68 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: EVA-MARIAS-PC
Current User Name: Eva-Maria
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\Eva-Maria\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00AE7C7B-DEE9-4307-AAAE-5C5B79B1D543}" = lport=10243 | protocol=6 | dir=in | app=system |
"{28457959-C5B1-4050-806C-F45BCBD67AAF}" = lport=137 | protocol=17 | dir=in | app=system |
"{319BFAA0-A829-4493-93F4-A8DC28B4527D}" = rport=139 | protocol=6 | dir=out | app=system |
"{3B3CD04E-CFC1-412E-AFD1-4D965130282D}" = rport=445 | protocol=6 | dir=out | app=system |
"{3F1A0BED-8B18-4A45-AE50-40CBD862C194}" = rport=137 | protocol=17 | dir=out | app=system |
"{57D393EC-0B2D-49A3-A893-7C6CC26B2EF7}" = lport=2869 | protocol=6 | dir=in | app=system |
"{59EFFD2D-47F1-403F-8324-1E950DA9446D}" = lport=138 | protocol=17 | dir=in | app=system |
"{5EF1CAA7-80A3-4F4F-B865-34C8003C3876}" = rport=10243 | protocol=6 | dir=out | app=system |
"{662B99A0-E963-4A58-98AD-D0927002C35C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{791FB021-ACCB-4E0F-A6BE-23177766673F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7CFF0581-CBE9-451D-9420-C7B44B83A227}" = rport=138 | protocol=17 | dir=out | app=system |
"{7F8C7921-F192-48A4-9BD6-3675E384B18E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8294CCAD-5D5F-4E72-9F07-B7CF6FDFBE24}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{855BED46-727A-4467-8E19-A636917608EF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{8CFE33EA-4391-454E-A35F-EA43DCB93F9D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{948598FA-A43C-4A23-A242-F0CCE936BEF9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B8A75402-A86A-4FE8-9160-3FD7A46C5E1B}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D4D0BDBE-EC1A-44DE-86A1-CE2BEA8C759A}" = lport=139 | protocol=6 | dir=in | app=system |
"{E64FF6B8-44AD-4436-A9B4-A3110C59EFFE}" = lport=445 | protocol=6 | dir=in | app=system |
"{ED32EEC9-BC99-4489-A67B-743BD2A241E4}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FC05A707-C5E0-4425-B211-55FD1F72EA43}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0925BAD3-0FC1-41AE-B808-2F47FD31DAF1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0AD63CA4-E4FB-4FCB-9EE2-9E7B8D955EB7}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{118B082C-A442-4D30-AC6B-9AF810566476}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{1468F000-3010-43B9-B82C-3EBD3CD011A2}" = protocol=6 | dir=in | app=c:\program files\vogel verlag\fahren lernen\vogel.fahrenlernenmax.exe |
"{1FD1EE18-9B52-4A6A-BBBF-A6822980A7A6}" = protocol=17 | dir=in | app=c:\program files\vogel verlag\fahren lernen\vogel.fahrenlernenmax.exe |
"{267830C1-404E-4858-AE6C-7E80BBE3DC60}" = protocol=6 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"{284AE749-504A-4C3C-9F79-936BEBA0FA46}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{3A4C30CB-AA9A-4E3F-A0E5-80298DFDE5AD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{42F9E1FE-FE3B-4CFC-9885-2730634C57DF}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{43081B67-3649-4F44-A436-C411F1846E5E}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{44313369-55A3-4DAD-880E-2106C1031AB1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{565654F8-F40D-4390-93C6-8058E1ACD914}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{59D7ECC3-1D25-4D86-A5C5-E7571576410B}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{5C455030-3F84-4409-80AE-95CD56A8FEEE}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{5DD2B873-0719-4DF2-8BE8-79CE5621EB19}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5DF823F4-E4C2-4753-B954-03A763E32ACD}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{64AA90F1-DA1D-4A45-9561-5BE57A7502A2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{67B40295-FB21-4F49-8E53-4AFBC2424B1C}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{6A9DA5E1-F641-4499-831E-E6F5529AE943}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6E3A109D-AC1A-485F-800A-32582D09EFA8}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{71B74B44-A66F-4720-AAAF-AF4AC989D8D6}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{73F67316-3D9E-484F-84DC-726D7D9551A6}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{817715C2-9EA4-470A-A160-7C75EA2E7009}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{834DBB9F-6F5D-4316-AC31-E022E1CF4C1A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8584B0DF-8197-4B60-B89A-F4333328230E}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8C15EBE6-348E-4AC0-B360-B8B460C77FB1}" = protocol=6 | dir=out | app=system |
"{8D514C19-9B7F-4B3D-9039-760270250D49}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{96C11CA6-84DB-4D58-B2C8-98F463EBA933}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe |
"{98C9D060-2C3C-4A5A-8675-38FAB4A0E2BF}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{A50EBAC5-4DB5-426A-B8D7-BB1B83D78E6D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AE4AF426-0752-41FE-A533-F7886DE302D8}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{B2D9231D-A883-44D8-9D0A-F48D59102CBE}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{B629F32A-CBAC-414B-B9C7-A4E2666E5BA2}" = protocol=17 | dir=in | app=c:\program files\vogel verlag\fahren lernen\vogel.fahrenlernenmax.exe |
"{B8F8DC52-D951-45EC-B7A0-F00403310642}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{BC825CA3-DCC3-4D47-AE63-282D8037A4FA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BD4058BF-9111-4856-8D5D-6F948F6BCC76}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{BDF4E89D-B753-4BBC-B26E-148F5CFA5CAB}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{BEA626B6-140C-4DC4-AD06-572D004D03BF}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{C2498091-8D47-4620-BD12-1FF979FEA3E8}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{C85167BD-EBC9-4F31-AC3A-D9A3E6E96F71}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{C90CB239-FB9F-4305-A698-388F84D2D7CD}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{CD5448DB-53EA-4994-ACD0-4D0D1A5912C2}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CEC55CBF-E0E4-4DBD-AA4C-5A746BFCF61D}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{D20E9F48-4A8F-4715-A228-4F154F1BD8E8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D34FC609-9D97-40B1-9195-08B57089E5F6}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{DB257940-256D-4C26-B3D9-B209FD460BB2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DDB8395A-3568-4DA3-B60D-12EA9A6CACEF}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{E1C6F362-C3B1-4981-861A-420CCE0B1221}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E4BEE2AC-374B-4A3C-BF95-94D378E8AC9E}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E5690112-A4EB-46E2-A558-456BA097E986}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E7CB38D5-90FC-4311-8A26-E8D14366EE74}" = protocol=6 | dir=in | app=c:\program files\vogel verlag\fahren lernen\vogel.fahrenlernenmax.exe |
"{F603B287-4208-4C67-9724-B9FE79EC93EE}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsvsvr.exe |
"{F6F63A39-A5CF-4F08-8607-C070100425CC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{FECDE689-582B-4799-8EFC-0A62FB2E8763}" = protocol=17 | dir=in | app=c:\program files\samsung\samsung new pc studio\npsasvr.exe |
"TCP Query User{00E39D8E-1A09-4F07-B085-BB6F2171425B}C:\program files\icq6.5\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6.5\icq.exe |
"UDP Query User{AE8263FC-8E2E-460A-A464-8402200519EB}C:\program files\icq6.5\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6.5\icq.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{040A6E85-C23F-4A23-ADBB-821C60C5DF0F}_is1" = Fahren Lernen 1.1
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{056B935A-A03D-D0D8-4CE0-B4B337753156}" = CCC Help Chinese Standard
"{0C362375-1FE0-98C0-2C57-F4D772B8A759}" = Catalyst Control Center Graphics Full New
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1E5E2F9A-17D3-45CA-8FF0-B0C2927D4B03}" = MobileMe Control Panel
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83216014F0}" = Java(TM) 6 Update 14
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 16
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BD2FA21-B51D-4F01-94A7-AC16737B2163}" = Adobe Flash Player 10 ActiveX
"{2C973B8B-1BB3-358B-250C-336C81A1926E}" = CCC Help Polish
"{2F2B002A-8BF5-DF1E-6D36-7900B6F868DE}" = ATI Catalyst Install Manager
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{360872CE-7A87-A4EE-AF69-EF73E5695D40}" = ccc-utility
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3CCB314A-B67C-82D0-1CC6-6BC4AE6D053E}" = Catalyst Control Center InstallProxy
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{45416928-B205-9812-2065-5794D5AC7338}" = CCC Help French
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{53E12B77-A8AC-1A15-7690-FAA711AA0B50}" = CCC Help Portuguese
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{5A64A288-025C-F952-E4E3-12FA6596922F}" = CCC Help Chinese Traditional
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{5D3A59B1-2BBF-66AF-3B5F-FC5BAA42F817}" = CCC Help Italian
"{5F19F78E-274D-8E5C-C49E-2ED722ACF70A}" = CCC Help German
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6078A803-C98F-1F95-CEF7-0132621E6072}" = CCC Help Japanese
"{6234F3C6-F8EF-39FB-AE15-0B88E88B79F0}" = CCC Help Greek
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A0D64D0-CDF4-9C65-A053-6EC86AEB43CC}" = ccc-core-static
"{6A905715-6991-3517-5F04-4392FC18DB76}" = Catalyst Control Center Graphics Previews Vista
"{6EAA466F-6F35-F3B7-60B9-3D6DCA97EE02}" = Catalyst Control Center Localization All
"{71C2828F-2678-4675-BDEC-895424861262}_is1" = C:\Program Files\Acer GameZone\GameConsole
"{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Backup Manager Basic
"{742A17A1-8AA4-4DCE-C881-557AC4EB793D}" = CCC Help Spanish
"{75212523-6E47-BF0F-20FF-B65E940A5DDD}" = CCC Help English
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110184263}" = Puzzle Express
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11037623}" = Tradewinds 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111205743}" = Tri-Peaks Solitaire To Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111232687}" = Ocean Express
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11170417}" = Luxor 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11219217}" = Cradle of Rome
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112270203}" = Dream Day Wedding
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113056167}" = Dream Day Honeymoon
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113297350}" = Cake Mania 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113494430}" = Wedding Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11505173}" = Airport Mania First Flight
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115443300}" = Cooking Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11551977}" = Parking Dash
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90AD0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint 2003 Template Pack 3
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{940F9DF4-A790-EAE9-A4B1-B9F96D3C8CC9}" = CCC Help Finnish
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97BA7028-6FE4-58B5-F254-48C12AA3FBBD}" = CCC Help Swedish
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{987381F2-AA18-EF9C-9DDA-4D403FD7F3E2}" = CCC Help Turkish
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{99C85B2D-DFA4-5704-9A4C-396DDB5C6F1F}" = CCC Help Thai
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9AF0B106-56F1-461B-A270-95BC1682E282}" = Broadcom Gigabit NetLink Controller
"{9E6B5AEA-C8EC-916B-FDFA-91F1274CD695}" = Skins
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
"{A75C2F92-28EC-FE11-3818-81578F3E9596}" = CCC Help Norwegian
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA9732EB-64DD-DBA5-DFC1-705E64D3FB18}" = CCC Help Russian
"{AAE19E03-87A5-6937-F7D7-6806C5FD1D89}" = Catalyst Control Center Graphics Light
"{AC599724-5755-48C1-ABE7-ABB857652930}" = PC Connectivity Solution
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B15E1629-4B8C-FC02-1118-35034C235F0D}" = CCC Help Korean
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{BE0EC61A-02BF-E3E1-D7A8-3DDB7B58FBDF}" = PX Profile Update
"{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun
"{C10DD83A-CB15-DD3A-FE29-89433A68F55D}" = CCC Help Dutch
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0F3E75D-6BE1-E974-2A8E-A449D3374FDB}" = Catalyst Control Center Graphics Full Existing
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DA20E1A8-07CB-4EE7-9B72-A7E28C953F0E}" = Acer Product Registration
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E24DBA75-5452-C0A1-4FF3-CB38F8245919}" = CCC Help Czech
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E430067C-7254-40B6-A8F8-5EEF57A68F1A}" = Catalyst Control Center - Branding
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E86CA8CF-F42D-9569-B2ED-5E6A0F591EA5}" = CCC Help Hungarian
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F557AF38-AB37-84A8-0148-C53B5F870373}" = CCC Help Danish
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FF7027C7-B001-A144-C83B-03618745E975}" = Catalyst Control Center Core Implementation
"3A5DEFA413DDE699DBA6EBE0A63534ACA524D30F" = Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0)
"Acer Screensaver" = Acer ScreenSaver
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Audacity_is1" = Audacity 1.2.6
"Free Studio_is1" = Free Studio version 4.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"Google Desktop" = Google Desktop
"GridVista" = Acer GridVista
"Gutscheinmieze - Toolbar" = Gutscheinmieze - Toolbar
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}" = Acer Backup Manager
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{BF91B300-EEBC-4223-96F3-0FCBF7241B50}" = AmIcoSingLun
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.2pre)" = Mozilla Firefox (3.6.2pre)
"MSC" = McAfee SecurityCenter
"NSS" = Norton Security Scan
"PhotoFiltre" = PhotoFiltre
"PhotoScape" = PhotoScape
"SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software
"SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set
"Samsung Mobile Modem Device" = Samsung Mobile Modem Device Software
"Samsung Mobile phone USB driver" = Samsung Mobile phone USB driver Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software
"SAMSUNG USB Mobile Device" = SAMSUNG USB Mobile Device Software
"Security Task Manager" = Security Task Manager 1.7h
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinLiveSuite_Wave3" = Windows Live Essentials

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 04.04.2010 15:40:16 | Computer Name = Eva-Marias-PC | Source = WinMgmt | ID = 10
Description =

Error - 04.04.2010 15:43:12 | Computer Name = Eva-Marias-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung AppleSyncNotifier.exe, Version 1.5.0.0, Zeitstempel
0x4a5d2cf8, fehlerhaftes Modul CoreFoundation.dll, Version 6.0.6001.18000, Zeitstempel
0x4791a7a6, Ausnahmecode 0xc0000135, Fehleroffset 0x00009cac, Prozess-ID 0xedc,
Anwendungsstartzeit 01cad42ed61995b1.

Error - 04.04.2010 18:01:11 | Computer Name = Eva-Marias-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Df1.exe, Version 0.0.0.0, Zeitstempel 0x4b9e0314,
fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
0xc0000005, Fehleroffset 0x0909090d, Prozess-ID 0x1d44, Anwendungsstartzeit 01cad4400cf149a1.

Error - 04.04.2010 18:26:05 | Computer Name = Eva-Marias-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Df1.exe, Version 0.0.0.0, Zeitstempel 0x4b9e0314,
fehlerhaftes Modul Multimedia.api, Version 9.0.0.332, Zeitstempel 0x4850e5c7, Ausnahmecode
0xc0000005, Fehleroffset 0x00042d1c, Prozess-ID 0x1a88, Anwendungsstartzeit 01cad44420818a31.

Error - 04.04.2010 18:29:57 | Computer Name = Eva-Marias-PC | Source = Bonjour Service | ID = 100
Description = 392: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)

Error - 04.04.2010 18:29:57 | Computer Name = Eva-Marias-PC | Source = Bonjour Service | ID = 100
Description = 400: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)

Error - 04.04.2010 18:29:57 | Computer Name = Eva-Marias-PC | Source = Bonjour Service | ID = 100
Description = 404: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)

Error - 04.04.2010 18:29:57 | Computer Name = Eva-Marias-PC | Source = Bonjour Service | ID = 100
Description = 408: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)

Error - 04.04.2010 18:29:57 | Computer Name = Eva-Marias-PC | Source = Bonjour Service | ID = 100
Description = 412: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)

Error - 05.04.2010 05:33:04 | Computer Name = Eva-Marias-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 13.04.2010 15:40:37 | Computer Name = Eva-Marias-PC | Source = HTTP | ID = 15016
Description =

Error - 13.04.2010 15:40:48 | Computer Name = Eva-Marias-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 13.04.2010 15:43:25 | Computer Name = Eva-Marias-PC | Source = BROWSER | ID = 8032
Description =

Error - 14.04.2010 06:51:06 | Computer Name = Eva-Marias-PC | Source = HTTP | ID = 15016
Description =

Error - 14.04.2010 06:51:15 | Computer Name = Eva-Marias-PC | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.35 für die Netzwerkkarte mit der Netzwerkadresse
0017C49EBD42 wurde durch den DHCP-Server 192.168.1.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).

Error - 14.04.2010 06:51:17 | Computer Name = Eva-Marias-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 14.04.2010 07:12:36 | Computer Name = Eva-Marias-PC | Source = BROWSER | ID = 8032
Description =

Error - 14.04.2010 08:08:11 | Computer Name = Eva-Marias-PC | Source = iaStor | ID = 262153
Description = Das Gerät \Device\Ide\iaStor0 hat innerhalb der Fehlerwartezeit nicht
geantwortet.

Error - 14.04.2010 10:29:05 | Computer Name = Eva-Marias-PC | Source = bowser | ID = 8003
Description =

Error - 14.04.2010 11:23:12 | Computer Name = Eva-Marias-PC | Source = BROWSER | ID = 8032
Description =


< End of report >

laevalalala 14.04.2010 17:28
OTL logfile created on: 14.04.2010 18:19:49 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\Eva-Maria\Documents\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 40,00% Memory free
6,00 Gb Paging File | 4,00 Gb Available in Paging File | 68,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,99 Gb Total Space | 306,04 Gb Free Space | 67,11% Space Free | Partition Type: NTFS
Drive D: | 126,68 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: EVA-MARIAS-PC
Current User Name: Eva-Maria
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Eva-Maria\Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\EVA-MA~1\AppData\Local\Temp\vwYj.exe ()
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
PRC - C:\Users\Eva-Maria\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Programme\iTunes\iTunes.exe (Apple Inc.)
PRC - C:\Users\EVA-MA~1\AppData\Local\Temp\Df1.exe ()
PRC - C:\Windows\Dwymua.exe ()
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Users\EVA-MA~1\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerEvent.exe (Acer Incorporated)
PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.)
PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
PRC - C:\Programme\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
PRC - C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
PRC - C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.)
PRC - C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Programme\McAfee\MSK\msksrver.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - c:\Programme\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - c:\Programme\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Eva-Maria\Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - c:\Programme\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
MOD - C:\Programme\Acer\Acer PowerSmart Manager\SysHook.dll (Acer Incorporated)
MOD - C:\Windows\winsxs\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18175_none_9e7bbe54c9c04bca\GdiPlus.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (GoogleDesktopManager-093009-130223) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
SRV - (MWLService) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (NTI IScheduleSvc) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (mcmscsvc) -- C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Programme\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (NTISchedulerSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
SRV - (NTIBackupSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV - (MSK80Service) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\Programme\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (McProxy) -- c:\Programme\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Incorporated.)
DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Incorporated.)
DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Incorporated.)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (MPFP) -- C:\Windows\System32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (NSCIRDA) -- C:\Windows\System32\drivers\nscirda.sys (National Semiconductor Corporation)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_7735
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_7735
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.4.4.118
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB}:1.0.3
FF - prefs.js..extensions.enabledItems: {64e8cc5b-20db-4212-8320-178fc5ae71f7}:1.0
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.2
FF - prefs.js..extensions.enabledItems: silvermelxt@pardal.de:1.3.3
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.6
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: gutscheinmieze@synatix-gmbh.de:1.03
FF - prefs.js..extensions.enabledItems: {961408A3-C970-4577-970A-D97C29839A67}:1.3.3
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="

FF - user.js..browser.search.selectedEngine: "foxsearch"
FF - user.js..browser.search.order.1: "foxsearch"
FF - user.js..browser.search.defaultenginename: "foxsearch"
FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010.04.09 14:21:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.01.24 22:22:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.03.31 12:47:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.03.31 12:47:07 | 000,000,000 | ---D | M]

[2009.09.16 16:48:47 | 000,000,000 | ---D | M] -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Extensions
[2010.04.05 17:13:07 | 000,000,000 | ---D | M] -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions
[2009.09.16 17:01:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.01.25 16:20:13 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010.02.17 16:03:04 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.01.13 00:20:21 | 000,000,000 | ---D | M] (FaceMod Dislike Button) -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\{64e8cc5b-20db-4212-8320-178fc5ae71f7}
[2010.03.21 17:11:43 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.03.06 10:57:34 | 000,000,000 | ---D | M] (Charamel) -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\{961408A3-C970-4577-970A-D97C29839A67}
[2010.01.08 14:58:22 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.03.06 10:57:33 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2010.03.23 18:12:41 | 000,000,000 | ---D | M] -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\gutscheinmieze@synatix-gmbh.de
[2009.09.30 12:16:35 | 000,000,000 | ---D | M] -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\moveplayer@movenetworks.com
[2010.03.21 17:11:43 | 000,000,000 | ---D | M] -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\personas@christopher.beard
[2010.03.21 17:11:44 | 000,000,000 | ---D | M] -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\piclens@cooliris.com
[2010.03.06 10:57:34 | 000,000,000 | ---D | M] -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\silvermelxt@pardal.de
[2010.02.12 03:16:38 | 000,000,000 | ---D | M] -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\toolbar@ask.com
[2010.02.04 17:45:40 | 000,002,254 | ---- | M] () -- C:\Users\Eva-Maria\AppData\Roaming\Mozilla\FireFox\Profiles\jy1c4yrj.default\searchplugins\askcom.xml
[2010.03.28 17:45:22 | 000,000,950 | ---- | M] () -- C:\Users\Eva-Maria\AppData\Roaming\Mozilla\FireFox\Profiles\jy1c4yrj.default\searchplugins\icqplugin-1.xml
[2010.01.19 21:17:07 | 000,000,961 | ---- | M] () -- C:\Users\Eva-Maria\AppData\Roaming\Mozilla\FireFox\Profiles\jy1c4yrj.default\searchplugins\icqplugin-2.xml
[2010.03.14 12:53:30 | 000,000,950 | ---- | M] () -- C:\Users\Eva-Maria\AppData\Roaming\Mozilla\FireFox\Profiles\jy1c4yrj.default\searchplugins\icqplugin-3.xml
[2010.03.23 18:16:42 | 000,000,950 | ---- | M] () -- C:\Users\Eva-Maria\AppData\Roaming\Mozilla\FireFox\Profiles\jy1c4yrj.default\searchplugins\icqplugin-4.xml
[2008.03.31 13:52:00 | 000,000,168 | ---- | M] () -- C:\Users\Eva-Maria\AppData\Roaming\Mozilla\FireFox\Profiles\jy1c4yrj.default\searchplugins\icqplugin.gif
[2008.03.31 13:52:00 | 000,000,618 | ---- | M] () -- C:\Users\Eva-Maria\AppData\Roaming\Mozilla\FireFox\Profiles\jy1c4yrj.default\searchplugins\icqplugin.src
[2008.07.10 14:07:28 | 000,000,944 | ---- | M] () -- C:\Users\Eva-Maria\AppData\Roaming\Mozilla\FireFox\Profiles\jy1c4yrj.default\searchplugins\icqplugin.xml
[2009.12.03 21:51:36 | 000,003,915 | ---- | M] () -- C:\Users\Eva-Maria\AppData\Roaming\Mozilla\FireFox\Profiles\jy1c4yrj.default\searchplugins\sweetim.xml
[2010.03.28 17:45:22 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.01.19 21:07:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.03.23 18:14:51 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.04.11 00:34:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}
[2010.03.19 10:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Programme\Mozilla Firefox\plugins\npmieze.dll
[2010.03.14 12:53:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.14 12:53:00 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.23 18:12:42 | 000,000,143 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\foxsearch.src
[2010.03.14 12:53:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.14 12:53:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.14 12:53:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Eva-Maria\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Eva-Maria\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AmIcoSinglun] C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKCU..\Run: [YVIBBBHA8C] C:\Users\EVA-MA~1\AppData\Local\Temp\Df1.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -Mozilla\5.0_(Windows;_U;_Windows_NT_6.0;_en-US)_AppleWebKit\532.5_(KHTML,_like_Gecko)_Chrome\4.1.249.1045_Safari\532.5 - File not found
O4 - Startup: C:\Users\Eva-Maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Eva-Maria\Pictures\2010\MeranBozen\DSC08437.JPG
O24 - Desktop BackupWallPaper: C:\Users\Eva-Maria\Pictures\2010\MeranBozen\DSC08437.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.04.14 14:12:24 | 000,000,000 | ---D | C] -- C:\Users\Eva-Maria\AppData\Roaming\Malwarebytes
[2010.04.14 14:12:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.14 14:12:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.04.14 14:12:10 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.14 14:12:10 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.04.11 00:40:10 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010.04.11 00:28:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2010.04.11 00:28:31 | 000,000,000 | ---D | C] -- C:\Programme\Security Task Manager
[2010.04.02 19:57:27 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010.03.31 12:51:38 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.03.31 12:51:32 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2010.03.31 12:51:32 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.03.31 12:46:14 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2010.03.31 12:39:12 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2010.03.31 12:39:09 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.03.31 12:35:13 | 000,000,000 | ---D | C] -- C:\Programme\Safari
[2010.03.31 12:12:53 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.03.31 12:12:51 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.03.31 12:12:50 | 000,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.03.31 12:12:50 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010.03.31 12:12:50 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.03.31 12:12:49 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.03.31 12:12:49 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.03.31 12:12:48 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.03.31 12:12:48 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.03.31 12:12:47 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.03.31 12:12:45 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.03.26 20:25:52 | 000,000,000 | ---D | C] -- C:\Users\Eva-Maria\Documents\Downloads
[2010.03.23 18:30:44 | 000,000,000 | ---D | C] -- C:\Users\Eva-Maria\AppData\Roaming\skypePM
[2010.03.23 18:15:55 | 000,000,000 | ---D | C] -- C:\Users\Eva-Maria\AppData\Roaming\Skype
[2010.03.23 18:13:56 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2010.03.23 18:13:52 | 000,000,000 | R--D | C] -- C:\Programme\Skype
[2010.03.23 18:13:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010.03.23 18:12:29 | 000,000,000 | ---D | C] -- C:\Users\Eva-Maria\AppData\Roaming\Gutscheinmieze
[2010.03.21 17:12:01 | 000,000,000 | ---D | C] -- C:\Users\Eva-Maria\AppData\Local\Cooliris
[2010.03.17 21:53:42 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2010.03.17 21:53:42 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[2009.07.21 10:28:54 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

[2010.04.14 18:21:01 | 000,024,131 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2010.04.14 18:19:50 | 004,194,304 | -HS- | M] () -- C:\Users\Eva-Maria\NTUSER.DAT
[2010.04.14 18:19:00 | 000,000,482 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan for Eva-Maria.job
[2010.04.14 18:13:02 | 000,000,300 | -H-- | M] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010.04.14 17:37:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.04.14 17:32:52 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\ixuj.sys
[2010.04.14 17:24:01 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1313689582-3900863286-3496430324-1000UA.job
[2010.04.14 16:51:23 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.04.14 16:51:23 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.04.14 15:37:03 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.04.14 15:24:35 | 000,000,128 | -H-- | M] () -- C:\Users\Eva-Maria\Documents\.~lock.semesterarbeit kunst.odt#
[2010.04.14 14:12:16 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.14 12:55:09 | 000,006,836 | ---- | M] () -- C:\Users\Eva-Maria\AppData\Local\d3d9caps.dat
[2010.04.14 12:55:09 | 000,000,552 | ---- | M] () -- C:\Users\Eva-Maria\AppData\Local\d3d8caps.dat
[2010.04.14 12:51:42 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.04.14 12:51:06 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.04.14 12:51:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.04.13 23:08:25 | 000,524,288 | -HS- | M] () -- C:\Users\Eva-Maria\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.04.13 23:08:25 | 000,065,536 | -HS- | M] () -- C:\Users\Eva-Maria\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.04.13 22:31:26 | 000,023,086 | ---- | M] () -- C:\Users\Eva-Maria\Documents\der heilige-exemplarische mensch reli.odt
[2010.04.13 16:55:24 | 003,429,528 | -H-- | M] () -- C:\Users\Eva-Maria\AppData\Local\IconCache.db
[2010.04.13 16:50:29 | 000,019,413 | ---- | M] () -- C:\Users\Eva-Maria\Documents\portfolio bus.odt
[2010.04.13 15:02:07 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.04.13 15:02:07 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.04.13 15:02:07 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.04.13 15:02:06 | 001,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.04.13 15:02:06 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.04.12 18:24:00 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1313689582-3900863286-3496430324-1000Core.job
[2010.04.11 21:46:08 | 000,028,066 | ---- | M] () -- C:\Users\Eva-Maria\Documents\Frauen%20in%20der%20nachkriegszeit%20p-seminar%20ausdrucken.odt_0.odt
[2010.04.11 21:30:08 | 000,024,145 | ---- | M] () -- C:\Users\Eva-Maria\Documents\semesterarbeit kunst.odt
[2010.04.11 17:32:35 | 000,000,128 | -H-- | M] () -- C:\Users\Eva-Maria\Documents\.~lock.Frauen in der nachkriegszeit p-seminar ausdrucken.odt#
[2010.04.11 00:51:01 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010.04.11 00:40:03 | 000,001,019 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.04.05 18:45:19 | 000,014,468 | ---- | M] () -- C:\Users\Eva-Maria\Documents\fb smiliesy.odt
[2010.04.05 17:43:51 | 000,012,800 | ---- | M] () -- C:\Users\Eva-Maria\Documents\Lebenslauf.doc
[2010.04.04 11:47:42 | 000,118,272 | ---- | M] () -- C:\Users\Eva-Maria\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.02 14:24:58 | 000,002,109 | ---- | M] () -- C:\Users\Eva-Maria\Desktop\Google Chrome.lnk
[2010.04.01 20:42:52 | 000,485,888 | ---- | M] () -- C:\Users\Eva-Maria\Documents\Bewerbungsformular.Lena.doc
[2010.04.01 14:33:24 | 000,007,856 | ---- | M] () -- C:\Users\Eva-Maria\.recently-used.xbel
[2010.03.31 12:52:44 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.03.31 12:46:48 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.03.31 12:35:21 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010.03.31 08:16:15 | 000,025,844 | ---- | M] () -- C:\Users\Eva-Maria\Documents\Frauen in der nachkriegszeit p-seminar ausdrucken.odt
[2010.03.29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.03.29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.03.24 21:13:27 | 000,165,376 | ---- | M] () -- C:\Windows\Dwymua.exe
[2010.03.24 00:09:37 | 000,012,865 | ---- | M] () -- C:\Users\Eva-Maria\Documents\portfolio pseminar.odt
[2010.03.23 18:30:47 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010.03.23 18:13:57 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.03.22 22:39:20 | 000,057,002 | ---- | M] () -- C:\Users\Eva-Maria\Documents\sport gerätturnen.odt
[2010.03.22 21:45:05 | 000,058,414 | ---- | M] () -- C:\Users\Eva-Maria\Documents\sport gerätturnen handout.odt
[2010.03.21 16:42:59 | 000,037,005 | ---- | M] () -- C:\Users\Eva-Maria\Documents\sozi.odt
[2010.03.17 21:53:42 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2010.03.17 21:53:42 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts

========== Files Created - No Company Name ==========

[2010.04.14 17:33:07 | 000,000,300 | -H-- | C] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010.04.14 17:32:52 | 000,054,016 | ---- | C] () -- C:\Windows\System32\drivers\ixuj.sys
[2010.04.14 15:24:35 | 000,000,128 | -H-- | C] () -- C:\Users\Eva-Maria\Documents\.~lock.semesterarbeit kunst.odt#
[2010.04.14 14:12:16 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.14 12:55:09 | 000,000,552 | ---- | C] () -- C:\Users\Eva-Maria\AppData\Local\d3d8caps.dat
[2010.04.13 22:31:24 | 000,023,086 | ---- | C] () -- C:\Users\Eva-Maria\Documents\der heilige-exemplarische mensch reli.odt
[2010.04.13 21:41:13 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.04.12 16:45:11 | 000,028,066 | ---- | C] () -- C:\Users\Eva-Maria\Documents\Frauen%20in%20der%20nachkriegszeit%20p-seminar%20ausdrucken.odt_0.odt
[2010.04.11 17:32:35 | 000,000,128 | -H-- | C] () -- C:\Users\Eva-Maria\Documents\.~lock.Frauen in der nachkriegszeit p-seminar ausdrucken.odt#
[2010.04.11 00:40:03 | 000,001,019 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.04.10 21:01:41 | 000,024,145 | ---- | C] () -- C:\Users\Eva-Maria\Documents\semesterarbeit kunst.odt
[2010.04.05 18:45:19 | 000,014,468 | ---- | C] () -- C:\Users\Eva-Maria\Documents\fb smiliesy.odt
[2010.04.01 20:42:47 | 000,485,888 | ---- | C] () -- C:\Users\Eva-Maria\Documents\Bewerbungsformular.Lena.doc
[2010.04.01 14:33:24 | 000,007,856 | ---- | C] () -- C:\Users\Eva-Maria\.recently-used.xbel
[2010.03.31 12:52:44 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.03.31 12:46:48 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.03.31 12:35:21 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2010.03.26 19:20:36 | 000,002,109 | ---- | C] () -- C:\Users\Eva-Maria\Desktop\Google Chrome.lnk
[2010.03.26 19:19:00 | 000,001,134 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1313689582-3900863286-3496430324-1000UA.job
[2010.03.26 19:19:00 | 000,001,082 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1313689582-3900863286-3496430324-1000Core.job
[2010.03.25 17:09:10 | 000,025,844 | ---- | C] () -- C:\Users\Eva-Maria\Documents\Frauen in der nachkriegszeit p-seminar ausdrucken.odt
[2010.03.24 21:13:32 | 000,165,376 | ---- | C] () -- C:\Windows\Dwymua.exe
[2010.03.23 18:30:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.03.23 18:13:57 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.03.23 00:10:37 | 000,019,413 | ---- | C] () -- C:\Users\Eva-Maria\Documents\portfolio bus.odt
[2010.01.07 12:13:38 | 000,151,008 | ---- | C] () -- C:\Users\Eva-Maria\Orial Bold.ttf
[2010.01.05 22:54:27 | 000,000,088 | ---- | C] () -- C:\Users\Eva-Maria\VISIT DIRT2.COM FOR USAGE.txt
[2010.01.05 22:54:20 | 000,008,128 | ---- | C] () -- C:\Users\Eva-Maria\little bliss bold.otf
[2010.01.05 22:52:41 | 000,008,280 | ---- | C] () -- C:\Users\Eva-Maria\little bliss.otf
[2010.01.05 22:25:26 | 000,011,496 | ---- | C] () -- C:\Users\Eva-Maria\little bliss bold.ttf
[2010.01.05 11:53:00 | 000,050,566 | ---- | C] () -- C:\Users\Eva-Maria\littlebliss.jpg
[2010.01.05 11:33:10 | 000,011,528 | ---- | C] () -- C:\Users\Eva-Maria\little bliss.ttf
[2009.12.24 23:46:26 | 000,001,089 | ---- | C] () -- C:\Users\Eva-Maria\ScriptSERIF - READ ME.txt
[2009.12.23 15:46:43 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2009.12.23 15:46:43 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009.12.23 15:36:08 | 000,113,152 | ---- | C] () -- C:\Users\Eva-Maria\1031.MST
[2009.12.23 15:36:08 | 000,015,832 | ---- | C] () -- C:\Users\Eva-Maria\0x0407.ini
[2009.12.23 15:35:58 | 097,979,392 | ---- | C] () -- C:\Users\Eva-Maria\Samsung New PC Studio.msi
[2009.12.22 20:40:18 | 000,298,828 | ---- | C] () -- C:\Users\Eva-Maria\script_serif.ttf
[2009.12.22 20:30:56 | 000,280,209 | ---- | C] () -- C:\Users\Eva-Maria\scriptSERIF_sample.jpg
[2009.12.22 20:04:42 | 000,242,864 | ---- | C] () -- C:\Users\Eva-Maria\script_serif_riptrash.ttf
[2009.11.15 12:45:44 | 000,537,011 | ---- | C] () -- C:\Users\Eva-Maria\ billy argel beyaond sky font.jpg
[2009.11.15 12:37:34 | 000,516,096 | ---- | C] () -- C:\Users\Eva-Maria\BEYONDSKTRIAL.ttf
[2009.11.15 11:19:36 | 000,000,134 | ---- | C] () -- C:\Users\Eva-Maria\READ ME.txt
[2009.09.20 11:21:32 | 000,014,336 | -H-- | C] () -- C:\Users\Eva-Maria\photothumb.db
[2009.09.17 13:25:41 | 000,087,349 | ---- | C] () -- C:\Users\Eva-Maria\0405_09780_happy_birthday.jpg
[2009.09.13 01:03:19 | 000,242,200 | ---- | C] () -- C:\Users\Eva-Maria\acer-code.jpg
[2009.09.03 15:46:08 | 000,002,712 | ---- | C] () -- C:\Users\Eva-Maria\JOEBOB graphics free trial font users license.txt
[2009.08.26 08:27:16 | 000,006,836 | ---- | C] () -- C:\Users\Eva-Maria\AppData\Local\d3d9caps.dat
[2009.08.25 23:47:23 | 000,001,072 | ---- | C] () -- C:\Users\Eva-Maria\AppData\Roaming\wklnhst.dat
[2009.08.22 01:11:33 | 000,118,272 | ---- | C] () -- C:\Users\Eva-Maria\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.12 17:41:40 | 004,194,304 | -HS- | C] () -- C:\Users\Eva-Maria\NTUSER.DAT
[2009.08.12 17:41:40 | 000,524,288 | -HS- | C] () -- C:\Users\Eva-Maria\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2009.08.12 17:41:40 | 000,524,288 | -HS- | C] () -- C:\Users\Eva-Maria\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009.08.12 17:41:40 | 000,262,144 | -H-- | C] () -- C:\Users\Eva-Maria\ntuser.dat.LOG1
[2009.08.12 17:41:40 | 000,065,536 | -HS- | C] () -- C:\Users\Eva-Maria\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009.08.12 17:41:40 | 000,000,020 | -HS- | C] () -- C:\Users\Eva-Maria\ntuser.ini
[2009.08.12 17:41:40 | 000,000,000 | -H-- | C] () -- C:\Users\Eva-Maria\ntuser.dat.LOG2
[2009.07.21 10:16:20 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009.07.21 10:16:20 | 000,011,264 | ---- | C] () -- C:\Windows\System32\atimuixx.dll
[2009.07.21 01:52:22 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2009.07.21 01:44:57 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2009.07.21 01:44:56 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2009.04.26 15:05:36 | 000,521,608 | ---- | C] () -- C:\Users\Eva-Maria\vtks Deja Vu.ttf
[2009.03.12 12:32:52 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009.03.12 05:26:46 | 000,004,516 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe2.log
[2009.02.11 22:03:58 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009.02.11 22:03:58 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009.02.11 22:03:57 | 000,000,060 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2008.10.26 15:03:52 | 000,147,604 | ---- | C] () -- C:\Users\Eva-Maria\FPENSTRIAL.ttf
[2008.10.26 15:03:52 | 000,104,352 | ---- | C] () -- C:\Users\Eva-Maria\FPENSTRIAL.otf
[2007.10.25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.12.10 07:56:24 | 000,047,272 | ---- | C] () -- C:\Users\Eva-Maria\FairyDustB.ttf
[2005.10.23 22:46:42 | 000,057,560 | ---- | C] () -- C:\Users\Eva-Maria\Anywhere.ttf
[2005.08.04 09:28:04 | 000,000,286 | ---- | C] () -- C:\Users\Eva-Maria\readme.txt
[2005.08.04 09:23:30 | 000,193,572 | ---- | C] () -- C:\Users\Eva-Maria\kiralynn__.ttf
[2005.05.11 03:39:36 | 000,085,808 | ---- | C] () -- C:\Users\Eva-Maria\MINUS___.TTF
[2005.03.04 19:40:38 | 000,039,648 | ---- | C] () -- C:\Users\Eva-Maria\konanur.ttf
[2004.10.27 20:24:44 | 000,034,788 | ---- | C] () -- C:\Users\Eva-Maria\Flat Earth Scribe.ttf
[2000.07.13 11:12:46 | 000,000,430 | ---- | C] () -- C:\Users\Eva-Maria\font info.txt
[1998.10.01 23:13:48 | 000,084,704 | ---- | C] () -- C:\Users\Eva-Maria\Kelt Caps Freehand.ttf

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:3B3A35EC
< End of report >

Chris4You 14.04.2010 19:05
Hi,

da ist noch einiges übrig...

Schau-ma(h)-mal:

Bitte folgende Files prüfen:

Dateien Online überprüfen lassen:
  • Suche die Seite Virtustotal auf, klicke auf den Button „Durchsuchen“ und suche folgende Datei/Dateien:
Code:
C:\Users\EVA-MA~1\AppData\Local\Temp\Df1.exe
C:\Windows\System32\drivers\ixuj.sys
C:\Users\EVA-MA~1\AppData\Local\Temp\vwYj.exe
C:\Windows\Dwymua.exe
  • Lade nun nacheinander jede/alle Datei/Dateien hoch, und warte bis der Scan vorbei ist. (kann bis zu 2 Minuten dauern.)
  • Poste im Anschluss das Ergebnis der Auswertung, alles abkopieren und in einen Beitrag
    einfügen.
  • Wichtig: Auch die Größenangabe sowie den
    HASH mit kopieren!

Hoffen wir mal, dass sich nicht neues dadurch eingeschlichen hat...
  • Doppelklick auf die OTL.exe, um das Programm auszuführen.
  • Vista/Win7-User bitte per Rechtsklick und "Ausführen als Administrator" starten.
  • Kopiere den Inhalt der folgenden Codebox komplett in die OTL-Box unter "Custom Scan/Fixes"
Code:
:OTL

PRC - C:\Users\EVA-MA~1\AppData\Local\Temp\vwYj.exe ()
PRC - C:\Users\EVA-MA~1\AppData\Local\Temp\Df1.exe ()
PRC - C:\Windows\Dwymua.exe ()
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.4.4.118
[2010.02.12 03:16:38 | 000,000,000 | ---D | M] -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\toolbar@ask.com
[2010.02.04 17:45:40 | 000,002,254 | ---- | M] () -- C:\Users\Eva-Maria\AppData\Roaming\Mozilla\FireFox\Profiles\jy1c4yrj.default\searchplugins\askcom.xml
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKCU..\Run: [YVIBBBHA8C] C:\Users\EVA-MA~1\AppData\Local\Temp\Df1.exe ()
[2010.04.14 17:32:52 | 000,054,016 | ---- | M] () -- C:\Windows\System32\drivers\ixuj.sys
[2010.04.14 18:13:02 | 000,000,300 | -H-- | M] () -- C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job
[2010.03.24 21:13:27 | 000,165,376 | ---- | M] () -- C:\Windows\Dwymua.exe
:Commands
[emptytemp]
[Reboot]
  • Den roten Run Fixes! Button anklicken.
  • Bitte alles aus dem Ergebnisfenster (Results) herauskopieren.
  • Eine Kopie eines OTL-Fix-Logs wird in einer Textdatei in folgendem Ordner gespeichert:
  • %systemroot%\_OTL

Danach MAM updaten und ein neuer kompletter Suchlauf, Log posten...

Und noch mal OTL, nur das "normale" Log, nicht die Extras...

chris

laevalalala 14.04.2010 19:43
Ein Feld "durchsuchen" habe ich nicht gefunden, aber ich habe die Dateien einfach mal geöffnet...


Datei Df1.exe empfangen 2010.04.14 18:41:04 (UTC)
Status: Beendet
Ergebnis: 22/40 (55%)
Filter
Drucken der Ergebnisse
Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.50 2010.04.14 -
AhnLab-V3 5.0.0.2 2010.04.14 Win-Trojan/Mdjob.159232.H
AntiVir 7.10.6.77 2010.04.14 TR/Dldr.Renos.KF.794
Antiy-AVL 2.0.3.7 2010.04.14 -
Authentium 5.2.0.5 2010.04.14 W32/FakeAlert.FT.gen!Eldorado
Avast 4.8.1351.0 2010.04.14 Win32:Trojan-gen
Avast5 5.0.332.0 2010.04.14 Win32:Trojan-gen
AVG 9.0.0.787 2010.04.14 Downloader.Agent2.UFG
BitDefender 7.2 2010.04.14 -
CAT-QuickHeal 10.00 2010.04.14 Win32.Packed.Krap.as.4
ClamAV 0.96.0.3-git 2010.04.14 -
Comodo 4597 2010.04.14 Win32.PkdKrap.AS
DrWeb 5.0.2.03300 2010.04.14 -
eSafe 7.0.17.0 2010.04.14 -
eTrust-Vet 35.2.7426 2010.04.14 Win32/FakeAlert.D!generic
F-Prot 4.5.1.85 2010.04.14 W32/FakeAlert.FT.gen!Eldorado
F-Secure 9.0.15370.0 2010.04.14 Trojan-Downloader:W32/Renos.gen!C
Fortinet 4.0.14.0 2010.04.12 -
GData 19 2010.04.14 Win32:Trojan-gen
Ikarus T3.1.1.80.0 2010.04.14 -
Jiangmin 13.0.900 2010.04.13 -
Kaspersky 7.0.0.125 2010.04.14 -
McAfee 5.400.0.1158 2010.04.14 Downloader-CEW
McAfee-GW-Edition 6.8.5 2010.04.14 Trojan.Dldr.Renos.KF.794
Microsoft 1.5605 2010.04.14 TrojanDownloader:Win32/Renos.KF
NOD32 5029 2010.04.14 a variant of Win32/Kryptik.DFA
Norman 6.04.11 2010.04.14 -
nProtect 2010-04-14.01 2010.04.14 -
Panda 10.0.2.7 2010.04.14 Generic Trojan
PCTools 7.0.3.5 2010.04.14 -
Prevx 3.0 2010.04.14 Medium Risk Malware
Rising 22.43.02.04 2010.04.14 -
Sophos 4.52.0 2010.04.14 Mal/FakeAV-CX
Sunbelt 6176 2010.04.14 -
Symantec 20091.2.0.41 2010.04.14 Trojan.FakeAV!gen24
TheHacker 6.5.2.0.261 2010.04.14 -
TrendMicro 9.120.0.1004 2010.04.14 TROJ_RENOS.SMD
VBA32 3.12.12.4 2010.04.14 -
ViRobot 2010.4.14.2276 2010.04.14 -
VirusBuster 5.0.27.0 2010.04.14 Trojan.Codecpack.Gen.4
weitere Informationen
File size: 159232 bytes
MD5...: fd0940e33de88fffb28564af91b466cf
SHA1..: f07bfa5a0642e88536b02b31e410a8a59ef42a07
SHA256: 0d08cc70a032d65d0eda68eec4a07b4c4aec077e45e4241b27c20a1cf921107f
ssdeep: 3072:7BqCj5v+BrYC7utMngCAS9QItJ6ee1iWSr5jx+/Fc4RN87BAc4bw:7Bq0mp
yungGTe8W25jxuI
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x729a
timedatestamp.....: 0x4a5102d7 (Sun Jul 05 19:45:27 2009)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
text 0x1000 0x7ea2 0x8000 5.72 6ee7e7f2530fdfe4313227263d49bbab
DATA 0x9000 0x319d5 0x1ca00 7.58 b9448e52b551af3d7197ec5b651a1f70
.data 0x3b000 0x1420 0x1600 4.90 bb814b8564a54ae98310f7f07aa79041
.bss 0x3d000 0x7df 0x800 0.00 c99a74c555371a433d121f551d6c6398

( 14 imports )
> comdlg32.dll: GetSaveFileNameA, GetOpenFileNameA, GetFileTitleA, ChooseColorA, FindTextA
> GDI32.dll: SetTextColor, CreateDIBitmap, GetCurrentPositionEx, SelectObject, GetBitmapBits, BitBlt, CreateFontIndirectA, SaveDC
> USER32.dll: GetWindow, EnumWindows, GetScrollInfo, EndDeferWindowPos, CharNextA, GetWindowTextA, GetIconInfo, DrawEdge, GetLastActivePopup, EnumChildWindows, CreateIcon, EnableMenuItem, DrawTextA, GetCursor, IsDialogMessageA, GetMenuItemID, ShowWindow, DispatchMessageA, GetDesktopWindow, SetWindowPos, GetDCEx, GetMenu, EqualRect, TrackPopupMenu, GetKeyState, CreateWindowExA, DefWindowProcA, CharLowerA, EnableScrollBar, CharToOemA, GetForegroundWindow, EnableWindow, EndPaint, EnumThreadWindows, DeferWindowPos, DefMDIChildProcA, ClientToScreen, BeginDeferWindowPos, GetSysColorBrush, GetScrollRange, GetScrollPos, GetMenuItemInfoA, DrawIcon, DrawMenuBar, MessageBoxA, CreatePopupMenu, GetClassLongA, GetCapture, CallWindowProcA, GetMessagePos, DrawFrameControl, SetWindowTextA, SetTimer, GetMenuStringA, GetParent, GetActiveWindow, IsChild, SetCursor, GetKeyNameTextA, GetClassInfoA, DefFrameProcA, FillRect, CreateMenu, GetSysColor, IsWindowVisible, GetMenuState, SetWindowLongA, DispatchMessageW, GetSubMenu, GetMenuItemCount, IsMenu, GetDC, GetFocus, DrawIconEx, GetPropA, FrameRect, CallNextHookEx, GetClipboardData, RegisterClassA, GetDlgItem, BeginPaint
> OLE32.dll: GetHGlobalFromStream, CreateStreamOnHGlobal, CoFreeUnusedLibraries
> comctl32.dll: ImageList_Destroy, ImageList_DragShowNolock
> shell32.dll: DragQueryFileA, SHGetFolderPathA, Shell_NotifyIconA, SHGetDiskFreeSpaceA, SHGetFileInfoA
> NTDLL.dll: wcscat, atoi, NtWaitForSingleObject, _wcsnicmp
> version.dll: GetFileVersionInfoA, VerQueryValueA, VerInstallFileA
> SHLWAPI.dll: SHQueryInfoKeyA, SHGetValueA, SHDeleteValueA, SHQueryValueExA
> oleaut32.dll: GetErrorInfo, SafeArrayCreate, SafeArrayGetElement, SafeArrayGetUBound, SysReAllocStringLen, RegisterTypeLib, SafeArrayUnaccessData, VariantChangeType, VariantCopyInd
> kernel32.dll: SetLastError, GetLastError, CompareStringA, lstrcpynA, ResetEvent, VirtualAllocEx, ExitProcess, SizeofResource, GetCurrentThreadId, LoadLibraryA, DeleteCriticalSection, GetCurrentProcessId, GetDiskFreeSpaceA, LocalAlloc, GetTickCount, GetCommandLineA, HeapDestroy, GetStringTypeA, SetEvent, ExitThread, VirtualAlloc, GlobalFindAtomA, WriteFile, lstrcatA, SetHandleCount, GetFullPathNameA, GetCPInfo, GetCurrentThread, MoveFileA, GetVersionExA, InitializeCriticalSection, GetSystemDefaultLangID, EnumCalendarInfoA, GetStartupInfoA, FormatMessageA, FindResourceA, SetThreadLocale, GlobalDeleteAtom, GetStdHandle, HeapAlloc, GetProcessHeap, FindClose, ReadFile, VirtualFree, lstrlenA, GetModuleHandleA, CreateThread
> OLE32.dll: CoFreeUnusedLibraries, OleCreateStaticFromData, PropVariantClear, CLSIDFromString, CreateStreamOnHGlobal, CoDisconnectObject
> msvcrt.dll: exit, sqrt, calloc, wcscspn, memmove, atol, wcstol, swprintf, srand, clock, memcpy, tolower, strlen, memset
> advapi32.dll: RegDeleteValueA

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (62.9%)
Win32 Executable Generic (14.2%)
Win32 Dynamic Link Library (generic) (12.6%)
Clipper DOS Executable (3.3%)
Generic Win/DOS Executable (3.3%)
<a href='hxxp://info.prevx.com/aboutprogramtext.asp?PX5=80835867002992206E270246B5CB2F00320B82B1' target='_blank'>hxxp://info.prevx.com/aboutprogramtext.asp?PX5=80835867002992206E270246B5CB2F00320B82B1</a>
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

laevalalala 14.04.2010 19:44
Die Datei wurde bereits analysiert:
MD5: e6d35f3aa51a65eb35c1f2340154a25e
First received: 2009.09.17 22:44:25 UTC
Datum 2010.04.14 17:49:54 UTC [<1D]
Ergebnisse 1/40
Permalink: analisis/3da4f51682e7d42c5569f1fb1adc6295182962e36f748219e1d0c8f2389ba516-1271267394

laevalalala 14.04.2010 19:44
Datei vwYj.exe empfangen 2010.04.14 18:39:24 (UTC)
Status: Beendet
Ergebnis: 5/40 (12.5%)
Filter
Drucken der Ergebnisse
Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.50 2010.04.14 -
AhnLab-V3 5.0.0.2 2010.04.14 -
AntiVir 7.10.6.77 2010.04.14 -
Antiy-AVL 2.0.3.7 2010.04.14 -
Authentium 5.2.0.5 2010.04.14 -
Avast 4.8.1351.0 2010.04.14 -
Avast5 5.0.332.0 2010.04.14 -
AVG 9.0.0.787 2010.04.14 -
BitDefender 7.2 2010.04.14 -
CAT-QuickHeal 10.00 2010.04.14 -
ClamAV 0.96.0.3-git 2010.04.14 -
Comodo 4597 2010.04.14 -
DrWeb 5.0.2.03300 2010.04.14 -
eSafe 7.0.17.0 2010.04.14 -
eTrust-Vet 35.2.7426 2010.04.14 -
F-Prot 4.5.1.85 2010.04.14 -
F-Secure 9.0.15370.0 2010.04.14 -
Fortinet 4.0.14.0 2010.04.12 -
GData 19 2010.04.14 -
Ikarus T3.1.1.80.0 2010.04.14 -
Jiangmin 13.0.900 2010.04.13 -
Kaspersky 7.0.0.125 2010.04.14 Packed.Win32.Krap.ao
McAfee 5.400.0.1158 2010.04.14 -
McAfee-GW-Edition 6.8.5 2010.04.14 -
Microsoft 1.5605 2010.04.14 PWS:Win32/Zbot.gen!R
NOD32 5029 2010.04.14 a variant of Win32/Kryptik.DQK
Norman 6.04.11 2010.04.14 -
nProtect 2010-04-14.01 2010.04.14 -
Panda 10.0.2.7 2010.04.14 Suspicious file
PCTools 7.0.3.5 2010.04.14 -
Prevx 3.0 2010.04.14 -
Rising 22.43.02.04 2010.04.14 -
Sophos 4.52.0 2010.04.14 -
Sunbelt 6176 2010.04.14 Trojan.Win32.Generic.pak!cobra
Symantec 20091.2.0.41 2010.04.14 -
TheHacker 6.5.2.0.261 2010.04.14 -
TrendMicro 9.120.0.1004 2010.04.14 -
VBA32 3.12.12.4 2010.04.14 -
ViRobot 2010.4.14.2276 2010.04.14 -
VirusBuster 5.0.27.0 2010.04.14 -
weitere Informationen
File size: 111104 bytes
MD5...: 257df8d793ad8609b30c008b8e491904
SHA1..: cf44a939470d4b9d5eb919e2ec97fb78cd5e0252
SHA256: 53ff9c7d97a12be2af9cd46499c3a19220aa0fc5951494fb423c8bee2b352818
ssdeep: 1536:GspP2RgmZ5de8wF0CUaxlFlje+vciKAnsv3vhKs8cSR2T+Wnw8yT5idlmfG
x9:7P2CMde8PZWN33tfsGcqWnw3APeGx9
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x402a0
timedatestamp.....: 0x43686d93 (Wed Nov 02 07:41:07 2005)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
UPX0 0x1000 0x25000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
UPX1 0x26000 0x1b000 0x1a600 7.87 462b0db8c4e878081198b16a38ed2eae
.rsrc 0x41000 0x1000 0xa00 3.34 39f711d2abe2a5ae0e4e47e000f1e861

( 3 imports )
> KERNEL32.DLL: LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
> ADVAPI32.dll: AddAccessAllowedAce
> COMDLG32.dll: ChooseFontA

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: UPX compressed Win32 Executable (39.5%)
Win32 EXE Yoda's Crypter (34.3%)
Win32 Executable Generic (11.0%)
Win32 Dynamic Link Library (generic) (9.8%)
Generic Win/DOS Executable (2.5%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
packers (Kaspersky): PE_Patch.UPX, UPX
packers (F-Prot): UPX
Symantec Reputation Network: Suspicious.Insight hxxp://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99

laevalalala 14.04.2010 19:45
Datei Dwymua.exe empfangen 2010.04.14 18:32:53 (UTC)
Status: Beendet
Ergebnis: 23/40 (57.5%)
Filter
Drucken der Ergebnisse
Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.50 2010.04.14 -
AhnLab-V3 5.0.0.2 2010.04.14 Win-Trojan/Fakeav.165376.F
AntiVir 7.10.6.77 2010.04.14 TR/Dldr.Renos.KF.847
Antiy-AVL 2.0.3.7 2010.04.14 -
Authentium 5.2.0.5 2010.04.14 W32/FakeAlert.FT.gen!Eldorado
Avast 4.8.1351.0 2010.04.14 Win32:Trojan-gen
Avast5 5.0.332.0 2010.04.14 Win32:Trojan-gen
AVG 9.0.0.787 2010.04.14 Generic17.UUQ
BitDefender 7.2 2010.04.14 -
CAT-QuickHeal 10.00 2010.04.14 Win32.Packed.Krap.as.4
ClamAV 0.96.0.3-git 2010.04.14 -
Comodo 4597 2010.04.14 -
DrWeb 5.0.2.03300 2010.04.14 Trojan.DownLoad1.47680
eSafe 7.0.17.0 2010.04.14 -
eTrust-Vet 35.2.7426 2010.04.14 -
F-Prot 4.5.1.85 2010.04.14 W32/FakeAlert.FT.gen!Eldorado
F-Secure 9.0.15370.0 2010.04.14 Trojan-Downloader:W32/Renos.gen!C
Fortinet 4.0.14.0 2010.04.12 -
GData 19 2010.04.14 Win32:Trojan-gen
Ikarus T3.1.1.80.0 2010.04.14 -
Jiangmin 13.0.900 2010.04.13 -
Kaspersky 7.0.0.125 2010.04.14 -
McAfee 5.400.0.1158 2010.04.14 Downloader-CEW
McAfee-GW-Edition 6.8.5 2010.04.14 Heuristic.LooksLike.Trojan.Dldr.Renos.H
Microsoft 1.5605 2010.04.14 TrojanDownloader:Win32/Renos.KF
NOD32 5029 2010.04.14 a variant of Win32/Kryptik.DIR
Norman 6.04.11 2010.04.14 -
nProtect 2010-04-14.01 2010.04.14 -
Panda 10.0.2.7 2010.04.14 Generic Malware
PCTools 7.0.3.5 2010.04.14 -
Prevx 3.0 2010.04.14 Medium Risk Malware
Rising 22.43.02.04 2010.04.14 Backdoor.Win32.Undef.gha
Sophos 4.52.0 2010.04.14 Mal/FakeAV-CX
Sunbelt 6176 2010.04.14 -
Symantec 20091.2.0.41 2010.04.14 Trojan.FakeAV!gen24
TheHacker 6.5.2.0.261 2010.04.14 Trojan/Kryptik.dhi
TrendMicro 9.120.0.1004 2010.04.14 TROJ_RENOS.SMD
VBA32 3.12.12.4 2010.04.14 -
ViRobot 2010.4.14.2276 2010.04.14 -
VirusBuster 5.0.27.0 2010.04.14 Trojan.Codecpack.Gen.4
weitere Informationen
File size: 165376 bytes
MD5...: 8e38875abb0a98b8b18f7747635b6d08
SHA1..: 3bf6a6bf5ec59692572aaaffcfcf1caa097b3415
SHA256: cc4faf5ec2954af53c6883c6f5d390d86abddd03382da1d14564a3a764eb6c64
ssdeep: 3072:T8w+JNHe7YkjCp4hCMW89cp/3tJav8MCyBU0lnl99xGKif3ezd2oKHQUu:T
8vbkup4h19cBHRyBUgTaVOg7w
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x53d2
timedatestamp.....: 0x4a77d197 (Tue Aug 04 06:13:43 2009)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
text 0x1000 0x760e 0x7800 5.73 b0a1490f60726da1a84abf558d8289d5
.rdata 0x9000 0x1ebe7 0x1ec00 7.44 30be65ecbdea63a452b83446ca6d9514
.data 0x28000 0x16455 0x1600 4.77 fe3a26f2951793e3b8be2891d0586ada
.idata 0x3f000 0x684 0x800 0.00 c99a74c555371a433d121f551d6c6398

( 13 imports )
> comdlg32.dll: GetOpenFileNameA
> GDI32.dll: SetPixel, CreatePalette, GetDIBits, GetDIBColorTable, CreateFontIndirectA, SelectObject, CopyEnhMetaFileA, CreateDIBitmap, CreateBrushIndirect, BitBlt
> msvcrt.dll: mbstowcs, _acmdln, wcsncmp, strlen, sqrt, srand, wcscspn, swprintf, wcstol, tolower, memmove, memcpy
> shell32.dll: SHFileOperationA, SHGetDiskFreeSpaceA, Shell_NotifyIconA
> user32.dll: DrawIcon, GetDlgItem, FrameRect, GetActiveWindow, GetWindow, GetMenuStringA, GetCapture, EnableWindow, MessageBoxA, EnumThreadWindows, CharLowerBuffA, GetClassLongA, CharLowerA, RegisterClassA, IsChild, HideCaret, GetLastActivePopup, DefMDIChildProcA, EnableScrollBar, GetFocus, GetClipboardData, SetWindowPos, DrawMenuBar, GetForegroundWindow, GetMenuState, GetCursor, DeferWindowPos, GetMenuItemCount, FindWindowA, GetCursorPos, SetTimer, EnableMenuItem, GetParent, EndPaint, IsWindowVisible, DrawEdge, DrawTextA, CreateMenu, GetIconInfo, GetMenuItemID, GetWindowTextA, SetWindowTextA, GetMessagePos, DefWindowProcA, IsMenu, GetScrollInfo, IsWindowEnabled, FillRect, DrawFrameControl, GetSysColorBrush, CreatePopupMenu, GetScrollPos, GetClientRect, GetKeyNameTextA, GetClassInfoA, CreateIcon, GetMenuItemInfoA, SetWindowLongA, ClientToScreen, GetDesktopWindow, DispatchMessageA, GetPropA, BeginPaint, CharToOemA, IsDialogMessageA, GetSysColor, GetDCEx
> KERNEL32.dll: WaitForSingleObject, WriteFile, GetStartupInfoA, GetModuleHandleA, FindClose, GetEnvironmentStrings, GetLocaleInfoA, GetDiskFreeSpaceA, lstrcatA, GlobalAlloc, GetACP, SetThreadLocale, FormatMessageA, GetCurrentThread, GetProcessHeap, lstrcpynA, GetModuleFileNameA, GetCurrentThreadId, VirtualAlloc, lstrlenA, GetVersionExA, LoadResource, GetDateFormatA, VirtualQuery, LoadLibraryExA, FreeResource, GetFileAttributesA, ResetEvent, MoveFileExA, HeapAlloc, ExitThread, MoveFileA, GetFullPathNameA, GetThreadLocale, HeapFree, DeleteFileA, EnumCalendarInfoA, GlobalDeleteAtom, GetCommandLineA, LocalFree, lstrcmpiA, VirtualAllocEx, GetStdHandle, GetStringTypeW, lstrcpyA, GetCPInfo, SetEndOfFile, GetOEMCP, FreeLibrary, GetCurrentProcessId, CreateEventA, FindFirstFileA, LoadLibraryA, MulDiv, EnterCriticalSection, CompareStringA, RaiseException
> NTDLL.dll: _wcsnicmp, RtlDeleteCriticalSection, atoi
> shlwapi.dll: SHDeleteKeyA, SHStrDupA
> OLE32.dll: ReleaseStgMedium, CoCreateGuid, StgOpenStorage, CLSIDFromProgID, CoTaskMemFree, StgCreateDocfileOnILockBytes, CoUninitialize
> ADVAPI32.dll: RegCreateKeyA, RegDeleteKeyA, RegLoadKeyA, RegQueryValueExA
> OLEAUT32.dll: OleLoadPicture, SysReAllocStringLen, SafeArrayPtrOfIndex, SafeArrayGetUBound, VariantChangeType, SafeArrayGetElement, SafeArrayUnaccessData, SafeArrayCreate, SysAllocStringLen, VariantCopyInd
> COMCTL32.dll: ImageList_GetBkColor, ImageList_Create, ImageList_DragShowNolock, ImageList_Draw, ImageList_Read, ImageList_Add, ImageList_Destroy, ImageList_Remove
> version.dll: GetFileVersionInfoSizeA

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Win32 Executable MS Visual C++ (generic) (62.9%)
Win32 Executable Generic (14.2%)
Win32 Dynamic Link Library (generic) (12.6%)
Clipper DOS Executable (3.3%)
Generic Win/DOS Executable (3.3%)
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
<a href='hxxp://info.prevx.com/aboutprogramtext.asp?PX5=EF2BB1D700A23CBC864102CCACBFE1007C420787' target='_blank'>hxxp://info.prevx.com/aboutprogramtext.asp?PX5=EF2BB1D700A23CBC864102CCACBFE1007C420787</a>

laevalalala 14.04.2010 20:00
ich war gerade bei dem schritt mit dem runfix button, als es hieß dass der computer jetzt neugestartet werden müsse...
nachdem er wieder hochgefahren ist, kam folgendes fenster:

All processes killed
========== OTL ==========
No active process named vwYj.exe was found!
No active process named Df1.exe was found!
No active process named Dwymua.exe was found!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.
C:\Programme\Ask.com\GenericAskToolbar.dll moved successfully.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: toolbar@ask.com:3.4.4.118 removed from extensions.enabledItems
C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\toolbar@ask.com\searchplugins folder moved successfully.
C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\toolbar@ask.com\logs folder moved successfully.
C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\toolbar@ask.com\defaults\preferences folder moved successfully.
C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\toolbar@ask.com\defaults folder moved successfully.
C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\toolbar@ask.com\datastore folder moved successfully.
C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Sun-20-Sep-2009-14-11-03-GMT folder moved successfully.
C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\toolbar@ask.com\chrome\temp\ff-config.Fri-12-Feb-2010-01-16-40-GMT folder moved successfully.
C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\toolbar@ask.com\chrome\temp folder moved successfully.
C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\toolbar@ask.com\chrome\skin folder moved successfully.
C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\toolbar@ask.com\chrome\content folder moved successfully.
C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\toolbar@ask.com\chrome folder moved successfully.
C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\toolbar@ask.com folder moved successfully.
C:\Users\Eva-Maria\AppData\Roaming\Mozilla\FireFox\Profiles\jy1c4yrj.default\searchplugins\askcom.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\YVIBBBHA8C deleted successfully.
C:\Users\EVA-MA~1\AppData\Local\Temp\Df1.exe moved successfully.
C:\Windows\System32\drivers\ixuj.sys moved successfully.
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job moved successfully.
C:\Windows\Dwymua.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 75 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Eva-Maria
->Temp folder emptied: 56416671 bytes
->Temporary Internet Files folder emptied: 270522110 bytes
->Java cache emptied: 51933414 bytes
->FireFox cache emptied: 48687422 bytes
->Google Chrome cache emptied: 483890430 bytes
->Apple Safari cache emptied: 21036224 bytes
->Flash cache emptied: 2102012 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 33875043 bytes
RecycleBin emptied: 1245740910 bytes

Total Files Cleaned = 2.112,00 mb


OTL by OldTimer - Version 3.2.1.1 log created on 04142010_204741

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\mcafee_0rPnq1VBxAK1olO not found!
File\Folder C:\Windows\temp\mcmsc_HxWmg5letLh5aVz not found!
File\Folder C:\Windows\temp\mcmsc_IqubXiIKUFMbdkl not found!
File\Folder C:\Windows\temp\mcmsc_LHkUIDjDejQuzwE not found!
File\Folder C:\Windows\temp\mcmsc_QtNpnaTGw0CShvo not found!
C:\Windows\temp\sqlite_DkEfcA9J7abe59S moved successfully.
C:\Windows\temp\sqlite_pfBiijRhqjNe2ry moved successfully.
C:\Windows\temp\sqlite_xBBsanAblbuhNvS moved successfully.
C:\Windows\temp\sqlite_XFn2mazRlzC7oR6 moved successfully.

Registry entries deleted on Reboot...

Chris4You 14.04.2010 20:22
Hi,

teilweise waren die Einträge schon weg, allerdings hat OTL ein paar noch erwischt:
Code:
C:\Users\EVA-MA~1\AppData\Local\Temp\Df1.exe moved successfully.
C:\Windows\System32\drivers\ixuj.sys moved successfully.
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job moved successfully.
C:\Windows\Dwymua.exe moved successfully.
Unbedingt MAM updaten und laufen lassen, eines davon war ein Trojandownloader und wie der Name schon sagt...

Danach Cureit:
http://www.trojaner-board.de/59299-a...eb-cureit.html
Nach Beendigung des Scans findes Du das Log unter %USERPROFILE%\DoctorWeb\CureIt.log.
Bevor du irgendwelche Aktionen unternimmst, kopiere bitte den Inhalt des Logs und poste ihn.
Die Log Datei ist sehr groß, ca. über 5MB Text. Benutzt einfach die Suche nach "infiziert" und kopiert betreffende Teile heraus, bevor Du sie postet.

chris

laevalalala 15.04.2010 17:38
Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 3986

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

15.04.2010 18:36:12
mbam-log-2010-04-15 (18-36-12).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 272439
Laufzeit: 1 Stunde(n), 55 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\WEK9EMDHI9 (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wek9emdhi9 (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

laevalalala 15.04.2010 17:58
OTL logfile created on: 15.04.2010 18:51:10 - Run 2
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\Eva-Maria\Documents\Downloads
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 455,99 Gb Total Space | 307,68 Gb Free Space | 67,48% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: EVA-MARIAS-PC
Current User Name: Eva-Maria
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\EVA-MA~1\AppData\Local\Temp\RtkBtMnt.exe (Realtek Semiconductor Corp.)
PRC - C:\Users\Eva-Maria\Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
PRC - C:\Users\Eva-Maria\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Programme\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
PRC - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerTray.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer PowerSmart Manager\ePowerEvent.exe (Acer Incorporated)
PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.)
PRC - C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
PRC - C:\Programme\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
PRC - C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)
PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - C:\Programme\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
PRC - C:\Programme\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
PRC - C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
PRC - C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - c:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.)
PRC - C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
PRC - C:\Programme\McAfee\MSK\msksrver.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - c:\Programme\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
PRC - c:\Programme\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
PRC - C:\Windows\PLFSetI.exe ()
PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Eva-Maria\Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - c:\Programme\McAfee\SiteAdvisor\sahook.dll (McAfee, Inc.)
MOD - C:\Programme\Acer\Acer PowerSmart Manager\SysHook.dll (Acer Incorporated)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe (McAfee, Inc.)
SRV - (GoogleDesktopManager-093009-130223) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
SRV - (MWLService) -- C:\Program Files\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (NTI IScheduleSvc) -- C:\Programme\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe (NewTech Infosystems, Inc.)
SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)
SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe ()
SRV - (mcmscsvc) -- C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Programme\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (NTISchedulerSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe (NewTech Infosystems, Inc.)
SRV - (NTIBackupSvc) -- C:\Programme\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe (NewTech InfoSystems, Inc.)
SRV - (MSK80Service) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\Programme\Common Files\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (McProxy) -- c:\Programme\Common Files\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()
DRV - (NTIDrvr) -- C:\Windows\System32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (mwlPSDVDisk) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys (Egis Incorporated.)
DRV - (mwlPSDFilter) -- C:\Windows\System32\drivers\mwlPSDFilter.sys (Egis Incorporated.)
DRV - (mwlPSDNServ) -- C:\Windows\System32\drivers\mwlPSDNserv.sys (Egis Incorporated.)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (k57nd60x) Broadcom NetLink (TM) -- C:\Windows\System32\drivers\k57nd60x.sys (Broadcom Corporation)
DRV - (MPFP) -- C:\Windows\System32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (UBHelper) -- C:\Windows\System32\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (NSCIRDA) -- C:\Windows\System32\drivers\nscirda.sys (National Semiconductor Corporation)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (DKbFltr) -- C:\Windows\System32\drivers\DKbFltr.sys (Dritek System Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_7735
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=2&o=vp32&d=0709&m=aspire_7735
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: ""
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: ""
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB}:1.0.3
FF - prefs.js..extensions.enabledItems: {64e8cc5b-20db-4212-8320-178fc5ae71f7}:1.0
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.2
FF - prefs.js..extensions.enabledItems: silvermelxt@pardal.de:1.3.3
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100119091315
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.11.6
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: gutscheinmieze@synatix-gmbh.de:1.03
FF - prefs.js..extensions.enabledItems: {961408A3-C970-4577-970A-D97C29839A67}:1.3.3
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="

FF - user.js..browser.search.selectedEngine: "foxsearch"
FF - user.js..browser.search.order.1: "foxsearch"
FF - user.js..browser.search.defaultenginename: "foxsearch"
FF - user.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010.04.09 14:21:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010.01.24 22:22:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.03.31 12:47:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.03.31 12:47:07 | 000,000,000 | ---D | M]

[2009.09.16 16:48:47 | 000,000,000 | ---D | M] -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Extensions
[2010.04.14 20:47:52 | 000,000,000 | ---D | M] -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions
[2009.09.16 17:01:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.01.25 16:20:13 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010.02.17 16:03:04 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.01.13 00:20:21 | 000,000,000 | ---D | M] (FaceMod Dislike Button) -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\{64e8cc5b-20db-4212-8320-178fc5ae71f7}
[2010.03.21 17:11:43 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.03.06 10:57:34 | 000,000,000 | ---D | M] (Charamel) -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\{961408A3-C970-4577-970A-D97C29839A67}
[2010.01.08 14:58:22 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.03.06 10:57:33 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2010.03.23 18:12:41 | 000,000,000 | ---D | M] -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\gutscheinmieze@synatix-gmbh.de
[2009.09.30 12:16:35 | 000,000,000 | ---D | M] -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\moveplayer@movenetworks.com
[2010.03.21 17:11:43 | 000,000,000 | ---D | M] -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\personas@christopher.beard
[2010.03.21 17:11:44 | 000,000,000 | ---D | M] -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\piclens@cooliris.com
[2010.03.06 10:57:34 | 000,000,000 | ---D | M] -- C:\Users\Eva-Maria\AppData\Roaming\mozilla\Firefox\Profiles\jy1c4yrj.default\extensions\silvermelxt@pardal.de
[2010.03.28 17:45:22 | 000,000,950 | ---- | M] () -- C:\Users\Eva-Maria\AppData\Roaming\Mozilla\FireFox\Profiles\jy1c4yrj.default\searchplugins\icqplugin-1.xml
[2010.01.19 21:17:07 | 000,000,961 | ---- | M] () -- C:\Users\Eva-Maria\AppData\Roaming\Mozilla\FireFox\Profiles\jy1c4yrj.default\searchplugins\icqplugin-2.xml
[2010.03.14 12:53:30 | 000,000,950 | ---- | M] () -- C:\Users\Eva-Maria\AppData\Roaming\Mozilla\FireFox\Profiles\jy1c4yrj.default\searchplugins\icqplugin-3.xml
[2010.03.23 18:16:42 | 000,000,950 | ---- | M] () -- C:\Users\Eva-Maria\AppData\Roaming\Mozilla\FireFox\Profiles\jy1c4yrj.default\searchplugins\icqplugin-4.xml
[2008.03.31 13:52:00 | 000,000,168 | ---- | M] () -- C:\Users\Eva-Maria\AppData\Roaming\Mozilla\FireFox\Profiles\jy1c4yrj.default\searchplugins\icqplugin.gif
[2008.03.31 13:52:00 | 000,000,618 | ---- | M] () -- C:\Users\Eva-Maria\AppData\Roaming\Mozilla\FireFox\Profiles\jy1c4yrj.default\searchplugins\icqplugin.src
[2008.07.10 14:07:28 | 000,000,944 | ---- | M] () -- C:\Users\Eva-Maria\AppData\Roaming\Mozilla\FireFox\Profiles\jy1c4yrj.default\searchplugins\icqplugin.xml
[2009.12.03 21:51:36 | 000,003,915 | ---- | M] () -- C:\Users\Eva-Maria\AppData\Roaming\Mozilla\FireFox\Profiles\jy1c4yrj.default\searchplugins\sweetim.xml
[2010.03.28 17:45:22 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.01.19 21:07:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.03.23 18:14:51 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.04.11 00:34:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}
[2010.03.19 10:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Programme\Mozilla Firefox\plugins\npmieze.dll
[2010.03.14 12:53:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.03.14 12:53:00 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.03.23 18:12:42 | 000,000,143 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\foxsearch.src
[2010.03.14 12:53:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.03.14 12:53:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.03.14 12:53:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Eva-Maria\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Eva-Maria\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O4 - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [AmIcoSinglun] C:\Programme\AmIcoSingLun\AmIcoSinglun.exe (AlcorMicro Co., Ltd.)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [EgisTecLiveUpdate] C:\Program Files\EgisTec Egis Software Update\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [mwlDaemon] C:\Programme\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Programme\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\Windows\System32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -Mozilla\5.0_(Windows;_U;_Windows_NT_6.0;_en-US)_AppleWebKit\532.5_(KHTML,_like_Gecko)_Chrome\4.1.249.1045_Safari\532.5 - File not found
O4 - Startup: C:\Users\Eva-Maria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Eva-Maria\Pictures\2010\MeranBozen\DSC08437.JPG
O24 - Desktop BackupWallPaper: C:\Users\Eva-Maria\Pictures\2010\MeranBozen\DSC08437.JPG
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.04.14 20:47:41 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.04.14 14:12:24 | 000,000,000 | ---D | C] -- C:\Users\Eva-Maria\AppData\Roaming\Malwarebytes
[2010.04.14 14:12:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.14 14:12:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.04.14 14:12:10 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.04.14 14:12:10 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.04.14 13:03:50 | 003,598,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.04.14 13:03:49 | 003,545,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.04.14 13:03:46 | 000,430,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.04.14 13:02:20 | 000,062,464 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\Windows\System32\l3codeca.acm
[2010.04.11 00:40:10 | 000,000,000 | -H-D | C] -- C:\ProgramData\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010.04.11 00:28:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2010.04.11 00:28:31 | 000,000,000 | ---D | C] -- C:\Programme\Security Task Manager
[2010.04.02 19:57:27 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010.03.31 12:51:38 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010.03.31 12:51:32 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2010.03.31 12:51:32 | 000,000,000 | ---D | C] -- C:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.03.31 12:46:14 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2010.03.31 12:39:12 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2010.03.31 12:35:13 | 000,000,000 | ---D | C] -- C:\Programme\Safari
[2010.03.31 12:12:53 | 000,380,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.03.31 12:12:51 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.03.31 12:12:50 | 000,458,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.03.31 12:12:50 | 000,230,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010.03.31 12:12:50 | 000,193,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.03.31 12:12:49 | 000,389,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.03.31 12:12:49 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.03.31 12:12:48 | 000,671,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.03.31 12:12:48 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieencode.dll
[2010.03.31 12:12:47 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.03.31 12:12:45 | 001,383,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.03.26 20:25:52 | 000,000,000 | ---D | C] -- C:\Users\Eva-Maria\Documents\Downloads
[2010.03.23 18:30:44 | 000,000,000 | ---D | C] -- C:\Users\Eva-Maria\AppData\Roaming\skypePM
[2010.03.23 18:15:55 | 000,000,000 | ---D | C] -- C:\Users\Eva-Maria\AppData\Roaming\Skype
[2010.03.23 18:13:56 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Skype
[2010.03.23 18:13:52 | 000,000,000 | R--D | C] -- C:\Programme\Skype
[2010.03.23 18:13:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010.03.23 18:12:29 | 000,000,000 | ---D | C] -- C:\Users\Eva-Maria\AppData\Roaming\Gutscheinmieze
[2010.03.21 17:12:01 | 000,000,000 | ---D | C] -- C:\Users\Eva-Maria\AppData\Local\Cooliris
[2010.03.17 21:53:42 | 000,094,208 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2010.03.17 21:53:42 | 000,069,632 | ---- | C] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts
[2009.07.21 10:28:54 | 000,049,152 | ---- | C] ( ) -- C:\Windows\Interop.IWshRuntimeLibrary.dll

========== Files - Modified Within 30 Days ==========

[2010.04.15 18:55:48 | 004,194,304 | -HS- | M] () -- C:\Users\Eva-Maria\NTUSER.DAT
[2010.04.15 18:42:12 | 000,024,131 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2010.04.15 18:42:05 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.04.15 18:41:41 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.04.15 18:41:08 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.04.15 18:41:07 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.04.15 18:41:02 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.04.15 18:40:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.04.15 18:39:07 | 000,524,288 | -HS- | M] () -- C:\Users\Eva-Maria\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.04.15 18:39:07 | 000,065,536 | -HS- | M] () -- C:\Users\Eva-Maria\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.04.15 18:37:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.04.15 18:24:00 | 000,001,134 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1313689582-3900863286-3496430324-1000UA.job
[2010.04.15 18:24:00 | 000,001,082 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1313689582-3900863286-3496430324-1000Core.job
[2010.04.14 23:38:56 | 003,431,414 | -H-- | M] () -- C:\Users\Eva-Maria\AppData\Local\IconCache.db
[2010.04.14 22:40:33 | 001,418,806 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.04.14 22:40:33 | 000,618,442 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.04.14 22:40:33 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.04.14 22:40:33 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.04.14 22:40:33 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.04.14 18:31:44 | 000,034,226 | ---- | M] () -- C:\Users\Eva-Maria\Documents\semesterarbeit kunst.odt
[2010.04.14 18:19:00 | 000,000,482 | ---- | M] () -- C:\Windows\tasks\Norton Security Scan for Eva-Maria.job
[2010.04.14 14:12:16 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.14 12:55:09 | 000,006,836 | ---- | M] () -- C:\Users\Eva-Maria\AppData\Local\d3d9caps.dat
[2010.04.14 12:55:09 | 000,000,552 | ---- | M] () -- C:\Users\Eva-Maria\AppData\Local\d3d8caps.dat
[2010.04.13 22:31:26 | 000,023,086 | ---- | M] () -- C:\Users\Eva-Maria\Documents\der heilige-exemplarische mensch reli.odt
[2010.04.13 16:50:29 | 000,019,413 | ---- | M] () -- C:\Users\Eva-Maria\Documents\portfolio bus.odt
[2010.04.11 21:46:08 | 000,028,066 | ---- | M] () -- C:\Users\Eva-Maria\Documents\Frauen%20in%20der%20nachkriegszeit%20p-seminar%20ausdrucken.odt_0.odt
[2010.04.11 17:32:35 | 000,000,128 | -H-- | M] () -- C:\Users\Eva-Maria\Documents\.~lock.Frauen in der nachkriegszeit p-seminar ausdrucken.odt#
[2010.04.11 00:51:01 | 000,095,024 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010.04.11 00:40:03 | 000,001,019 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.04.05 18:45:19 | 000,014,468 | ---- | M] () -- C:\Users\Eva-Maria\Documents\fb smiliesy.odt
[2010.04.05 17:43:51 | 000,012,800 | ---- | M] () -- C:\Users\Eva-Maria\Documents\Lebenslauf.doc
[2010.04.04 11:47:42 | 000,118,272 | ---- | M] () -- C:\Users\Eva-Maria\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.02 14:24:58 | 000,002,109 | ---- | M] () -- C:\Users\Eva-Maria\Desktop\Google Chrome.lnk
[2010.04.01 20:42:52 | 000,485,888 | ---- | M] () -- C:\Users\Eva-Maria\Documents\Bewerbungsformular.Lena.doc
[2010.04.01 14:33:24 | 000,007,856 | ---- | M] () -- C:\Users\Eva-Maria\.recently-used.xbel
[2010.03.31 12:52:44 | 000,001,804 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.03.31 12:46:48 | 000,001,730 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.03.31 12:35:21 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2010.03.31 08:16:15 | 000,025,844 | ---- | M] () -- C:\Users\Eva-Maria\Documents\Frauen in der nachkriegszeit p-seminar ausdrucken.odt
[2010.03.29 15:24:58 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.03.29 15:24:46 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.03.24 00:09:37 | 000,012,865 | ---- | M] () -- C:\Users\Eva-Maria\Documents\portfolio pseminar.odt
[2010.03.23 18:30:47 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010.03.23 18:13:57 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.03.22 22:39:20 | 000,057,002 | ---- | M] () -- C:\Users\Eva-Maria\Documents\sport gerätturnen.odt
[2010.03.22 21:45:05 | 000,058,414 | ---- | M] () -- C:\Users\Eva-Maria\Documents\sport gerätturnen handout.odt
[2010.03.21 16:42:59 | 000,037,005 | ---- | M] () -- C:\Users\Eva-Maria\Documents\sozi.odt
[2010.03.17 21:53:42 | 000,094,208 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTimeVR.qtx
[2010.03.17 21:53:42 | 000,069,632 | ---- | M] (Apple Inc.) -- C:\Windows\System32\QuickTime.qts

========== Files Created - No Company Name ==========

[2010.04.15 18:41:41 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.04.14 14:12:16 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.04.14 12:55:09 | 000,000,552 | ---- | C] () -- C:\Users\Eva-Maria\AppData\Local\d3d8caps.dat
[2010.04.13 22:31:24 | 000,023,086 | ---- | C] () -- C:\Users\Eva-Maria\Documents\der heilige-exemplarische mensch reli.odt
[2010.04.12 16:45:11 | 000,028,066 | ---- | C] () -- C:\Users\Eva-Maria\Documents\Frauen%20in%20der%20nachkriegszeit%20p-seminar%20ausdrucken.odt_0.odt
[2010.04.11 17:32:35 | 000,000,128 | -H-- | C] () -- C:\Users\Eva-Maria\Documents\.~lock.Frauen in der nachkriegszeit p-seminar ausdrucken.odt#
[2010.04.11 00:40:03 | 000,001,019 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.04.10 21:01:41 | 000,034,226 | ---- | C] () -- C:\Users\Eva-Maria\Documents\semesterarbeit kunst.odt
[2010.04.05 18:45:19 | 000,014,468 | ---- | C] () -- C:\Users\Eva-Maria\Documents\fb smiliesy.odt
[2010.04.01 20:42:47 | 000,485,888 | ---- | C] () -- C:\Users\Eva-Maria\Documents\Bewerbungsformular.Lena.doc
[2010.04.01 14:33:24 | 000,007,856 | ---- | C] () -- C:\Users\Eva-Maria\.recently-used.xbel
[2010.03.31 12:52:44 | 000,001,804 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2010.03.31 12:46:48 | 000,001,730 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2010.03.31 12:35:21 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Safari.lnk
[2010.03.26 19:20:36 | 000,002,109 | ---- | C] () -- C:\Users\Eva-Maria\Desktop\Google Chrome.lnk
[2010.03.26 19:19:00 | 000,001,134 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1313689582-3900863286-3496430324-1000UA.job
[2010.03.26 19:19:00 | 000,001,082 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1313689582-3900863286-3496430324-1000Core.job
[2010.03.25 17:09:10 | 000,025,844 | ---- | C] () -- C:\Users\Eva-Maria\Documents\Frauen in der nachkriegszeit p-seminar ausdrucken.odt
[2010.03.23 18:30:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.03.23 18:13:57 | 000,001,880 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010.03.23 00:10:37 | 000,019,413 | ---- | C] () -- C:\Users\Eva-Maria\Documents\portfolio bus.odt
[2010.01.07 12:13:38 | 000,151,008 | ---- | C] () -- C:\Users\Eva-Maria\Orial Bold.ttf
[2010.01.05 22:54:27 | 000,000,088 | ---- | C] () -- C:\Users\Eva-Maria\VISIT DIRT2.COM FOR USAGE.txt
[2010.01.05 22:54:20 | 000,008,128 | ---- | C] () -- C:\Users\Eva-Maria\little bliss bold.otf
[2010.01.05 22:52:41 | 000,008,280 | ---- | C] () -- C:\Users\Eva-Maria\little bliss.otf
[2010.01.05 22:25:26 | 000,011,496 | ---- | C] () -- C:\Users\Eva-Maria\little bliss bold.ttf
[2010.01.05 11:53:00 | 000,050,566 | ---- | C] () -- C:\Users\Eva-Maria\littlebliss.jpg
[2010.01.05 11:33:10 | 000,011,528 | ---- | C] () -- C:\Users\Eva-Maria\little bliss.ttf
[2009.12.24 23:46:26 | 000,001,089 | ---- | C] () -- C:\Users\Eva-Maria\ScriptSERIF - READ ME.txt
[2009.12.23 15:46:43 | 000,110,592 | ---- | C] () -- C:\Windows\System32\FsUsbExDevice.Dll
[2009.12.23 15:46:43 | 000,036,608 | ---- | C] () -- C:\Windows\System32\FsUsbExDisk.Sys
[2009.12.23 15:36:08 | 000,113,152 | ---- | C] () -- C:\Users\Eva-Maria\1031.MST
[2009.12.23 15:36:08 | 000,015,832 | ---- | C] () -- C:\Users\Eva-Maria\0x0407.ini
[2009.12.23 15:35:58 | 097,979,392 | ---- | C] () -- C:\Users\Eva-Maria\Samsung New PC Studio.msi
[2009.12.22 20:40:18 | 000,298,828 | ---- | C] () -- C:\Users\Eva-Maria\script_serif.ttf
[2009.12.22 20:30:56 | 000,280,209 | ---- | C] () -- C:\Users\Eva-Maria\scriptSERIF_sample.jpg
[2009.12.22 20:04:42 | 000,242,864 | ---- | C] () -- C:\Users\Eva-Maria\script_serif_riptrash.ttf
[2009.11.15 12:45:44 | 000,537,011 | ---- | C] () -- C:\Users\Eva-Maria\ billy argel beyaond sky font.jpg
[2009.11.15 12:37:34 | 000,516,096 | ---- | C] () -- C:\Users\Eva-Maria\BEYONDSKTRIAL.ttf
[2009.11.15 11:19:36 | 000,000,134 | ---- | C] () -- C:\Users\Eva-Maria\READ ME.txt
[2009.09.20 11:21:32 | 000,014,336 | -H-- | C] () -- C:\Users\Eva-Maria\photothumb.db
[2009.09.17 13:25:41 | 000,087,349 | ---- | C] () -- C:\Users\Eva-Maria\0405_09780_happy_birthday.jpg
[2009.09.13 01:03:19 | 000,242,200 | ---- | C] () -- C:\Users\Eva-Maria\acer-code.jpg
[2009.09.03 15:46:08 | 000,002,712 | ---- | C] () -- C:\Users\Eva-Maria\JOEBOB graphics free trial font users license.txt
[2009.08.26 08:27:16 | 000,006,836 | ---- | C] () -- C:\Users\Eva-Maria\AppData\Local\d3d9caps.dat
[2009.08.25 23:47:23 | 000,001,072 | ---- | C] () -- C:\Users\Eva-Maria\AppData\Roaming\wklnhst.dat
[2009.08.22 01:11:33 | 000,118,272 | ---- | C] () -- C:\Users\Eva-Maria\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.08.12 17:41:40 | 004,194,304 | -HS- | C] () -- C:\Users\Eva-Maria\NTUSER.DAT
[2009.08.12 17:41:40 | 000,524,288 | -HS- | C] () -- C:\Users\Eva-Maria\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000002.regtrans-ms
[2009.08.12 17:41:40 | 000,524,288 | -HS- | C] () -- C:\Users\Eva-Maria\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2009.08.12 17:41:40 | 000,262,144 | -H-- | C] () -- C:\Users\Eva-Maria\ntuser.dat.LOG1
[2009.08.12 17:41:40 | 000,065,536 | -HS- | C] () -- C:\Users\Eva-Maria\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2009.08.12 17:41:40 | 000,000,020 | -HS- | C] () -- C:\Users\Eva-Maria\ntuser.ini
[2009.08.12 17:41:40 | 000,000,000 | -H-- | C] () -- C:\Users\Eva-Maria\ntuser.dat.LOG2
[2009.07.21 10:16:20 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2009.07.21 10:16:20 | 000,011,264 | ---- | C] () -- C:\Windows\System32\atimuixx.dll
[2009.07.21 01:52:22 | 000,000,033 | ---- | C] () -- C:\Windows\LaunApp.ini
[2009.07.21 01:44:57 | 000,000,036 | ---- | C] () -- C:\Windows\PidList.ini
[2009.07.21 01:44:56 | 000,626,688 | ---- | C] () -- C:\Windows\Image.dll
[2009.04.26 15:05:36 | 000,521,608 | ---- | C] () -- C:\Users\Eva-Maria\vtks Deja Vu.ttf
[2009.03.12 12:32:52 | 000,000,028 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2009.03.12 05:26:46 | 000,004,516 | ---- | C] () -- C:\ProgramData\ArcadeDeluxe2.log
[2009.02.11 22:03:58 | 000,872,448 | ---- | C] () -- C:\Windows\iconv.dll
[2009.02.11 22:03:58 | 000,743,424 | ---- | C] () -- C:\Windows\libxml2.dll
[2009.02.11 22:03:57 | 000,000,060 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2008.10.26 15:03:52 | 000,147,604 | ---- | C] () -- C:\Users\Eva-Maria\FPENSTRIAL.ttf
[2008.10.26 15:03:52 | 000,104,352 | ---- | C] () -- C:\Users\Eva-Maria\FPENSTRIAL.otf
[2007.10.25 18:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.12.10 07:56:24 | 000,047,272 | ---- | C] () -- C:\Users\Eva-Maria\FairyDustB.ttf
[2005.10.23 22:46:42 | 000,057,560 | ---- | C] () -- C:\Users\Eva-Maria\Anywhere.ttf
[2005.08.04 09:28:04 | 000,000,286 | ---- | C] () -- C:\Users\Eva-Maria\readme.txt
[2005.08.04 09:23:30 | 000,193,572 | ---- | C] () -- C:\Users\Eva-Maria\kiralynn__.ttf
[2005.05.11 03:39:36 | 000,085,808 | ---- | C] () -- C:\Users\Eva-Maria\MINUS___.TTF
[2005.03.04 19:40:38 | 000,039,648 | ---- | C] () -- C:\Users\Eva-Maria\konanur.ttf
[2004.10.27 20:24:44 | 000,034,788 | ---- | C] () -- C:\Users\Eva-Maria\Flat Earth Scribe.ttf
[2000.07.13 11:12:46 | 000,000,430 | ---- | C] () -- C:\Users\Eva-Maria\font info.txt
[1998.10.01 23:13:48 | 000,084,704 | ---- | C] () -- C:\Users\Eva-Maria\Kelt Caps Freehand.ttf

========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:3B3A35EC
< End of report >

laevalalala 15.04.2010 20:15
hm ich bin irgendwie zu dumm dafür, die anleitung von DrWeb anti virus hinzubekommen...aber es zeigt an dass anscheinend keine viren mehr vorhanden sind....

Chris4You 16.04.2010 06:43
Hi,

das sieht recht gut aus...
Macht der Rechner noch zicken?

Abschießend noch Prevx:
Prevx 3.0 for Home and Family
Falls das Tool was findet, nicht das Log posten sondern einen Screenshot des dann angezeigten Fensters...

chris

laevalalala 16.04.2010 13:36
neein bis jetzt ist alles super :) dankeschön!
sollte ich jetzt auf irgendetwas besonderes achten um nicht nochmal so ein virus zu bekommen? und die Programme (OTL etc) kann ich doch jetzt auch wieder löschen oder? (wegen arbeitsspeicher...)

laevalalala 16.04.2010 14:03
Liste der Anhänge anzeigen (Anzahl: 1)
hat doch noch was gefunden

Chris4You 16.04.2010 20:07
Hi,

sollte nich schlimm sein, da im Downloadbereich (und läuft hoffentlich damit nicht). Weiterhin neigt Prevx auch gerne zu Fehlalamen, daher lass die Datei bei virustotal.com prüfen und poste das Ergebnis... ggf. löschem wir sie dann per Hand...

chris

laevalalala 16.04.2010 23:02
okayy vielen dank :)



Antivirus Version letzte aktualisierung Ergebnis
a-squared 4.5.0.50 2010.02.17 -
AhnLab-V3 5.0.0.2 2010.02.17 -
AntiVir 8.2.1.170 2010.02.17 -
Antiy-AVL 2.0.3.7 2010.02.17 -
Authentium 5.2.0.5 2010.02.17 -
Avast 4.8.1351.0 2010.02.17 -
AVG 9.0.0.730 2010.02.17 -
BitDefender 7.2 2010.02.17 -
CAT-QuickHeal 10.00 2010.02.17 -
ClamAV 0.96.0.0-git 2010.02.17 -
Comodo 3972 2010.02.17 -
DrWeb 5.0.1.12222 2010.02.17 -
eSafe 7.0.17.0 2010.02.17 -
eTrust-Vet 35.2.7309 2010.02.17 -
F-Prot 4.5.1.85 2010.02.17 -
F-Secure 9.0.15370.0 2010.02.17 -
Fortinet 4.0.14.0 2010.02.15 -
GData 19 2010.02.17 -
Ikarus T3.1.1.80.0 2010.02.17 -
Jiangmin 13.0.900 2010.02.17 -
K7AntiVirus 7.10.976 2010.02.17 -
Kaspersky 7.0.0.125 2010.02.17 -
McAfee 5895 2010.02.17 -
McAfee+Artemis 5895 2010.02.17 -
McAfee-GW-Edition 6.8.5 2010.02.17 -
Microsoft 1.5406 2010.02.17 -
NOD32 4875 2010.02.17 -
Norman 6.04.08 2010.02.17 -
nProtect 2009.1.8.0 2010.02.17 -
Panda 10.0.2.2 2010.02.17 -
PCTools 7.0.3.5 2010.02.17 -
Prevx 3.0 2010.02.17 Medium Risk Malware
Rising 22.34.01.03 2010.02.11 -
Sophos 4.50.0 2010.02.17 -
Sunbelt 5683 2010.02.17 -
Symantec 20091.2.0.41 2010.02.17 -
TheHacker 6.5.1.4.197 2010.02.17 -
TrendMicro 9.120.0.1004 2010.02.17 -
VBA32 3.12.12.2 2010.02.16 -
ViRobot 2010.2.17.2190 2010.02.17 -
VirusBuster 5.0.21.0 2010.02.17 -
weitere Informationen
File size: 2939432 bytes
MD5 : 1a7f52da1b2ae65bd6fd36972c5a066c
SHA1 : a4822a0295977e8631d016c9c4c3de3ff4314319
SHA256: c76b1bfe95b2926bc98277c18365642c051d8b99059ea0797b6f1558c0628dd1
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x30F1
timedatestamp.....: 0x494CE7E5 (Sat Dec 20 13:41:09 2008)
machinetype.......: 0x14C (Intel I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x5C3C 0x5E00 6.44 ca314b02a65f7cd556e9938ef6148f5e
.rdata 0x7000 0x129C 0x1400 5.05 165e3e874dc59c8a96748c6f4d0f4207
.data 0x9000 0x25C58 0x400 4.80 28b2755506618890839c0d0306912643
.ndata 0x2F000 0xB000 0x0 0.00 d41d8cd98f00b204e9800998ecf8427e
.rsrc 0x3A000 0x55E0 0x5600 6.10 30c3310cce09b57f32bf084b95b68af1

( 8 imports )

> advapi32.dll: RegQueryValueExA, RegSetValueExA, RegEnumKeyA, RegEnumValueA, RegOpenKeyExA, RegDeleteKeyA, RegDeleteValueA, RegCloseKey, RegCreateKeyExA
> comctl32.dll: ImageList_AddMasked, ImageList_Destroy, -, ImageList_Create
> gdi32.dll: SetBkColor, GetDeviceCaps, DeleteObject, CreateBrushIndirect, CreateFontIndirectA, SetBkMode, SetTextColor, SelectObject
> kernel32.dll: CompareFileTime, SearchPathA, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, GetLastError, CreateDirectoryA, SetFileAttributesA, Sleep, GetTickCount, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, GetWindowsDirectoryA, SetFileTime, GetCommandLineA, SetErrorMode, LoadLibraryA, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, lstrlenA, lstrcatA, GetSystemDirectoryA, GetVersion, CloseHandle, lstrcmpiA, lstrcmpA, ExpandEnvironmentStringsA, GlobalFree, GlobalAlloc, WaitForSingleObject, GetExitCodeProcess, GetModuleHandleA, LoadLibraryExA, GetProcAddress, FreeLibrary, MultiByteToWideChar, WritePrivateProfileStringA, GetPrivateProfileStringA, WriteFile, ReadFile, MulDiv, SetFilePointer, FindClose, FindNextFileA, FindFirstFileA, DeleteFileA, GetTempPathA
> ole32.dll: CoTaskMemFree, OleInitialize, OleUninitialize, CoCreateInstance
> shell32.dll: SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, ShellExecuteA, SHFileOperationA, SHGetSpecialFolderLocation
> user32.dll: EndDialog, ScreenToClient, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongA, SetCursor, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, DestroyWindow, CreateDialogParamA, SetTimer, SetWindowTextA, PostQuitMessage, SetForegroundWindow, wsprintfA, SendMessageTimeoutA, FindWindowExA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, OpenClipboard, ExitWindowsEx, IsWindow, GetDlgItem, SetWindowLongA, LoadImageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, EndPaint, ShowWindow
> version.dll: GetFileVersionInfoSizeA, GetFileVersionInfoA, VerQueryValueA

( 0 exports )
TrID : File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
ssdeep: 49152:rDDOsxp/X+6QwzR1j9hyM2ZBMk0mERDaAHRgp1x/Va621c0gQNQrFQGM00FJs/QI:rDDnP/uMR19hyM2nML2AHRgpP/D8ceN+
sigcheck: publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: MyHeritage Ltd.
Thawte Code Signing CA
Thawte Premium Server CA
signing date.: 9:05 AM 9/15/2009
verified.....: -
Prevx Info: hxxp://info.prevx.com/aboutprogramtext.asp?PX5=B77195DD28115E0ADACC2CA8F6E4EE00FA7107AF
PEiD : -
packers (Kaspersky): PE_Patch.UPX, UPX, PE_Patch.UPX, UPX, PE_Patch.UPX, UPX
packers (F-Prot): NSIS, UPX, UTF-8
packers (Authentium): NSIS
RDS : NSRL Reference Data Set
-

Chris4You 17.04.2010 13:20
Hi,

ich denke das ist ein Fehlalarm, wenn Du die Datein nicht brauchst löschen...

chris


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:03 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19