Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Trojaner beim Online-Banking (https://www.trojaner-board.de/89459-trojaner-beim-online-banking.html)

Alke_1981 13.08.2010 20:20
Trojaner beim Online-Banking
 
Hallo ihr fleißigen Helfer!

Ich bin dann wohl die nächste, die Bekanntschaft mit einem Trojaner gemacht hat. Aufgefallen ist mir in den letzten Tagen schon, dass der Seitenaufbau in Firefox sehr langsam ist und z.B. Youtube-Videos gar nicht mehr geladen werden konnten. AntiVir und diverse Online-Viren-Scanner haben jedoch nichts gefunden. Nach langer erfolgloser Internetrecherche habe ich mir dann den Browser Opera runtergeladen. Mit dem lief alles wieder problemlos. Auf den Trojaner aufmerksam geworden bin ich, als ich mich über Firefox fürs Online-Banking anmelden wollte und ich alle meine ITANS eingeben sollte. Den Zugang habe ich mittlerweile gesperrt.

Hab schon ein bisschen vorgearbeitet (und hoffe alles richtig gemacht zu haben). Im CCleaner alle Dateien gelöscht und alle Fehler behoben.

Hier die Malewarebytes-Log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4425

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

13.08.2010 20:08:11
mbam-log-2010-08-13 (20-08-11).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 133271
Laufzeit: 10 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\ProgramData\Firefox Setup 3.6.8.exe (Trojan.Swizzor) -> Quarantined and deleted successfully.
C:\ProgramData\Thunderbird Setup 3.1.2.exe (Trojan.Swizzor) -> Quarantined and deleted successfully.

Und die RSTI info und log als Dateianhang.


Vielen Dank schon mal fürs Angucken.

LG Alke

Larusso 13.08.2010 20:45
:hallo:

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.
  • Bitte arbeite alle Schritte der Reihe nach ab.
  • Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
  • Bitte kein Crossposting ( posten in mehreren Foren).
  • Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
  • Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
  • Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Alke_1981 13.08.2010 21:38
Hallo Daniel,

vielen Dank für die schnelle Antwort.

Hier die OLT.txt:

OTL Logfile:
Code:
OTL logfile created on: 13.08.2010 21:57:12 - Run 1
OTL by OldTimer - Version 3.2.9.1    Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 109,88 Gb Total Space | 72,34 Gb Free Space | 65,84% Space Free | Partition Type: NTFS
Drive D: | 110,00 Gb Total Space | 21,33 Gb Free Space | 19,39% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***-PC
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010.08.13 21:50:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2010.08.12 14:38:57 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.02 10:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 09:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.10.14 14:32:46 | 009,085,760 | ---- | M] (Western Digital) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe
PRC - [2009.10.14 14:32:46 | 002,049,344 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
PRC - [2009.10.14 14:31:02 | 000,098,304 | ---- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
PRC - [2009.06.16 09:58:08 | 000,020,480 | ---- | M] (Memeo) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.04.17 04:50:00 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.08.13 21:50:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
MOD - [2009.04.11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008.01.21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - File not found [Auto | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2010.08.12 14:38:57 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.24 09:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.10.14 14:31:02 | 000,098,304 | ---- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe -- (WDDMService)
SRV - [2009.09.25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.06.16 09:58:08 | 000,020,480 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe -- (WDSmartWareBackgroundService)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\VMC326.sys -- (VMC326)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\VMC302.sys -- (VMC302)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010.03.01 09:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.12.17 16:02:20 | 001,203,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.11 06:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2009.02.13 12:02:52 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008.08.05 05:02:22 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008.08.05 05:02:22 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2008.07.22 08:33:02 | 000,319,000 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008.04.17 09:31:00 | 002,098,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.01.21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2008.01.21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007.12.28 03:51:00 | 000,298,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007.10.26 07:39:08 | 000,193,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007.05.23 10:13:10 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 09:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy1.ewetel.net:8080
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.11 17:56:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.12 23:48:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird 3 Beta 2\components
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird 3 Beta 2\plugins [2010.08.11 17:50:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.08.11 17:18:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.08.12 17:07:02 | 000,000,000 | ---D | M]
 
[2010.08.12 18:20:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.08.12 18:20:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.08.12 17:28:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ag6sai08.default\extensions
[2010.02.12 22:32:35 | 000,000,261 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\ag6sai08.default\searchplugins\Search.xml
[2010.08.12 23:43:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.08.12 23:43:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.08.12 23:42:43 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.07.23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{ED0B4B8D-3966-B24A-F69A-984CA48C147A}] C:\Users\***\AppData\Roaming\Sium\opun.exe (fudur)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{60b801ca-a6d6-11df-bb07-001377985cdf}\Shell - "" = AutoRun
O33 - MountPoints2\{60b801ca-a6d6-11df-bb07-001377985cdf}\Shell\AutoRun\command - "" = H:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: VIDC.IYUV - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: VIDC.UYVY - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YUY2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVU9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YVYU - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.08.13 21:50:36 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.08.13 20:18:16 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.08.13 20:18:15 | 000,000,000 | ---D | C] -- C:\rsit
[2010.08.13 19:55:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010.08.13 19:54:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.13 19:54:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.13 19:54:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.08.13 19:54:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.13 19:17:16 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Simply Super Software
[2010.08.13 19:17:05 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2010.08.13 19:07:37 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2010.08.13 18:53:31 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2010.08.13 16:32:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Western_Digital
[2010.08.13 16:29:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Western Digital
[2010.08.13 16:28:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Western Digital
[2010.08.13 16:27:47 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2010.08.13 16:27:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Western Digital
[2010.08.13 00:30:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Opera
[2010.08.13 00:30:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Opera
[2010.08.13 00:30:31 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2010.08.12 23:39:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2010.08.12 23:24:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Uniblue
[2010.08.12 19:26:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\NetSpeedMonitor
[2010.08.12 14:40:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira
[2010.08.12 14:37:04 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010.08.12 14:37:03 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.08.12 14:37:03 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.08.12 14:37:03 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.08.12 14:37:03 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010.08.12 14:37:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.08.12 14:37:03 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010.08.12 01:00:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\QuickScan
[2010.08.11 22:49:34 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.08.11 20:10:49 | 016,299,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\ProgramData\jre-6u21-windows-i586-s.exe
[2010.08.11 19:55:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010.08.11 19:53:52 | 000,875,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\ProgramData\jre-6u21-windows-i586-iftw-rv.exe
[2010.08.11 17:50:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010.08.11 17:50:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010.08.11 17:49:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010.08.11 17:49:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010.08.11 17:49:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010.08.11 17:41:02 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2010.08.11 17:40:54 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2010.08.11 17:40:27 | 000,000,000 | ---D | C] -- C:\Program Files\readmes
[2010.08.11 17:40:26 | 000,000,000 | ---D | C] -- C:\Program Files\redist
[2010.08.11 17:40:26 | 000,000,000 | ---D | C] -- C:\Program Files\licenses
[2010.08.11 17:38:30 | 000,000,000 | ---D | C] -- C:\Program Files\Mp3tag
[2010.08.11 17:33:54 | 000,000,000 | ---D | C] -- C:\Program Files\ElsterFormular
[2010.08.11 17:33:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010.08.11 17:29:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird 3 Beta 2
[2010.08.11 17:29:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2010.08.11 17:29:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010.08.11 17:18:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2010.08.11 16:54:16 | 000,000,000 | R--D | C] -- C:\Users\***\Documents\Notes
[2010.08.11 16:34:26 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010.08.11 16:34:19 | 000,000,000 | ---D | C] -- C:\Program Files\softonic-de3
[2010.08.11 16:33:52 | 000,000,000 | ---D | C] -- C:\ProgramData\VistaCodecs
[2010.08.08 15:45:47 | 000,241,664 | ---- | C] (TODO: <Company name>) -- C:\Windows\System32\TFTPClientAX.dll
[2010.06.05 12:17:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010.06.05 12:17:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010.06.05 12:17:28 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[9 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 90 Days ==========
 
[2010.08.13 21:56:31 | 003,145,728 | -HS- | M] () -- C:\Users\***\NTUSER.DAT
[2010.08.13 21:56:01 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EDBA682A-4CCF-4440-A406-FC63B1CDC3AF}.job
[2010.08.13 21:50:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\****\Desktop\OTL.exe
[2010.08.13 20:21:32 | 000,033,206 | ---- | M] () -- C:\Users\***\Desktop\Info editor.odt
[2010.08.13 20:19:15 | 001,602,126 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.13 20:19:15 | 000,689,604 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.13 20:19:15 | 000,645,990 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.13 20:19:15 | 000,151,372 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.13 20:19:15 | 000,122,818 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.13 20:16:58 | 000,339,991 | ---- | M] () -- C:\Users\***\Desktop\RSIT.exe
[2010.08.13 20:12:53 | 000,000,438 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2010.08.13 20:12:32 | 000,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.13 20:12:32 | 000,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.13 20:12:31 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\SupBackGroundTask.job
[2010.08.13 20:12:29 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.13 20:12:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.13 20:11:31 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.08.13 20:11:31 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.08.13 20:11:30 | 006,291,456 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db
[2010.08.13 20:10:06 | 000,015,156 | ---- | M] () -- C:\Users\***\Desktop\Malwarebytes.odt
[2010.08.13 19:54:43 | 000,000,778 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.13 18:19:17 | 000,085,504 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.13 17:38:05 | 000,307,122 | ---- | M] () -- C:\Users\***\Desktop\auftragsbestaetigung.pdf
[2010.08.13 16:28:30 | 000,001,242 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk
[2010.08.13 16:28:30 | 000,001,181 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
[2010.08.13 00:30:37 | 000,000,674 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2010.08.12 14:37:09 | 000,001,807 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.08.12 02:12:13 | 000,105,816 | ---- | M] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.08.12 02:11:54 | 000,394,480 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.12 02:08:15 | 000,000,219 | ---- | M] () -- C:\Windows\win.ini
[2010.08.11 22:49:35 | 000,000,764 | ---- | M] () -- C:\Users\***\Desktop\CCleaner.lnk
[2010.08.11 17:56:57 | 000,001,684 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.08.11 17:52:52 | 000,000,839 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2010.08.11 17:42:32 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2010.08.11 17:38:32 | 000,000,736 | ---- | M] () -- C:\Users\Public\Desktop\Mp3tag.lnk
[2010.08.11 17:18:07 | 000,001,750 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2010.08.08 16:06:07 | 000,001,705 | ---- | M] () -- C:\Windows\ST6UNST.002
[2010.08.08 16:02:59 | 000,000,724 | ---- | M] () -- C:\Windows\ST6UNST.001
[2010.08.08 15:45:47 | 000,000,724 | ---- | M] () -- C:\Windows\ST6UNST.000
[2010.08.08 14:22:10 | 000,000,275 | ---- | M] () -- C:\WirelessDiagLog.csv
[2010.07.01 21:22:09 | 000,003,354 | ---- | M] () -- C:\Windows\System32\dmlg.dat
[2010.06.25 19:48:35 | 000,016,653 | ---- | M] () -- C:\Users\***\Desktop\WM 2010.odt
[2010.06.23 12:35:52 | 000,059,392 | ---- | M] () -- C:\Windows\System32\xvid.ax
[2010.06.12 14:44:41 | 167,555,440 | ---- | M] () -- C:\Users\***\Desktop\OOo_3.2.0_Win32Intel_install_wJRE_de.exe
[9 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.08.13 20:21:30 | 000,033,206 | ---- | C] () -- C:\Users\***\Desktop\Info editor.odt
[2010.08.13 20:16:58 | 000,339,991 | ---- | C] () -- C:\Users\***\Desktop\RSIT.exe
[2010.08.13 20:10:03 | 000,015,156 | ---- | C] () -- C:\Users\***\Desktop\Malwarebytes.odt
[2010.08.13 19:54:43 | 000,000,778 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.13 17:38:04 | 000,307,122 | ---- | C] () -- C:\Users\***\Desktop\auftragsbestaetigung.pdf
[2010.08.13 16:28:30 | 000,001,242 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDSmartWare.lnk
[2010.08.13 16:28:30 | 000,001,181 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WDDMStatus.lnk
[2010.08.13 00:30:37 | 000,000,674 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2010.08.12 19:52:47 | 000,000,436 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{EDBA682A-4CCF-4440-A406-FC63B1CDC3AF}.job
[2010.08.12 14:37:09 | 000,001,807 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.08.11 22:49:35 | 000,000,764 | ---- | C] () -- C:\Users\***\Desktop\CCleaner.lnk
[2010.08.11 17:56:57 | 000,001,684 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.08.11 17:52:52 | 000,000,839 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2010.08.11 17:42:32 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2010.08.11 17:38:32 | 000,000,736 | ---- | C] () -- C:\Users\Public\Desktop\Mp3tag.lnk
[2010.08.11 17:18:07 | 000,001,750 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2010.08.11 16:45:37 | 000,153,088 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2010.08.08 16:06:06 | 000,001,705 | ---- | C] () -- C:\Windows\ST6UNST.002
[2010.08.08 16:02:49 | 000,000,724 | ---- | C] () -- C:\Windows\ST6UNST.001
[2010.08.08 15:45:39 | 000,000,724 | ---- | C] () -- C:\Windows\ST6UNST.000
[2010.06.23 12:35:52 | 000,059,392 | ---- | C] () -- C:\Windows\System32\xvid.ax
[2010.06.12 22:37:11 | 000,016,653 | ---- | C] () -- C:\Users\***\Desktop\WM 2010.odt
[2010.06.12 14:32:59 | 167,555,440 | ---- | C] () -- C:\Users\***\Desktop\OOo_3.2.0_Win32Intel_install_wJRE_de.exe
[2009.09.24 23:19:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.02.06 18:30:00 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2009.01.02 08:26:25 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2009.01.02 08:26:25 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2009.01.02 08:18:07 | 000,004,860 | ---- | C] () -- C:\Windows\HotFixList.ini
[2009.01.02 07:51:14 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009.01.02 07:51:04 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1540.dll
[2008.09.12 15:21:02 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001.11.14 05:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
 
========== LOP Check ==========
 
[2009.09.15 20:08:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2010.03.13 16:29:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular
[2010.08.13 17:23:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Fegy
[2009.09.29 19:04:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag
[2010.08.13 18:21:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NetSpeedMonitor
[2009.05.20 22:58:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2010.08.13 00:30:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2010.08.12 01:00:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QuickScan
[2009.07.22 02:54:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sium
[2009.04.01 19:43:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2010.08.12 23:24:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Uniblue
[2010.08.13 16:29:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Western Digital
[2010.08.13 20:11:39 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.08.13 20:12:31 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\SupBackGroundTask.job
[2010.08.13 21:56:01 | 000,000,436 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{EDBA682A-4CCF-4440-A406-FC63B1CDC3AF}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< Code: >
 
< --------- >
 
< %SYSTEMDRIVE%\*.* >
[2006.09.18 23:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2009.04.11 08:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008.02.08 11:31:21 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2006.09.18 23:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2009.01.05 10:14:13 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009.01.05 10:14:13 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010.08.13 20:12:17 | 3493,724,160 | -HS- | M] () -- C:\pagefile.sys
[2009.01.02 08:17:35 | 000,000,366 | ---- | M] () -- C:\RHDSetup.log
[2009.01.02 09:12:17 | 000,000,185 | ---- | M] () -- C:\Setup.log
[2009.07.02 21:30:36 | 000,006,656 | ---- | M] () -- C:\Signatur.doc
[2009.07.02 21:28:19 | 000,008,799 | ---- | M] () -- C:\Signatur.odt
[2010.08.08 14:22:10 | 000,000,275 | ---- | M] () -- C:\WirelessDiagLog.csv
 
< %systemroot%\system32\*.wt >
 
< %systemroot%\system32\*.ruy >
 
< %systemroot%\Fonts\*.com >
[2006.11.02 14:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006.11.02 14:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006.11.02 14:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009.09.25 15:43:01 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2006.09.18 23:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006.11.02 14:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.scr >
[2007.02.26 09:49:10 | 001,744,896 | ---- | M] (TopThinks, INC.) -- C:\Windows\imagine digital freedom.scr
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2010.02.02 21:18:10 | 146,492,804 | ---- | M] () -- C:\Program Files\openofficeorg1.cab
[2010.02.02 21:18:14 | 010,182,144 | ---- | M] () -- C:\Program Files\openofficeorg32.msi
[2010.02.02 21:19:20 | 000,453,024 | ---- | M] () -- C:\Program Files\setup.exe
[2010.02.02 01:28:52 | 000,000,290 | ---- | M] () -- C:\Program Files\setup.ini
[2002.07.26 17:02:06 | 000,153,088 | ---- | M] () -- C:\Program Files\UNWISE.EXE
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.04.11 08:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009.04.11 08:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
[9 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\user32.dll /md5 >
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[9 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2008.01.21 04:24:48 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
[9 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %systemroot%\system32\ws2help.dll /md5 >
[2006.11.02 11:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll
[9 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-08-13 17:24:38
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:C69EAC3C
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:CB0AACC9
< End of report >
--- --- ---

Alke_1981 13.08.2010 21:39
Und hier die Extra.txt:

OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 13.08.2010 21:57:12 - Run 1
OTL by OldTimer - Version 3.2.9.1    Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 80,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 109,88 Gb Total Space | 72,34 Gb Free Space | 65,84% Space Free | Partition Type: NTFS
Drive D: | 110,00 Gb Total Space | 21,33 Gb Free Space | 19,39% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***-PC
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07BD3F20-DB56-49C0-A7B0-18D9D82827DD}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{08782777-94B8-44E8-AA07-B1E4F0F4A474}" = rport=445 | protocol=6 | dir=out | app=system |
"{12AB104A-E938-404F-9B41-DD23CDDE9599}" = rport=139 | protocol=6 | dir=out | app=system |
"{199F7521-AE20-43BA-A96B-3D29B77476C0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{218D5C2A-200B-4B49-8792-577806C27074}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{23B711DB-B76E-4A86-9B36-B7B8E94A16D4}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5BB8CBA2-CFB3-445D-B255-8CF9EE2561F5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8215C804-CC01-4D49-8073-0D42F3AF207C}" = lport=139 | protocol=6 | dir=in | app=system |
"{8DC3E374-2DF0-45B0-968B-35C7A861AFB1}" = rport=137 | protocol=17 | dir=out | app=system |
"{91515D9A-CFC0-48B2-8D93-0E66375E8C5B}" = rport=138 | protocol=17 | dir=out | app=system |
"{9B9CA6AC-10B4-4B93-AE04-5058F56965B3}" = lport=137 | protocol=17 | dir=in | app=system |
"{9BB19E08-202B-44CE-9475-0EEF98816311}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A9FDE46D-1E7B-4AFB-B30F-DA5601DBBAD8}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{AA4E12F9-AAEF-4906-8ACD-2871ADB09E2B}" = lport=138 | protocol=17 | dir=in | app=system |
"{AD136373-DB6F-4EDD-A8A7-E69B7F28AAAE}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{AD202421-D9A7-4B6B-8A9E-0C623B14178E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B51E0C15-AD09-4CE0-8E05-8FF7F29335B5}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B82B9F2F-272D-4781-9490-A19737D489DE}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{BC5A22E5-8CEB-4CE8-8BA4-F4CDAAC59666}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C0193AE1-0B06-4036-8AED-0B7F19C5EDD7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{CD23C331-0758-4B9B-9222-424E49DDFBD1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D334A633-C792-423F-95D6-9D1C5EA6E1F3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E509645C-597E-414A-812F-2BC8FE6AAA3F}" = lport=445 | protocol=6 | dir=in | app=system |
"{E6A5FE31-6A8C-4441-B3A3-007DAC912474}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EFF36AD2-958C-4AE8-B504-CD3D3D9E8F56}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F8A1F9A0-9876-46E4-888A-CDE479C07836}" = rport=2869 | protocol=6 | dir=out | app=system |
"{FAB8703C-98E2-4E1E-9ECC-62281DB3953F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BD70B72-74EB-4A5B-B5E5-06E05F53C1DF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{471EFC2F-CC78-4131-8737-95E65D972510}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7CD8009F-B80D-46E7-A96A-4E30CEE7B37C}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{8CE50534-1F10-49A3-B44F-231FB163DF50}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8E889320-7E06-43B5-B0D4-F130FA8117F7}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{90FD9243-3C7E-4A22-A425-50C28B82C522}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{DB194223-34BF-490F-A76B-A1B7696C7970}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F385A3FA-E383-4D39-A7A7-3DFB18005856}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F4C4928D-C31C-4855-9183-0194B2F6647E}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F65F453C-F880-4F76-B59C-6B030919B1D3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{2DEB4D04-15E0-4C1A-B3C6-CBDBDB4FCEF0}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{3311B0BD-6866-4B0F-9A75-F2E206ADFB25}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{3CB0031C-AB47-49A3-BC34-AE27D878CDD5}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{4734DF1A-F33F-4AF1-AF0E-4B430CB3B898}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{53F8E3B9-551C-4AAB-A543-F334E65A4F72}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{59846B4E-0AD4-42E4-9F56-F0655B1DD8D5}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{7410E009-06E7-480B-A130-F3F394CD41AF}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{777DEF68-5966-4427-A47F-9222554D1AFE}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{812A4491-A461-49F3-BD86-E6D9A454B475}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{9C1F7D15-CC62-43FE-9FD6-805BB18843A5}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{D5263469-6A0B-419E-9714-24C0D63AA35C}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{E4C57F74-E567-483B-91FD-207F66269F24}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{EB42A284-0927-4952-A92C-8B01AF1560A4}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{10504BF8-AF6C-4542-83A4-E9AD3C63F5CB}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{40B54CD6-F3EA-4AC6-BC26-151B46476848}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{789F40A6-5742-4F26-BC29-4EF37EA68C67}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{7BF8A94F-80DC-490E-808C-F2F8161865A8}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{9BC9DA68-0154-4C79-9C60-0051A592AAD8}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{A7B5A3BE-E740-40B4-9413-D5230C401240}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{AF43D0B8-257A-44B9-B6A0-FF638AA428A0}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{B21C3C21-C61D-44AD-ADAD-D6E0328B41D6}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{C1F62B8B-99AD-4B0B-B53B-57C58488257C}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{CEC09594-CF95-4524-BAD8-3A9E81E4891B}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{EC5D1BE3-BE42-412B-A064-4A8C6C81439C}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{F0E88B13-D9BF-4DFB-9DF4-A39F0F070390}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{F951699B-5708-4F25-9DFD-279E65F1BAA7}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216018F0}" = Java(TM) 6 Update 18
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D482078-8D15-4FD3-B838-C7B49174650F}" = Opera 10.61
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}" = Samsung Update Plus
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{AED53CDF-1046-4C6B-B5E2-C195125ECDA0}" = Intel(R) PROSet/Wireless WiFi-Software
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{CD0DC280-2489-4464-A2FC-16104676394A}" = WD SmartWare
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"ElsterFormular 11.2.0.4074" = ElsterFormular
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}" = Samsung Update Plus
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mozilla Thunderbird (3.1.2)" = Mozilla Thunderbird (3.1.2)
"Mp3tag" = Mp3tag v2.46a
"PROHYBRIDR" = 2007 Microsoft Office system
"ProInst" = Intel PROSet Wireless
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 08.08.2010 10:05:15 | Computer Name = ***-PC | Source = RasClient | ID = 20227
Description =
 
Error - 08.08.2010 10:06:28 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm st6unst.exe, Version 6.0.97.82 arbeitet nicht mehr mit Windows
 zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen
 für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem
 zu suchen.  Prozess-ID: 1348  Anfangszeit: 01cb3702de4a6dda  Zeitpunkt der Beendigung:
 16
 
Error - 08.08.2010 10:28:08 | Computer Name = ***-PC | Source = RasClient | ID = 20227
Description =
 
Error - 08.08.2010 10:29:03 | Computer Name = ***-PC | Source = RasClient | ID = 20227
Description =
 
Error - 08.08.2010 10:30:40 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 08.08.2010 10:30:47 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 08.08.2010 10:30:48 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 08.08.2010 10:40:57 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 08.08.2010 10:41:05 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 08.08.2010 10:41:05 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
[ Media Center Events ]
Error - 30.03.2010 17:38:17 | Computer Name = ***-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 31.03.2010 19:02:49 | Computer Name = ***-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 01.04.2010 11:14:38 | Computer Name = ***-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 12.04.2010 16:52:52 | Computer Name = ***-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 17.04.2010 18:50:58 | Computer Name = ***-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 19.04.2010 16:47:27 | Computer Name = ***-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 20.04.2010 14:49:48 | Computer Name = ***-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 20.04.2010 18:06:07 | Computer Name = ***-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 22.04.2010 17:24:30 | Computer Name = ***-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 22.04.2010 17:24:37 | Computer Name = ***-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
[ System Events ]
Error - 13.08.2010 13:20:24 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 13.08.2010 13:21:53 | Computer Name = ***-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
 
Error - 13.08.2010 14:13:07 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 13.08.2010 14:13:07 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 13.08.2010 14:13:07 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 13.08.2010 14:13:07 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 13.08.2010 14:13:07 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 13.08.2010 14:13:07 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 13.08.2010 14:13:07 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 13.08.2010 14:14:10 | Computer Name = ***-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
 
 
< End of report >
--- --- ---


Lg Alke

Larusso 13.08.2010 21:55
Die **** in den Skripten sind zu editieren.


Schritt 1

Downloade Dir bitte ZipIt
  • Speichere die Datei auf dem Desktop
  • Starte die ZipIt2.exe mit Doppelklick
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun folgenden Text in das Skriptfeld von ZipIt.
    Code:
    C:\Users\***\AppData\Roaming\Sium\opun.exe
  • Klicke nun den Zip Button.
Du findest dann eine <Dein Benutzername>.zip Datei auf dem Desktop. Lade diese bitte hier hoch.
  • Klicke auf Durchsuchen. Navigiere zu der vorher erstellten .zip Datei.
  • Kopiere nun folgenden Link in die
    Link zum Thema im Forum Box
    Zitat:
    http://www.trojaner-board.de/89459-trojaner-beim-online-banking.html#post554676
  • Trage deinen Nicknamen ein und klicke Hochladen.

Teile mir mit wenn der Upload geklappt hat.


Schritt 2
Code:
:OTL
O4 - HKCU..\Run: [{ED0B4B8D-3966-B24A-F69A-984CA48C147A}] C:\Users\***\AppData\Roaming\Sium\opun.exe (fudur)
[2010.08.13 17:23:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Fegy
:services
:files
C:\Users\***\AppData\Roaming\Sium
:reg
:Commands
[purity]
[emptytemp]
[reboot]
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • Klick auf http://larusso.trojaner-board.de/Images/otlfix2.jpg.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


Schritt 3

Bitte
  • alle anderen Scanner gegen Viren, Spyware, usw. deaktivieren,
  • keine bestehende Verbindung zu einem Netzwerk/Internet (WLAN nicht vergessen),
  • nichts am Rechner arbeiten,
  • nach jedem Scan der Rechner neu gestarten.
Gmer scannen lassen
  • Lade Dir Gmer von dieser Seite herunter
    (auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
  • Alle anderen Programme sollen geschlossen sein.
  • Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
  • Vista und Win7 User mit Rechtsklick und als Administrator starten.
  • Entferne rechts den Haken bei:
    • IAT/EAT
    • Alle Festplatten ausser die Systemplatte (normalerweise ist nur C:\ angehackt)
    • Show all (sollte abgehackt sein)
  • Sollte sich ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Bitte poste in deiner nächsten Antwort
OTLFix Log
Gmer.txt

Alke_1981 13.08.2010 22:19
Hallo,

da klappt etwas nicht mit dem Erstellen der Zip-Datei:

Wenn ich das eingebe erscheint:

C:\Users\***\AppData\Roaming\Sium\opun.exe does not exist.

Hab die Sternchen durch meinen Namen ersetzt und auch mal mit C: Benutzer ausprobiert.

Eine Zip-Datei wird zwar erstellt, wenn ich die aufrufe sehe ich nur meine Desktopeinstellungen und hochladen wie beschrieben kann ich sie auch nicht.

Hast Du eine Ahnung was ich falsch mache?

Alke_1981 14.08.2010 11:36
Hallo,

Schritt 1 hat wie gesagt nicht funktioniert. Ich hab mit Schritt 2 weitergemacht (ich hoffe ich war nicht zu voreilig).


Hier die txt.datei:

Code:
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{ED0B4B8D-3966-B24A-F69A-984CA48C147A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ED0B4B8D-3966-B24A-F69A-984CA48C147A}\ not found.
File C:\Users\***\AppData\Roaming\Sium\opun.exe not found.
Folder C:\Users\***\AppData\Roaming\Fegy\ not found.
========== SERVICES/DRIVERS ==========
========== FILES ==========
File\Folder C:\Users\***\AppData\Roaming\Sium not found.
========== REGISTRY ==========
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: ***
->Temp folder emptied: 374558968 bytes
->Temporary Internet Files folder emptied: 186876 bytes
->Java cache emptied: 29626 bytes
->FireFox cache emptied: 36204360 bytes
->Opera cache emptied: 17239932 bytes
->Flash cache emptied: 1231 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 309916 bytes
RecycleBin emptied: 253175 bytes
 
Total Files Cleaned = 409,00 mb
 
 
OTL by OldTimer - Version 3.2.9.1 log created on 08142010_000911

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Schritt 3 folgt auch bald.

LG Alke

Alke_1981 14.08.2010 12:59
Hallo,

ich schon wieder (allerdings mit den ersten grauen Haaren).

Schritt 3 funktioniert auch nicht. Der Scan bricht immer an der gleichen Stellen ab. Bei: Device/HarddiskVolumeShadowCopy1

Ich gebs dann jetzt erstmal auf und warte auf neue Nachricht.

Lg Alke und schönes Wochenende

raman 14.08.2010 13:31
Du musst die "\***\" durch den Benutzernamen von deinem Benutzerkonto ersetzen, sonst funktioniert das nicht.... ;)

Alke_1981 14.08.2010 13:45
Hallo Ralf,

erstmal Danke für Deine Antwort. Bin zwar eine Frau, aber das hab sogar ich verstanden :D

Nein Spaß beiseite. Ich hab die *** durch meinen Benutzernamen ersetzt und es funktioniert nicht.

Lg Alke

Ok ich nehms zurück. Ich bin doch eindeutig ne Frau und scheinbar auch blond :-)
Mein Benutzername ist ohne Leerschritt dazwischen. Mache ich einen funktionierts. Mach mich dann nochmal an die Arbeit.

Danke Ralf für den Denkanstoss.

Alke_1981 14.08.2010 13:58
Hi,

juhu :alc: Schritt 1 Zip-Datei ist hochgeladen. Ich mach dann mal weiter.

Alke_1981 14.08.2010 14:06
Dann hier Schritt 2:

Code:
All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{ED0B4B8D-3966-B24A-F69A-984CA48C147A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ED0B4B8D-3966-B24A-F69A-984CA48C147A}\ not found.
C:\Users\***\AppData\Roaming\Sium\opun.exe moved successfully.
C:\Users\***\AppData\Roaming\Fegy folder moved successfully.
========== SERVICES/DRIVERS ==========
========== FILES ==========
C:\Users\***\AppData\Roaming\Sium folder moved successfully.
========== REGISTRY ==========
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: ***
->Temp folder emptied: 88296 bytes
->Temporary Internet Files folder emptied: 32969 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 2805305 bytes
->Opera cache emptied: 15570284 bytes
->Flash cache emptied: 803 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1409710 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 19,00 mb
 
 
OTL by OldTimer - Version 3.2.9.1 log created on 08142010_150123

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
Ich hoffe das stimmt jetzt. Sind für mich alles Böhmische Dörfer.

Lg Alke

markusg 14.08.2010 14:34
hi, kannst du den upload noch mal versuchen, datei wird hier als fehlend angezeigt, warum auch immer.

Alke_1981 14.08.2010 15:18
Hi,

langsam zweifel ich echt an meinem Verstand. Hatte die zip-Datei erstellt und blöderweise schon wieder gelöscht. Wenn ich sie jetzt wieder erstellen will. Geht es wieder nicht.

Ich müsste die Datei doch auch eigentlich wenn ich über den Explorer unter C:/Benutzer/***/AppData usw. doch auch eigentlich sehen können. Oder? Da ist aber nichts.

Verzweifelte Grüße
Alke

markusg 14.08.2010 15:45
@larusso bin gleich wieder verschwunden hier.
@Alke_1981 *
öffne arbeitsplatz, c: dort _OTL
dann rechtsklick auf moved files. wähle zu movedfiles.rar oder zip hinzufügen.
das archiv welches du in _OTL findest lädst du dann hoch und löschst es noch nicht. will erst sehen obs klappt.
oder du lädst es bei
File-Upload.net
hoch und sendest mir den download link als private nachicht.

Alke_1981 14.08.2010 15:54
Hi Markus,

hast eine PN.

markusg 14.08.2010 16:10
jo hat geklappt, danke.

Alke_1981 14.08.2010 16:47
Hallo Daniel,

hier nun endlich Schritt 3.

GMER Logfile:
Code:
GMER 1.0.15.15281 - h**p://www.gmer.net
Rootkit scan 2010-08-14 17:43:29
Windows 6.0.6002 Service Pack 2
Running: pxyfv7if.exe; Driver: C:\Users\***AppData\Local\Temp\awtoauoc.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0  Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1  Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
--- --- ---


Warte dann auf weitere Anweisungen.

Lg Alke

Larusso 14.08.2010 23:51
Starte bitte OTL und drücke den Quickscan button. Poste mir bitte die Logfile

Alke_1981 15.08.2010 00:07
Hi,

hier der gewünschte Logfile.

OTL Logfile:
Code:
OTL logfile created on: 15.08.2010 00:55:28 - Run 2
OTL by OldTimer - Version 3.2.9.1    Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 65,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 109,88 Gb Total Space | 69,60 Gb Free Space | 63,34% Space Free | Partition Type: NTFS
Drive D: | 110,00 Gb Total Space | 21,33 Gb Free Space | 19,39% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***-PC
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010.08.14 17:50:25 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.08.13 21:50:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2010.08.09 15:27:06 | 000,836,464 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2010.08.03 15:33:41 | 012,746,928 | ---- | M] (Mozilla Messaging) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2010.03.02 10:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 09:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.04.17 04:50:00 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.08.13 21:50:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
MOD - [2009.04.11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008.01.21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - File not found [Auto | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2010.08.14 17:50:25 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.24 09:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.09.25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\wdcsam.sys -- (WDC_SAM)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\VMC326.sys -- (VMC326)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\VMC302.sys -- (VMC302)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010.03.01 09:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.12.17 16:02:20 | 001,203,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.11 06:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2008.08.05 05:02:22 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008.08.05 05:02:22 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2008.07.22 08:33:02 | 000,319,000 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008.04.17 09:31:00 | 002,098,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.01.21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2008.01.21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007.12.28 03:51:00 | 000,298,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007.10.26 07:39:08 | 000,193,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007.05.23 10:13:10 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 09:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p:\\www.samsungcomputer.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://search.conduit.com?SearchSource=10&ctid=CT2431245
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy1.ewetel.net:8080
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.11 17:56:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.12 23:48:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird 3 Beta 2\components
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird 3 Beta 2\plugins [2010.08.11 17:50:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.08.11 17:18:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.08.12 17:07:02 | 000,000,000 | ---D | M]
 
[2010.08.12 18:20:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.08.12 18:20:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.08.12 17:28:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ag6sai08.default\extensions
[2010.02.12 22:32:35 | 000,000,261 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\ag6sai08.default\searchplugins\Search.xml
[2010.08.12 23:43:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.08.12 23:43:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.08.12 23:42:43 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.07.23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{ED0B4B8D-3966-B24A-F69A-984CA48C147A}] C:\Users\***\AppData\Roaming\Sium\opun.exe File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} h**p://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} h**p://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} h**p://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} h**p://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{60b801ca-a6d6-11df-bb07-001377985cdf}\Shell - "" = AutoRun
O33 - MountPoints2\{60b801ca-a6d6-11df-bb07-001377985cdf}\Shell\AutoRun\command - "" = H:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.08.14 17:48:25 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010.08.14 17:48:24 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.08.14 17:48:24 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.08.14 17:48:24 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.08.14 17:48:24 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010.08.14 17:48:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.08.14 17:48:24 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010.08.14 12:56:54 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.08.14 00:09:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.08.13 23:49:58 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Neuer Ordner
[2010.08.13 23:02:10 | 000,072,704 | ---- | C] (GravityGripp) -- C:\Users\***\Desktop\ZipIt2.exe
[2010.08.13 21:50:36 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.08.13 20:18:16 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.08.13 20:18:15 | 000,000,000 | ---D | C] -- C:\rsit
[2010.08.13 19:55:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010.08.13 19:54:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.13 19:54:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.13 19:54:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.08.13 19:54:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.13 19:17:16 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Simply Super Software
[2010.08.13 19:17:05 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2010.08.13 19:07:37 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2010.08.13 16:29:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Western Digital
[2010.08.13 16:28:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Western Digital
[2010.08.13 16:27:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Western Digital
[2010.08.13 00:30:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Opera
[2010.08.13 00:30:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Opera
[2010.08.13 00:30:31 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2010.08.12 23:39:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2010.08.12 23:24:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Uniblue
[2010.08.12 19:26:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\NetSpeedMonitor
[2010.08.12 01:00:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\QuickScan
[2010.08.11 22:49:34 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.08.11 20:10:49 | 016,299,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\ProgramData\jre-6u21-windows-i586-s.exe
[2010.08.11 19:55:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010.08.11 19:53:52 | 000,875,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\ProgramData\jre-6u21-windows-i586-iftw-rv.exe
[2010.08.11 17:50:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010.08.11 17:50:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010.08.11 17:49:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010.08.11 17:49:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010.08.11 17:49:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010.08.11 17:41:02 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2010.08.11 17:40:54 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2010.08.11 17:40:27 | 000,000,000 | ---D | C] -- C:\Program Files\readmes
[2010.08.11 17:40:26 | 000,000,000 | ---D | C] -- C:\Program Files\redist
[2010.08.11 17:40:26 | 000,000,000 | ---D | C] -- C:\Program Files\licenses
[2010.08.11 17:38:30 | 000,000,000 | ---D | C] -- C:\Program Files\Mp3tag
[2010.08.11 17:33:54 | 000,000,000 | ---D | C] -- C:\Program Files\ElsterFormular
[2010.08.11 17:33:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010.08.11 17:29:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird 3 Beta 2
[2010.08.11 17:29:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2010.08.11 17:29:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010.08.11 17:18:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2010.08.11 16:54:16 | 000,000,000 | R--D | C] -- C:\Users\***\Documents\Notes
[2010.08.11 16:34:26 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010.08.11 16:34:19 | 000,000,000 | ---D | C] -- C:\Program Files\softonic-de3
[2010.08.11 16:33:52 | 000,000,000 | ---D | C] -- C:\ProgramData\VistaCodecs
[2010.08.08 15:45:47 | 000,241,664 | ---- | C] (TODO: <Company name>) -- C:\Windows\System32\TFTPClientAX.dll
[2010.06.05 12:17:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010.06.05 12:17:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010.06.05 12:17:28 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
 
========== Files - Modified Within 90 Days ==========
 
[2010.08.15 00:55:29 | 003,145,728 | -HS- | M] () -- C:\Users\***\NTUSER.DAT
[2010.08.15 00:50:22 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EDBA682A-4CCF-4440-A406-FC63B1CDC3AF}.job
[2010.08.15 00:33:15 | 000,000,438 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2010.08.15 00:33:07 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\SupBackGroundTask.job
[2010.08.15 00:33:05 | 000,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.15 00:33:05 | 000,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.15 00:32:58 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.15 00:32:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.14 19:35:12 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.08.14 19:35:12 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.08.14 19:35:09 | 003,087,722 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db
[2010.08.14 17:48:31 | 000,001,807 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.08.14 16:49:45 | 000,134,966 | ---- | M] () -- C:\Users\***\Desktop\MovedFiles.rar
[2010.08.14 16:20:09 | 000,000,022 | ---- | M] () -- C:\Users\***\Desktop\***.zip
[2010.08.14 13:39:08 | 000,293,376 | ---- | M] () -- C:\Users\***\Desktop\pxyfv7if.exe
[2010.08.14 13:19:51 | 001,602,126 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.14 13:19:51 | 000,689,604 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.14 13:19:51 | 000,645,990 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.14 13:19:51 | 000,151,372 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.14 13:19:51 | 000,122,818 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.14 12:40:15 | 000,293,376 | ---- | M] () -- C:\Users\***\Desktop\3g8jx9mx.exe
[2010.08.13 23:02:10 | 000,072,704 | ---- | M] (GravityGripp) -- C:\Users\***\Desktop\ZipIt2.exe
[2010.08.13 21:50:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.08.13 20:16:58 | 000,339,991 | ---- | M] () -- C:\Users\***\Desktop\RSIT.exe
[2010.08.13 19:54:43 | 000,000,778 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.13 18:19:17 | 000,085,504 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.13 17:38:05 | 000,307,122 | ---- | M] () -- C:\Users\***\Desktop\auftragsbestaetigung.pdf
[2010.08.13 00:30:37 | 000,000,674 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2010.08.12 02:12:13 | 000,105,816 | ---- | M] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.08.12 02:11:54 | 000,394,480 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.12 02:08:15 | 000,000,219 | ---- | M] () -- C:\Windows\win.ini
[2010.08.11 22:49:35 | 000,000,764 | ---- | M] () -- C:\Users\***\Desktop\CCleaner.lnk
[2010.08.11 17:56:57 | 000,001,684 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.08.11 17:52:52 | 000,000,839 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2010.08.11 17:42:32 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2010.08.11 17:38:32 | 000,000,736 | ---- | M] () -- C:\Users\Public\Desktop\Mp3tag.lnk
[2010.08.11 17:18:07 | 000,001,750 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2010.08.08 16:06:07 | 000,001,705 | ---- | M] () -- C:\Windows\ST6UNST.002
[2010.08.08 16:02:59 | 000,000,724 | ---- | M] () -- C:\Windows\ST6UNST.001
[2010.08.08 15:45:47 | 000,000,724 | ---- | M] () -- C:\Windows\ST6UNST.000
[2010.08.08 14:22:10 | 000,000,275 | ---- | M] () -- C:\WirelessDiagLog.csv
[2010.07.01 21:22:09 | 000,003,354 | ---- | M] () -- C:\Windows\System32\dmlg.dat
[2010.06.25 19:48:35 | 000,016,653 | ---- | M] () -- C:\Users\***\Desktop\WM 2010.odt
[2010.06.23 12:35:52 | 000,059,392 | ---- | M] () -- C:\Windows\System32\xvid.ax
[2010.06.12 14:44:41 | 167,555,440 | ---- | M] () -- C:\Users\***\Desktop\OOo_3.2.0_Win32Intel_install_wJRE_de.exe
 
========== Files Created - No Company Name ==========
 
[2010.08.14 17:48:31 | 000,001,807 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.08.14 16:50:07 | 000,134,966 | ---- | C] () -- C:\Users\***\Desktop\MovedFiles.rar
[2010.08.14 16:19:43 | 000,000,022 | ---- | C] () -- C:\Users\***\Desktop\***.zip
[2010.08.14 13:39:08 | 000,293,376 | ---- | C] () -- C:\Users\***\Desktop\pxyfv7if.exe
[2010.08.14 12:40:15 | 000,293,376 | ---- | C] () -- C:\Users\***\Desktop\3g8jx9mx.exe
[2010.08.13 20:16:58 | 000,339,991 | ---- | C] () -- C:\Users\***\Desktop\RSIT.exe
[2010.08.13 19:54:43 | 000,000,778 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.13 17:38:04 | 000,307,122 | ---- | C] () -- C:\Users\***\Desktop\auftragsbestaetigung.pdf
[2010.08.13 00:30:37 | 000,000,674 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2010.08.12 19:52:47 | 000,000,436 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{EDBA682A-4CCF-4440-A406-FC63B1CDC3AF}.job
[2010.08.11 22:49:35 | 000,000,764 | ---- | C] () -- C:\Users\***\Desktop\CCleaner.lnk
[2010.08.11 17:56:57 | 000,001,684 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.08.11 17:52:52 | 000,000,839 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2010.08.11 17:42:32 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2010.08.11 17:38:32 | 000,000,736 | ---- | C] () -- C:\Users\Public\Desktop\Mp3tag.lnk
[2010.08.11 17:18:07 | 000,001,750 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2010.08.11 16:45:37 | 000,153,088 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2010.08.08 16:06:06 | 000,001,705 | ---- | C] () -- C:\Windows\ST6UNST.002
[2010.08.08 16:02:49 | 000,000,724 | ---- | C] () -- C:\Windows\ST6UNST.001
[2010.08.08 15:45:39 | 000,000,724 | ---- | C] () -- C:\Windows\ST6UNST.000
[2010.06.23 12:35:52 | 000,059,392 | ---- | C] () -- C:\Windows\System32\xvid.ax
[2010.06.12 22:37:11 | 000,016,653 | ---- | C] () -- C:\Users\***\Desktop\WM 2010.odt
[2010.06.12 14:32:59 | 167,555,440 | ---- | C] () -- C:\Users\***\Desktop\OOo_3.2.0_Win32Intel_install_wJRE_de.exe
[2009.09.24 23:19:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.02.06 18:30:00 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2009.01.02 08:26:25 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2009.01.02 08:26:25 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2009.01.02 08:18:07 | 000,004,860 | ---- | C] () -- C:\Windows\HotFixList.ini
[2009.01.02 07:51:14 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009.01.02 07:51:04 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1540.dll
[2008.09.12 15:21:02 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001.11.14 05:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
 
========== LOP Check ==========
 
[2009.09.15 20:08:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2010.03.13 16:29:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular
[2009.09.29 19:04:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag
[2010.08.13 18:21:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NetSpeedMonitor
[2009.05.20 22:58:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2010.08.13 00:30:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2010.08.12 01:00:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QuickScan
[2009.04.01 19:43:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2010.08.12 23:24:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Uniblue
[2010.08.13 23:35:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Western Digital
[2010.08.14 19:35:13 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.08.15 00:33:07 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\SupBackGroundTask.job
[2010.08.15 00:50:22 | 000,000,436 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{EDBA682A-4CCF-4440-A406-FC63B1CDC3AF}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:C69EAC3C
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:CB0AACC9
< End of report >
--- --- ---


LG Alke

Larusso 15.08.2010 10:54
Schritt 1

Windows + R Taste drücken. Kopiere nun folgendes in die Zeile
Code:
reg add "HKEY_LOCAL_MACHINE\Software\Policies\ Microsoft\Windows Defender" /v DisableAntiSpyware /t Reg_Dword /d 1 /f
und drücke OK

Starte den Rechner neu auf.


Schritt 2
Code:
:OTL
O3 - HKLM\..\Toolbar: (no name) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.
O4 - HKCU..\Run: [{ED0B4B8D-3966-B24A-F69A-984CA48C147A}] C:\Users\***\AppData\Roaming\Sium\opun.exe File not found
:services
:files
:reg
:Commands
[purity]
[emptytemp]
[reboot]
  • Schliesse bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • Klick auf http://larusso.trojaner-board.de/Images/otlfix2.jpg.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


Schritt 3

Starte bitte OTL und drücke den QuickScan Button.

Alke_1981 15.08.2010 12:44
Hallo,

hier Schritt 2:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\{ED0B4B8D-3966-B24A-F69A-984CA48C147A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ED0B4B8D-3966-B24A-F69A-984CA48C147A}\ not found.
========== SERVICES/DRIVERS ==========
========== FILES ==========
========== REGISTRY ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: ***
->Temp folder emptied: 42848 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Opera cache emptied: 3627498 bytes
->Flash cache emptied: 1219 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 264618 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 4,00 mb
OTL by OldTimer - Version 3.2.9.1 log created on 08152010_132614
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...

und Schritt 3:

OTL Logfile:
Code:
OTL logfile created on: 15.08.2010 13:30:11 - Run 3
OTL by OldTimer - Version 3.2.9.1    Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 68,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 109,88 Gb Total Space | 68,25 Gb Free Space | 62,11% Space Free | Partition Type: NTFS
Drive D: | 110,00 Gb Total Space | 21,33 Gb Free Space | 19,39% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***-PC
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
 
========== Processes (SafeList) ==========
 
PRC - [2010.08.14 17:50:25 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.08.13 21:50:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2010.03.02 10:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 09:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.04.17 04:50:00 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.08.13 21:50:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
MOD - [2009.04.11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008.01.21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - File not found [Auto | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2010.08.14 17:50:25 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.24 09:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.09.25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\wdcsam.sys -- (WDC_SAM)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\VMC326.sys -- (VMC326)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\VMC302.sys -- (VMC302)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010.03.01 09:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.12.17 16:02:20 | 001,203,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.11 06:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2008.08.05 05:02:22 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008.08.05 05:02:22 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2008.07.22 08:33:02 | 000,319,000 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008.04.17 09:31:00 | 002,098,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.01.21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2008.01.21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007.12.28 03:51:00 | 000,298,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007.10.26 07:39:08 | 000,193,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007.05.23 10:13:10 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 09:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p:\\www.samsungcomputer.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = h**p://search.conduit.com?SearchSource=10&ctid=CT2431245
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy1.ewetel.net:8080
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.11 17:56:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.15 02:28:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird 3 Beta 2\components
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird 3 Beta 2\plugins [2010.08.15 02:28:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.08.11 17:18:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.08.15 02:28:39 | 000,000,000 | ---D | M]
 
[2010.08.12 18:20:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.08.12 18:20:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.08.12 17:28:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ag6sai08.default\extensions
[2010.02.12 22:32:35 | 000,000,261 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\ag6sai08.default\searchplugins\Search.xml
[2010.08.12 23:43:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.08.12 23:43:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.08.12 23:42:43 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.07.23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} h**p://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} h**p://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} h**p://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} h**p://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} h**p://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{60b801ca-a6d6-11df-bb07-001377985cdf}\Shell - "" = AutoRun
O33 - MountPoints2\{60b801ca-a6d6-11df-bb07-001377985cdf}\Shell\AutoRun\command - "" = H:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010.08.15 02:28:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010.08.15 02:28:11 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010.08.15 02:26:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Adobe
[2010.08.14 17:48:25 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010.08.14 17:48:24 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.08.14 17:48:24 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.08.14 17:48:24 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.08.14 17:48:24 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010.08.14 17:48:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.08.14 17:48:24 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010.08.14 12:56:54 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.08.14 00:09:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.08.13 23:49:58 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Neuer Ordner
[2010.08.13 23:02:10 | 000,072,704 | ---- | C] (GravityGripp) -- C:\Users\***\Desktop\ZipIt2.exe
[2010.08.13 21:50:36 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.08.13 20:18:16 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.08.13 20:18:15 | 000,000,000 | ---D | C] -- C:\rsit
[2010.08.13 19:55:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010.08.13 19:54:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.13 19:54:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.13 19:54:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.08.13 19:54:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.13 19:17:16 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Simply Super Software
[2010.08.13 19:17:05 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2010.08.13 19:07:37 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2010.08.13 16:29:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Western Digital
[2010.08.13 16:28:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Western Digital
[2010.08.13 16:27:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Western Digital
[2010.08.13 00:30:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Opera
[2010.08.13 00:30:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Opera
[2010.08.13 00:30:31 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2010.08.12 23:39:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2010.08.12 23:24:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Uniblue
[2010.08.12 19:26:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\NetSpeedMonitor
[2010.08.12 01:00:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\QuickScan
[2010.08.11 22:49:34 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.08.11 20:10:49 | 016,299,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\ProgramData\jre-6u21-windows-i586-s.exe
[2010.08.11 19:55:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010.08.11 19:53:52 | 000,875,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\ProgramData\jre-6u21-windows-i586-iftw-rv.exe
[2010.08.11 17:50:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010.08.11 17:50:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010.08.11 17:49:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010.08.11 17:49:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010.08.11 17:49:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010.08.11 17:41:02 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2010.08.11 17:40:54 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2010.08.11 17:40:27 | 000,000,000 | ---D | C] -- C:\Program Files\readmes
[2010.08.11 17:40:26 | 000,000,000 | ---D | C] -- C:\Program Files\redist
[2010.08.11 17:40:26 | 000,000,000 | ---D | C] -- C:\Program Files\licenses
[2010.08.11 17:38:30 | 000,000,000 | ---D | C] -- C:\Program Files\Mp3tag
[2010.08.11 17:33:54 | 000,000,000 | ---D | C] -- C:\Program Files\ElsterFormular
[2010.08.11 17:33:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010.08.11 17:29:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird 3 Beta 2
[2010.08.11 17:29:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2010.08.11 17:29:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010.08.11 17:18:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2010.08.11 16:54:16 | 000,000,000 | R--D | C] -- C:\Users\***\Documents\Notes
[2010.08.11 16:34:26 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010.08.11 16:34:19 | 000,000,000 | ---D | C] -- C:\Program Files\softonic-de3
[2010.08.11 16:33:52 | 000,000,000 | ---D | C] -- C:\ProgramData\VistaCodecs
[2010.08.08 15:45:47 | 000,241,664 | ---- | C] (TODO: <Company name>) -- C:\Windows\System32\TFTPClientAX.dll
[2010.06.05 12:17:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Symantec
[2010.06.05 12:17:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010.06.05 12:17:28 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
 
========== Files - Modified Within 90 Days ==========
 
[2010.08.15 13:30:12 | 003,145,728 | -HS- | M] () -- C:\Users\***\NTUSER.DAT
[2010.08.15 13:27:22 | 000,000,438 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2010.08.15 13:27:05 | 000,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.15 13:27:05 | 000,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.15 13:27:04 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\SupBackGroundTask.job
[2010.08.15 13:27:01 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.15 13:26:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.15 13:26:20 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.08.15 13:26:20 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.08.15 13:22:30 | 003,090,339 | -H-- | M] () -- C:\Users\***AppData\Local\IconCache.db
[2010.08.15 13:20:05 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EDBA682A-4CCF-4440-A406-FC63B1CDC3AF}.job
[2010.08.15 02:28:40 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.08.14 17:48:31 | 000,001,807 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.08.14 16:49:45 | 000,134,966 | ---- | M] () -- C:\Users\***\Desktop\MovedFiles.rar
[2010.08.14 16:20:09 | 000,000,022 | ---- | M] () -- C:\Users\***\Desktop\***.zip
[2010.08.14 13:39:08 | 000,293,376 | ---- | M] () -- C:\Users\***\Desktop\pxyfv7if.exe
[2010.08.14 13:19:51 | 001,602,126 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.14 13:19:51 | 000,689,604 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.14 13:19:51 | 000,645,990 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.14 13:19:51 | 000,151,372 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.14 13:19:51 | 000,122,818 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.14 12:40:15 | 000,293,376 | ---- | M] () -- C:\Users\***\Desktop\3g8jx9mx.exe
[2010.08.13 23:02:10 | 000,072,704 | ---- | M] (GravityGripp) -- C:\Users\***\Desktop\ZipIt2.exe
[2010.08.13 21:50:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.08.13 20:16:58 | 000,339,991 | ---- | M] () -- C:\Users\***\Desktop\RSIT.exe
[2010.08.13 19:54:43 | 000,000,778 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.13 18:19:17 | 000,085,504 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.13 17:38:05 | 000,307,122 | ---- | M] () -- C:\Users\***\Desktop\auftragsbestaetigung.pdf
[2010.08.13 00:30:37 | 000,000,674 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2010.08.12 02:12:13 | 000,105,816 | ---- | M] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.08.12 02:11:54 | 000,394,480 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.12 02:08:15 | 000,000,219 | ---- | M] () -- C:\Windows\win.ini
[2010.08.11 22:49:35 | 000,000,764 | ---- | M] () -- C:\Users\***\Desktop\CCleaner.lnk
[2010.08.11 17:56:57 | 000,001,684 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.08.11 17:52:52 | 000,000,839 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2010.08.11 17:42:32 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2010.08.11 17:38:32 | 000,000,736 | ---- | M] () -- C:\Users\Public\Desktop\Mp3tag.lnk
[2010.08.11 17:18:07 | 000,001,750 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2010.08.08 16:06:07 | 000,001,705 | ---- | M] () -- C:\Windows\ST6UNST.002
[2010.08.08 16:02:59 | 000,000,724 | ---- | M] () -- C:\Windows\ST6UNST.001
[2010.08.08 15:45:47 | 000,000,724 | ---- | M] () -- C:\Windows\ST6UNST.000
[2010.08.08 14:22:10 | 000,000,275 | ---- | M] () -- C:\WirelessDiagLog.csv
[2010.07.01 21:22:09 | 000,003,354 | ---- | M] () -- C:\Windows\System32\dmlg.dat
[2010.06.25 19:48:35 | 000,016,653 | ---- | M] () -- C:\Users\***\Desktop\WM 2010.odt
[2010.06.23 12:35:52 | 000,059,392 | ---- | M] () -- C:\Windows\System32\xvid.ax
[2010.06.12 14:44:41 | 167,555,440 | ---- | M] () -- C:\Users\***\Desktop\OOo_3.2.0_Win32Intel_install_wJRE_de.exe
 
========== Files Created - No Company Name ==========
 
[2010.08.15 02:28:40 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.08.14 17:48:31 | 000,001,807 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.08.14 16:50:07 | 000,134,966 | ---- | C] () -- C:\Users\***\Desktop\MovedFiles.rar
[2010.08.14 16:19:43 | 000,000,022 | ---- | C] () -- C:\Users\***\Desktop\***.zip
[2010.08.14 13:39:08 | 000,293,376 | ---- | C] () -- C:\Users\***\Desktop\pxyfv7if.exe
[2010.08.14 12:40:15 | 000,293,376 | ---- | C] () -- C:\Users\***\Desktop\3g8jx9mx.exe
[2010.08.13 20:16:58 | 000,339,991 | ---- | C] () -- C:\Users\***\Desktop\RSIT.exe
[2010.08.13 19:54:43 | 000,000,778 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.13 17:38:04 | 000,307,122 | ---- | C] () -- C:\Users\***\Desktop\auftragsbestaetigung.pdf
[2010.08.13 00:30:37 | 000,000,674 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2010.08.12 19:52:47 | 000,000,436 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{EDBA682A-4CCF-4440-A406-FC63B1CDC3AF}.job
[2010.08.11 22:49:35 | 000,000,764 | ---- | C] () -- C:\Users\***\Desktop\CCleaner.lnk
[2010.08.11 17:56:57 | 000,001,684 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.08.11 17:52:52 | 000,000,839 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2010.08.11 17:42:32 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2010.08.11 17:38:32 | 000,000,736 | ---- | C] () -- C:\Users\Public\Desktop\Mp3tag.lnk
[2010.08.11 17:18:07 | 000,001,750 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2010.08.11 16:45:37 | 000,153,088 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2010.08.08 16:06:06 | 000,001,705 | ---- | C] () -- C:\Windows\ST6UNST.002
[2010.08.08 16:02:49 | 000,000,724 | ---- | C] () -- C:\Windows\ST6UNST.001
[2010.08.08 15:45:39 | 000,000,724 | ---- | C] () -- C:\Windows\ST6UNST.000
[2010.06.23 12:35:52 | 000,059,392 | ---- | C] () -- C:\Windows\System32\xvid.ax
[2010.06.12 22:37:11 | 000,016,653 | ---- | C] () -- C:\Users\***\Desktop\WM 2010.odt
[2010.06.12 14:32:59 | 167,555,440 | ---- | C] () -- C:\Users\***\Desktop\OOo_3.2.0_Win32Intel_install_wJRE_de.exe
[2009.09.24 23:19:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.02.06 18:30:00 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2009.01.02 08:26:25 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2009.01.02 08:26:25 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2009.01.02 08:18:07 | 000,004,860 | ---- | C] () -- C:\Windows\HotFixList.ini
[2009.01.02 07:51:14 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009.01.02 07:51:04 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1540.dll
[2008.09.12 15:21:02 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001.11.14 05:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
 
========== LOP Check ==========
 
[2009.09.15 20:08:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2010.03.13 16:29:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular
[2009.09.29 19:04:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mp3tag
[2010.08.13 18:21:00 | 000,000,000 | ---D | M] -- C:\Users\***\Roaming\NetSpeedMonitor
[2009.05.20 22:58:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2010.08.13 00:30:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2010.08.12 01:00:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QuickScan
[2009.04.01 19:43:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2010.08.12 23:24:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Uniblue
[2010.08.13 23:35:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Western Digital
[2010.08.15 13:26:22 | 000,032,510 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.08.15 13:27:04 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\SupBackGroundTask.job
[2010.08.15 13:20:05 | 000,000,436 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{EDBA682A-4CCF-4440-A406-FC63B1CDC3AF}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:C69EAC3C
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:CB0AACC9
< End of report >
--- --- ---


LG Alke

Larusso 15.08.2010 14:03
Schritt 1

Öffne bitte Windows Defender --> Administratoroption
und entferne den Hacken bei Windows Defender verwenden

Rechner neu starten.


Schritt 2

Update bitte Malwarebytes und lass einen QuickScan laufen.


Schritt 3

ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Button http://img695.imageshack.us/img695/1599/eset1l.jpg (<< klick) drücken.
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Hacken bei Yes, i accept the Terms of Use.
  • Drücke den http://img707.imageshack.us/img707/687/starteg.jpg Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Remove found threads" und "Scan archives".
  • http://img707.imageshack.us/img707/687/starteg.jpg drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.


Schritt 4

Downloade Dir bitte SecurityCheck
  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS- Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument ( checkup.txt ) öffnen.
Poste den Inhalt bitte hier.


Bitte poste in deiner nächsten Antwort
MBAM Logfile
ESET Log
checkup.txt
Berichte wie der Rechner läuft

Alke_1981 15.08.2010 16:05
Hallo,

hier der MBAM Logfile:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4432
Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005
15.08.2010 15:20:22
mbam-log-2010-08-15 (15-20-22).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 129904
Laufzeit: 6 Minute(n), 29 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

und der ESET Log:

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=917183f5521d05418ba558ff386d2971
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-08-15 01:41:43
# local_time=2010-08-15 03:41:43 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 153663 153663 0 0
# compatibility_mode=5892 16776574 100 100 136648 119412148 0 0
# compatibility_mode=8192 67108863 100 0 534 534 0 0
# scanned=170
# found=0
# cleaned=0
# scan_time=283
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=917183f5521d05418ba558ff386d2971
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-08-15 02:48:28
# local_time=2010-08-15 04:48:28 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 154077 154077 0 0
# compatibility_mode=5892 16776574 100 100 137062 119412562 0 0
# compatibility_mode=8192 67108863 100 0 948 948 0 0
# scanned=105026
# found=0
# cleaned=0
# scan_time=3873

und checkup.txt:

Results of screen317's Security Check version 0.99.5
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 18
Java(TM) 6 Update 21
Out of date Java installed!
Adobe Flash Player 10.1.82.76
Adobe Reader 9.3.3 - Deutsch
Mozilla Thunderbird (3.1.2)
````````````````````````````````
Process Check:
objlist.exe by Laurent
````````````````````````````````
DNS Vulnerability Check:
Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)
``````````End of Log````````````

Die Probleme die ich in Firefox hatte (langsamer Seitenaufbau und keine Videos werden mehr geladen), sind nicht mehr vorhanden. :taenzer:

LG Alke

Larusso 15.08.2010 16:07
Könntest DU vl versuchen die Logfiles ganz normal zu posten ?
Bekommt man nämlich Augenkrebs. Danke

Alke_1981 15.08.2010 16:20
Hi,

klar, so besser?


MBAM Logfile

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4432

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

15.08.2010 15:20:22
mbam-log-2010-08-15 (15-20-22).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 129904
Laufzeit: 6 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

ESET-Log:

ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=917183f5521d05418ba558ff386d2971
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-08-15 01:41:43
# local_time=2010-08-15 03:41:43 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 153663 153663 0 0
# compatibility_mode=5892 16776574 100 100 136648 119412148 0 0
# compatibility_mode=8192 67108863 100 0 534 534 0 0
# scanned=170
# found=0
# cleaned=0
# scan_time=283
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=917183f5521d05418ba558ff386d2971
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-08-15 02:48:28
# local_time=2010-08-15 04:48:28 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 154077 154077 0 0
# compatibility_mode=5892 16776574 100 100 137062 119412562 0 0
# compatibility_mode=8192 67108863 100 0 948 948 0 0
# scanned=105026
# found=0
# cleaned=0
# scan_time=3873

Checkup

Results of screen317's Security Check version 0.99.5
Windows Vista Service Pack 2 (UAC is enabled)
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 18
Java(TM) 6 Update 21
Out of date Java installed!
Adobe Flash Player 10.1.82.76
Adobe Reader 9.3.3 - Deutsch
Mozilla Thunderbird (3.1.2)
````````````````````````````````
Process Check:
objlist.exe by Laurent
````````````````````````````````
DNS Vulnerability Check:
Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

``````````End of Log````````````

Larusso 15.08.2010 17:45
Schritt 1

Deinstalliere bitte Java Update 18


Schritt 2

Downloade Dir bitte den Internet Explorer 8 von hier und installiere diesen.
Auch wenn dieser nicht dein Standard-Browser ist, sollte sich die aktuelle Version am Rechner befinden. Es gibt noch genug Software die diesen zum Updaten verwendet.


Schritt 3

Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.


Bitte poste in deiner nächsten Antwort
OTL.txt
Extras.txt

Alke_1981 15.08.2010 18:51
Hi,

das Java Update 18 lässt sich nicht deinstallieren. Da bin ich letzte Woche schon dran verzweifelt (trotz Internetrecherche).

Hast Du einen Tipp für mich?

Lg Alke

Alke_1981 15.08.2010 22:19
Hallo,

mit dem Deinstallieren von Java bin ich auch trotz JavaRa nicht weitergekommen. Es ist immer noch da.

Bin jetzt bis Mittwoch Abend im Kurzurlaub.

Vielen Dank bisher, ich gucke dann Mittwoch Abend wieder rein.

Lg Alke

Larusso 16.08.2010 17:13
Windows + R Taste drücken. Kopiere nun folgendes in die Zeile

msiexec /x "{26A24AE4-039D-4CA4-87B4-2F83216018F0}"

und drücke OK. Es sollte sich eine Deinstallationsroutine öffnen.

Alke_1981 18.08.2010 18:50
Hallo,

bin wieder da und Java Update 18 leider auch noch.

Ist das gleiche, als wenn ich es über Systemsteuerung/Programme probiere. Der Windows Installer fängt an zu deinstallieren und ist dann nach kurzer Zeit weg und das Java Update noch da.

Gibts noch eine andere Möglichkeit?

Lg Alke

Larusso 18.08.2010 20:21
Software mit Revo Uninstaller deinstallieren

Downloade Dir bitte den Revo Uninstaller
  • Doppelklick auf die revosetup.exe.
  • Installiere das Tool in den vorgegebenen Pfad.
  • Doppelklick auf das Revo Uninstall Icon.
  • Suche Dir nun folgende Software aus der Code-Box.
    Code:
    Java 18
    Klicke darauf und bestätige mit Ja.
  • Belasse die Einstellung der Deinstallationsroutine auf Moderat und klicke auf weiter.
  • Das Tool wird nun nach allen Einträgen auf dem Rechner suchen. Klick auf weiter
  • Klick auf den Markiere alle Button und klick auf löschen und bestätige mit Ja.
Bebilderte Anleitung

Starte den Rechner neu auf.

Alke_1981 18.08.2010 21:23
Hallo.

hat geklappt. Wenn ich den Internetexplorer runterladen will, krieg ich die Meldung das es nicht geht, da eine neuere Version bereits installiert ist.

Und hier die OLT.txt:

OTL Logfile:
Code:
OTL logfile created on: 18.08.2010 21:54:28 - Run 4
OTL by OldTimer - Version 3.2.9.1    Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 109,88 Gb Total Space | 66,20 Gb Free Space | 60,25% Space Free | Partition Type: NTFS
Drive D: | 110,00 Gb Total Space | 21,33 Gb Free Space | 19,39% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***-PC
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Processes (SafeList) ==========
 
PRC - [2010.08.15 17:00:09 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.08.13 21:50:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2010.08.03 15:33:41 | 012,746,928 | ---- | M] (Mozilla Messaging) -- C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PRC - [2010.03.02 10:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.02.24 09:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010.01.14 21:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.04.17 04:50:00 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010.08.13 21:50:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
MOD - [2009.04.11 08:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008.01.21 04:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$MSSMLBIZ) SQL Server (MSSMLBIZ)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - File not found [Auto | Stopped] -- C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2010.08.15 17:00:09 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.24 09:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009.09.25 03:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\wdcsam.sys -- (WDC_SAM)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\VMC326.sys -- (VMC326)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\VMC302.sys -- (VMC302)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2010.03.01 09:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.02.16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.12.17 16:02:20 | 001,203,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.05.11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.11 06:45:24 | 000,113,664 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rmcast.sys -- (RMCAST) RMCAST (Pgm)
DRV - [2008.08.05 05:02:22 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008.08.05 05:02:22 | 002,381,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2008.07.22 08:33:02 | 000,319,000 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008.04.17 09:31:00 | 002,098,904 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.01.21 04:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 04:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 04:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 04:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 04:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 04:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 04:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 04:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 04:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 04:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 04:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 04:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 04:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 04:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 04:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 04:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 04:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 04:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2008.01.21 04:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 04:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 04:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 04:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007.12.28 03:51:00 | 000,298,496 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk60x86.sys -- (yukonwlh)
DRV - [2007.10.26 07:39:08 | 000,193,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007.05.23 10:13:10 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
DRV - [2006.11.02 11:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 11:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 11:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 11:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 11:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 11:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 11:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 11:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 11:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 11:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 11:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 10:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 10:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006.11.02 10:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 10:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 10:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 10:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 09:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.02 09:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 09:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - Reg Error: Key error. File not found
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2431245
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy1.ewetel.net:8080
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.11 17:56:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.15 02:28:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird 3 Beta 2\components
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird 3 Beta 2\plugins [2010.08.15 02:28:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.08.11 17:18:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.08.15 02:28:39 | 000,000,000 | ---D | M]
 
[2010.08.12 18:20:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010.08.12 18:20:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.08.12 17:28:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\ag6sai08.default\extensions
[2010.02.12 22:32:35 | 000,000,261 | ---- | M] () -- C:\Users\***\AppData\Roaming\Mozilla\FireFox\Profiles\ag6sai08.default\searchplugins\Search.xml
[2010.08.15 15:52:07 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010.08.12 23:43:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010.08.12 23:42:43 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.07.23 02:48:56 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.07.23 02:48:56 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.07.23 02:48:56 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.07.23 02:48:56 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.07.23 02:48:56 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm File not found
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{60b801ca-a6d6-11df-bb07-001377985cdf}\Shell - "" = AutoRun
O33 - MountPoints2\{60b801ca-a6d6-11df-bb07-001377985cdf}\Shell\AutoRun\command - "" = H:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.18 21:26:49 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2010.08.15 19:53:59 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010.08.15 19:53:59 | 000,420,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.08.15 19:43:33 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.08.15 19:43:33 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.08.15 19:43:33 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.08.15 19:43:32 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.08.15 19:43:32 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.08.15 19:43:32 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.08.15 19:43:32 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.08.15 19:43:32 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.08.15 19:43:32 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.08.15 19:43:31 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.08.15 19:43:31 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.08.15 19:43:31 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.08.15 19:43:31 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.08.15 19:43:31 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.08.15 19:43:30 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.08.15 19:39:34 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2010.08.15 19:39:34 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2010.08.15 19:39:33 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2010.08.15 19:39:33 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2010.08.15 19:39:33 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2010.08.15 19:39:33 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2010.08.15 19:39:33 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\corpol.dll
[2010.08.15 19:39:32 | 000,229,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2010.08.15 19:39:32 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2010.08.15 19:39:32 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2010.08.15 19:39:32 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2010.08.15 19:39:32 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2010.08.15 19:39:31 | 000,208,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WinFXDocObj.exe
[2010.08.15 19:39:31 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2010.08.15 19:39:31 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2010.08.15 19:39:31 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2010.08.15 19:39:30 | 000,445,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2010.08.15 19:39:30 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2010.08.15 19:39:29 | 003,698,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2010.08.15 19:39:29 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2010.08.15 19:39:29 | 000,169,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2010.08.15 19:39:29 | 000,109,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PDMSetup.exe
[2010.08.15 19:39:29 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2010.08.15 19:39:29 | 000,107,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2010.08.15 19:39:29 | 000,103,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetDepNx.exe
[2010.08.15 16:58:07 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.08.15 16:58:07 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.08.15 16:58:07 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.08.15 16:58:07 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010.08.15 16:58:07 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010.08.15 16:58:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.08.15 16:58:06 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2010.08.15 15:28:06 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010.08.15 02:28:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010.08.15 02:28:11 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010.08.15 02:26:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Adobe
[2010.08.14 12:56:54 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.08.14 00:09:11 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.08.13 23:49:58 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Neuer Ordner
[2010.08.13 23:02:10 | 000,072,704 | ---- | C] (GravityGripp) -- C:\Users\***\Desktop\ZipIt2.exe
[2010.08.13 21:50:36 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.08.13 20:18:16 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010.08.13 20:18:15 | 000,000,000 | ---D | C] -- C:\rsit
[2010.08.13 19:55:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010.08.13 19:54:40 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.13 19:54:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.13 19:54:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010.08.13 19:54:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.13 19:17:16 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Simply Super Software
[2010.08.13 19:17:05 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2010.08.13 19:07:37 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2010.08.13 16:29:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Western Digital
[2010.08.13 16:28:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Western Digital
[2010.08.13 16:27:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Western Digital
[2010.08.13 00:30:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Opera
[2010.08.13 00:30:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Opera
[2010.08.13 00:30:31 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2010.08.12 23:43:02 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.08.12 23:43:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.08.12 23:43:02 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.08.12 23:39:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\Adobe
[2010.08.12 23:24:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Uniblue
[2010.08.12 19:26:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\NetSpeedMonitor
[2010.08.12 01:00:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\QuickScan
[2010.08.11 22:49:34 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010.08.11 20:10:49 | 016,299,808 | ---- | C] (Sun Microsystems, Inc.) -- C:\ProgramData\jre-6u21-windows-i586-s.exe
[2010.08.11 19:55:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010.08.11 19:53:52 | 000,875,296 | ---- | C] (Sun Microsystems, Inc.) -- C:\ProgramData\jre-6u21-windows-i586-iftw-rv.exe
[2010.08.11 18:20:21 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.08.11 18:20:16 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.08.11 18:20:14 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.08.11 18:19:51 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.11 18:19:50 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.08.11 17:50:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010.08.11 17:50:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010.08.11 17:49:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio
[2010.08.11 17:49:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010.08.11 17:49:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010.08.11 17:41:02 | 000,000,000 | ---D | C] -- C:\Program Files\JRE
[2010.08.11 17:40:54 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2010.08.11 17:40:27 | 000,000,000 | ---D | C] -- C:\Program Files\readmes
[2010.08.11 17:40:26 | 000,000,000 | ---D | C] -- C:\Program Files\redist
[2010.08.11 17:40:26 | 000,000,000 | ---D | C] -- C:\Program Files\licenses
[2010.08.11 17:38:30 | 000,000,000 | ---D | C] -- C:\Program Files\Mp3tag
[2010.08.11 17:33:54 | 000,000,000 | ---D | C] -- C:\Program Files\ElsterFormular
[2010.08.11 17:33:33 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2010.08.11 17:29:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird 3 Beta 2
[2010.08.11 17:29:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine
[2010.08.11 17:29:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010.08.11 17:18:01 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Thunderbird
[2010.08.11 16:54:16 | 000,000,000 | R--D | C] -- C:\Users\***\Documents\Notes
[2010.08.11 16:34:26 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010.08.11 16:34:19 | 000,000,000 | ---D | C] -- C:\Program Files\softonic-de3
[2010.08.11 16:33:52 | 000,000,000 | ---D | C] -- C:\ProgramData\VistaCodecs
[2010.08.08 16:06:07 | 000,253,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2010.08.08 15:45:47 | 000,241,664 | ---- | C] (TODO: <Company name>) -- C:\Windows\System32\TFTPClientAX.dll
[2010.08.08 15:45:47 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WINSKDE.DLL
[2010.08.08 15:45:39 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.18 21:52:41 | 003,145,728 | -HS- | M] () -- C:\Users\***\NTUSER.DAT
[2010.08.18 21:31:30 | 000,000,438 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics
[2010.08.18 21:31:08 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\SupBackGroundTask.job
[2010.08.18 21:31:05 | 000,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.18 21:31:05 | 000,004,912 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.18 21:31:05 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.18 21:31:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.18 21:30:18 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.08.18 21:30:18 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.08.18 21:30:15 | 003,671,980 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db
[2010.08.18 21:26:50 | 000,001,017 | ---- | M] () -- C:\Users\***\Desktop\Revo Uninstaller.lnk
[2010.08.18 17:59:56 | 000,000,436 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{EDBA682A-4CCF-4440-A406-FC63B1CDC3AF}.job
[2010.08.15 16:58:15 | 000,001,807 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.08.15 16:49:58 | 000,869,051 | ---- | M] () -- C:\Users\***\Desktop\SecurityCheck.exe
[2010.08.15 15:42:24 | 002,672,312 | ---- | M] () -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe
[2010.08.15 02:28:40 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.08.14 16:20:09 | 000,000,022 | ---- | M] () -- C:\Users\***\Desktop\***.zip
[2010.08.14 13:39:08 | 000,293,376 | ---- | M] () -- C:\Users\***\Desktop\pxyfv7if.exe
[2010.08.14 13:19:51 | 001,602,126 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.14 13:19:51 | 000,689,604 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.14 13:19:51 | 000,645,990 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.14 13:19:51 | 000,151,372 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.14 13:19:51 | 000,122,818 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.14 12:40:15 | 000,293,376 | ---- | M] () -- C:\Users\***\Desktop\3g8jx9mx.exe
[2010.08.13 23:02:10 | 000,072,704 | ---- | M] (GravityGripp) -- C:\Users\***\Desktop\ZipIt2.exe
[2010.08.13 21:50:36 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2010.08.13 20:16:58 | 000,339,991 | ---- | M] () -- C:\Users\***\Desktop\RSIT.exe
[2010.08.13 19:54:43 | 000,000,778 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.13 18:19:17 | 000,085,504 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.13 17:38:05 | 000,307,122 | ---- | M] () -- C:\Users\***\Desktop\auftragsbestaetigung.pdf
[2010.08.13 00:30:37 | 000,000,674 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2010.08.12 23:42:42 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2010.08.12 23:42:42 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.08.12 23:42:42 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.08.12 23:42:42 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.08.12 02:12:13 | 000,105,816 | ---- | M] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.08.12 02:11:54 | 000,394,480 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.12 02:08:15 | 000,000,219 | ---- | M] () -- C:\Windows\win.ini
[2010.08.11 22:49:35 | 000,000,764 | ---- | M] () -- C:\Users\***\Desktop\CCleaner.lnk
[2010.08.11 20:10:52 | 016,299,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\ProgramData\jre-6u21-windows-i586-s.exe
[2010.08.11 19:54:05 | 000,875,296 | ---- | M] (Sun Microsystems, Inc.) -- C:\ProgramData\jre-6u21-windows-i586-iftw-rv.exe
[2010.08.11 17:56:57 | 000,001,684 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.08.11 17:52:52 | 000,000,839 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2010.08.11 17:42:32 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2010.08.11 17:38:32 | 000,000,736 | ---- | M] () -- C:\Users\Public\Desktop\Mp3tag.lnk
[2010.08.11 17:18:07 | 000,001,750 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2010.08.08 16:06:47 | 000,253,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\Setup1.exe
[2010.08.08 16:06:41 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\ST6UNST.EXE
[2010.08.08 16:06:07 | 000,001,705 | ---- | M] () -- C:\Windows\ST6UNST.002
[2010.08.08 16:02:59 | 000,000,724 | ---- | M] () -- C:\Windows\ST6UNST.001
[2010.08.08 15:45:47 | 000,000,724 | ---- | M] () -- C:\Windows\ST6UNST.000
[2010.08.08 14:22:10 | 000,000,275 | ---- | M] () -- C:\WirelessDiagLog.csv
 
========== Files Created - No Company Name ==========
 
[2010.08.18 21:26:50 | 000,001,017 | ---- | C] () -- C:\Users\***\Desktop\Revo Uninstaller.lnk
[2010.08.15 19:42:27 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2010.08.15 16:58:15 | 000,001,807 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.08.15 16:49:55 | 000,869,051 | ---- | C] () -- C:\Users\***\Desktop\SecurityCheck.exe
[2010.08.15 15:26:31 | 002,672,312 | ---- | C] () -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe
[2010.08.15 02:28:40 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.08.14 16:19:43 | 000,000,022 | ---- | C] () -- C:\Users\***\Desktop\***.zip
[2010.08.14 13:39:08 | 000,293,376 | ---- | C] () -- C:\Users\***\Desktop\pxyfv7if.exe
[2010.08.14 12:40:15 | 000,293,376 | ---- | C] () -- C:\Users\***\Desktop\3g8jx9mx.exe
[2010.08.13 20:16:58 | 000,339,991 | ---- | C] () -- C:\Users\***\Desktop\RSIT.exe
[2010.08.13 19:54:43 | 000,000,778 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.13 17:38:04 | 000,307,122 | ---- | C] () -- C:\Users\***\Desktop\auftragsbestaetigung.pdf
[2010.08.13 00:30:37 | 000,000,674 | ---- | C] () -- C:\Users\Public\Desktop\Opera.lnk
[2010.08.12 19:52:47 | 000,000,436 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{EDBA682A-4CCF-4440-A406-FC63B1CDC3AF}.job
[2010.08.11 22:49:35 | 000,000,764 | ---- | C] () -- C:\Users\***\Desktop\CCleaner.lnk
[2010.08.11 17:56:57 | 000,001,684 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.08.11 17:52:52 | 000,000,839 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2010.08.11 17:42:32 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.2.lnk
[2010.08.11 17:38:32 | 000,000,736 | ---- | C] () -- C:\Users\Public\Desktop\Mp3tag.lnk
[2010.08.11 17:18:07 | 000,001,750 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Thunderbird.lnk
[2010.08.11 16:45:37 | 000,153,088 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2010.08.08 16:06:06 | 000,001,705 | ---- | C] () -- C:\Windows\ST6UNST.002
[2010.08.08 16:02:49 | 000,000,724 | ---- | C] () -- C:\Windows\ST6UNST.001
[2010.08.08 15:45:39 | 000,000,724 | ---- | C] () -- C:\Windows\ST6UNST.000
[2009.09.24 23:19:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009.02.06 18:30:00 | 000,484,352 | ---- | C] () -- C:\Windows\System32\lame_enc.dll
[2009.01.02 08:26:25 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2009.01.02 08:26:25 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2009.01.02 08:18:07 | 000,004,860 | ---- | C] () -- C:\Windows\HotFixList.ini
[2009.01.02 07:51:14 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2009.01.02 07:51:04 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1540.dll
[2008.09.12 15:21:02 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2001.11.14 05:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:C69EAC3C
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:CB0AACC9
< End of report >
--- --- ---

Alke_1981 18.08.2010 21:24
und die Extras.txt:

OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 18.08.2010 21:54:28 - Run 4
OTL by OldTimer - Version 3.2.9.1    Folder = C:\Users\***\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 109,88 Gb Total Space | 66,20 Gb Free Space | 60,25% Space Free | Partition Type: NTFS
Drive D: | 110,00 Gb Total Space | 21,33 Gb Free Space | 19,39% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***-PC
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07BD3F20-DB56-49C0-A7B0-18D9D82827DD}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{08782777-94B8-44E8-AA07-B1E4F0F4A474}" = rport=445 | protocol=6 | dir=out | app=system |
"{12AB104A-E938-404F-9B41-DD23CDDE9599}" = rport=139 | protocol=6 | dir=out | app=system |
"{199F7521-AE20-43BA-A96B-3D29B77476C0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{218D5C2A-200B-4B49-8792-577806C27074}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{23B711DB-B76E-4A86-9B36-B7B8E94A16D4}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{5BB8CBA2-CFB3-445D-B255-8CF9EE2561F5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8215C804-CC01-4D49-8073-0D42F3AF207C}" = lport=139 | protocol=6 | dir=in | app=system |
"{8DC3E374-2DF0-45B0-968B-35C7A861AFB1}" = rport=137 | protocol=17 | dir=out | app=system |
"{91515D9A-CFC0-48B2-8D93-0E66375E8C5B}" = rport=138 | protocol=17 | dir=out | app=system |
"{9B9CA6AC-10B4-4B93-AE04-5058F56965B3}" = lport=137 | protocol=17 | dir=in | app=system |
"{9BB19E08-202B-44CE-9475-0EEF98816311}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{A9FDE46D-1E7B-4AFB-B30F-DA5601DBBAD8}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{AA4E12F9-AAEF-4906-8ACD-2871ADB09E2B}" = lport=138 | protocol=17 | dir=in | app=system |
"{AD136373-DB6F-4EDD-A8A7-E69B7F28AAAE}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{AD202421-D9A7-4B6B-8A9E-0C623B14178E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B51E0C15-AD09-4CE0-8E05-8FF7F29335B5}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{B82B9F2F-272D-4781-9490-A19737D489DE}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{BC5A22E5-8CEB-4CE8-8BA4-F4CDAAC59666}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{C0193AE1-0B06-4036-8AED-0B7F19C5EDD7}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{CD23C331-0758-4B9B-9222-424E49DDFBD1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D334A633-C792-423F-95D6-9D1C5EA6E1F3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E509645C-597E-414A-812F-2BC8FE6AAA3F}" = lport=445 | protocol=6 | dir=in | app=system |
"{E6A5FE31-6A8C-4441-B3A3-007DAC912474}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{EFF36AD2-958C-4AE8-B504-CD3D3D9E8F56}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{F8A1F9A0-9876-46E4-888A-CDE479C07836}" = rport=2869 | protocol=6 | dir=out | app=system |
"{FAB8703C-98E2-4E1E-9ECC-62281DB3953F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0BD70B72-74EB-4A5B-B5E5-06E05F53C1DF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{471EFC2F-CC78-4131-8737-95E65D972510}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7CD8009F-B80D-46E7-A96A-4E30CEE7B37C}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{8CE50534-1F10-49A3-B44F-231FB163DF50}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{8E889320-7E06-43B5-B0D4-F130FA8117F7}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{90FD9243-3C7E-4A22-A425-50C28B82C522}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{DB194223-34BF-490F-A76B-A1B7696C7970}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{F385A3FA-E383-4D39-A7A7-3DFB18005856}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F4C4928D-C31C-4855-9183-0194B2F6647E}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{F65F453C-F880-4F76-B59C-6B030919B1D3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{2DEB4D04-15E0-4C1A-B3C6-CBDBDB4FCEF0}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{3311B0BD-6866-4B0F-9A75-F2E206ADFB25}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{3CB0031C-AB47-49A3-BC34-AE27D878CDD5}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{4734DF1A-F33F-4AF1-AF0E-4B430CB3B898}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{53F8E3B9-551C-4AAB-A543-F334E65A4F72}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{59846B4E-0AD4-42E4-9F56-F0655B1DD8D5}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{7410E009-06E7-480B-A130-F3F394CD41AF}C:\program files\tvuplayer\tvuplayer.exe" = protocol=6 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"TCP Query User{777DEF68-5966-4427-A47F-9222554D1AFE}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{7C660006-9188-4267-8D81-A4CF24236B48}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{812A4491-A461-49F3-BD86-E6D9A454B475}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{9C1F7D15-CC62-43FE-9FD6-805BB18843A5}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"TCP Query User{D5263469-6A0B-419E-9714-24C0D63AA35C}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{E4C57F74-E567-483B-91FD-207F66269F24}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{EB42A284-0927-4952-A92C-8B01AF1560A4}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{10504BF8-AF6C-4542-83A4-E9AD3C63F5CB}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{40B54CD6-F3EA-4AC6-BC26-151B46476848}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{789F40A6-5742-4F26-BC29-4EF37EA68C67}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{79EBBD58-58A5-43F6-97DB-5F3F6FBCBBCC}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{7BF8A94F-80DC-490E-808C-F2F8161865A8}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{9BC9DA68-0154-4C79-9C60-0051A592AAD8}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{A7B5A3BE-E740-40B4-9413-D5230C401240}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{AF43D0B8-257A-44B9-B6A0-FF638AA428A0}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{B21C3C21-C61D-44AD-ADAD-D6E0328B41D6}C:\program files\tvuplayer\tvuplayer.exe" = protocol=17 | dir=in | app=c:\program files\tvuplayer\tvuplayer.exe |
"UDP Query User{C1F62B8B-99AD-4B0B-B53B-57C58488257C}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{CEC09594-CF95-4524-BAD8-3A9E81E4891B}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{EC5D1BE3-BE42-412B-A064-4A8C6C81439C}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{F0E88B13-D9BF-4DFB-9DF4-A39F0F070390}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{F951699B-5708-4F25-9DFD-279E65F1BAA7}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{028ED9C4-25EE-4DEE-9CF4-91034BC89B18}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300
"{04983D37-2202-4295-94A2-8B547C66133F}" = Atheros WLAN Client
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution III
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{192A107E-C6B9-41B9-BDBF-38E3AA226054}" = OpenOffice.org 3.2
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}" = Samsung Magic Doctor
"{36BEAD11-8577-49AD-9250-E06A50AE87B0}" = Microsoft SOAP Toolkit 2.0 SP2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4cb9f93c-9edc-4be9-ae61-af128ddbecfa}" = Business Contact Manager für Outlook 2007 SP2
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D482078-8D15-4FD3-B838-C7B49174650F}" = Opera 10.61
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera
"{7FB12670-0F93-4E1E-B2F5-4F339199A03A}" = Microsoft SQL Server Native Client
"{849A32C3-E75A-4791-9B11-E568BA3525A4}" = Microsoft SQL Server VSS Writer
"{8E106A57-A17E-431D-B48F-175E42EB9F74}" = imagine digital freedom - Samsung
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}" = Samsung Update Plus
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AED53CDF-1046-4C6B-B5E2-C195125ECDA0}" = Intel(R) PROSet/Wireless WiFi-Software
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E503B4BF-F7BB-3D5F-8BC8-F694B1CFF942}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"ElsterFormular 11.2.0.4074" = ElsterFormular
"ESET Online Scanner" = ESET Online Scanner v3
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"InstallShield_{A5F483F0-2D79-4FCA-AE09-D0D96E23EBF7}" = Samsung Update Plus
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mozilla Thunderbird (3.1.2)" = Mozilla Thunderbird (3.1.2)
"Mp3tag" = Mp3tag v2.46a
"PROHYBRIDR" = 2007 Microsoft Office system
"ProInst" = Intel PROSet Wireless
"Revo Uninstaller" = Revo Uninstaller 1.89
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 11.08.2010 20:05:41 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 11.08.2010 20:05:41 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 11.08.2010 20:12:28 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 11.08.2010 20:12:29 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 11.08.2010 20:12:29 | Computer Name = ***-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 11.08.2010 20:51:54 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.6001.18943 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen.  Prozess-ID: 750  Anfangszeit: 01cb39b7f6772f5b  Zeitpunkt
 der Beendigung: 11
 
Error - 11.08.2010 21:21:02 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 11.08.2010 21:32:35 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.6001.18943 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen.  Prozess-ID: b90  Anfangszeit: 01cb39bddf65d101  Zeitpunkt
 der Beendigung: 0
 
Error - 11.08.2010 21:42:32 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.6001.18943 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen.  Prozess-ID: f6c  Anfangszeit: 01cb39bf2e81bff1  Zeitpunkt
 der Beendigung: 47
 
Error - 11.08.2010 22:10:37 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.6001.18943 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
 "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen.  Prozess-ID: 940  Anfangszeit: 01cb39c301e81941  Zeitpunkt
 der Beendigung: 13
 
[ Media Center Events ]
Error - 30.03.2010 17:38:17 | Computer Name = ***-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 31.03.2010 19:02:49 | Computer Name = ***-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 01.04.2010 11:14:38 | Computer Name = ***-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 12.04.2010 16:52:52 | Computer Name = ***-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 17.04.2010 18:50:58 | Computer Name = ***-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 19.04.2010 16:47:27 | Computer Name = ***-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 20.04.2010 14:49:48 | Computer Name = ***-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 20.04.2010 18:06:07 | Computer Name = ***-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 22.04.2010 17:24:30 | Computer Name = ***-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 22.04.2010 17:24:37 | Computer Name = ***-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
[ System Events ]
Error - 18.08.2010 13:46:46 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 18.08.2010 13:47:14 | Computer Name = ***-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
 
Error - 18.08.2010 15:31:28 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 18.08.2010 15:31:28 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 18.08.2010 15:31:28 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 18.08.2010 15:31:28 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 18.08.2010 15:31:28 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 18.08.2010 15:31:28 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 18.08.2010 15:31:28 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 18.08.2010 15:31:57 | Computer Name = ***-PC | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =
 
 
< End of report >
--- --- ---


Lg Alke

Larusso 19.08.2010 16:56
Noch Probleme ?

Alke_1981 19.08.2010 17:00
Hi,

nein, Internet läuft wieder flüssig. Sind wir fertig?

Larusso 19.08.2010 17:26
Deinstalliere mit Revo bitte noch softonic-de3 Toolbar


Logfile ist sauber :daumenhoc

Hier noch die letzten paar Schritte zur Säuberung Deines Rechners.

Schritt 1

Systemwiederherstellungpunkte leeren

Windows + R Taste drücken --> cleanmgr ( eingeben ) --> OK
Wähle nun deine Systemplatte (normal C: ).
Klicke auf Systemdateien bereinigen --> erneut die Systemplatte wählen --> Reiter Weitere Optionen
und klicke auf Systemwiederherstellung und Schattenkopien bereinigen.


Schritt 2

Tool CleanUp

Starte bitte die OTL.exe.
Klicke nun auf den Bereinigung Button. Dies wird die meisten Tools und Logfiles entfernen.
Sollte denoch etwas bestehen bleiben, bitte manuell entfernen sowie den Papierkorb leeren.


Schritt 3

Automatische Updates

Sehen wir nach ob die Updates für Windows sich automatisch downloaden. Das ist der beste Weg um all die Sicherheits- Patches und Fixes zu erhalten.

Windows + R Taste drücken. Kopiere nun folgenden Text in die Kommandozeile

RunDll32.exe shell32.dll,Control_RunDLL wscui.cpl

und klicke auf OK.
Stelle sicher das die automatischen Updates aktiviert sind.


Schritt 4

Um Dich für die Zukunft vor weiteren Infizierungen zu schützen empfehle ich Dir noch ein paar Programme.
  • SpywareBlaster
    Ein Tutorial zur Verwendung findest Du Hier

  • MalwareBytes Anti Malware
    Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
    Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
    Ein Tutorial zur Verwendung findest Du hier.
    Hinweis: MBAM ersetzt keine Anti- Viren- Software.

  • Temp File Cleaner
    TFC ist ein wirklich starkes Tool zum entfernen von Temp Dateien vom IE und WIndows, leert den Papierkorb und noch viel mehr.
    Ausserdem hilft es Deinen Computer zu beschleunigen.
    Du kannst Dir TFC ( by OldTimer ) hier downloaden.

  • MVPs hosts file
    Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.

  • Halte Dein System aktuell
    Ich kann gar nicht oft genug betonen, wie wichtig es ist, dass der PC auf dem aktuellsten Stand der Dinge ist.
    Es werden oft genug Sicherheitslücken in Windows eigenen Anwendungen gefunden. Diese "Löcher" gehören entfernt, weil Angreifer diese womöglich nutzen um unauthorisiert auf Dein System zu zugreifen.
    Jeden zweiten Dienstag im Monat ist Update Tag. Besuche bitte dazu die Microsoft Update Seite.

  • Halte Deine Software aktuell
    Der einfachste Weg dafür ist der Secunia Online Software.


Schritt 5

Tipps für sicheres Surfen

Das sind meine Vorschläge.
Verwende einen alternativen Browser statt den IE.
Ich empfehle Mozilla Firefox.

Für Firefox gibt es verschiedenste AddOns um sicher durch das WWW zu kommen.
  • NoScript
    Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.

  • AdblockPlus
    Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
    Es spart ausserdem Downloadkapazität.

  • WOT (Web of trust)
    Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.


Don'ts
  • Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
  • verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
  • Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
  • Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Alke_1981 19.08.2010 18:18
Hallo,

hab softonic deinstalliert, die Systemwiederherstellungspunkte geleert und die Bereinigung mit OTL durchgeführt. Die automatischen Updates für Windows waren aktiviert.

Danke für die Programm- und Toolvorschläge, damit werde ich mich auf jeden Fall beschäftigen.

Fragen habe ich keine mehr. Vielen, vielen Dank für Deine bzw. Eure Hilfe. Auch dafür das ihr Eure Freizeit für Problemfälle wie mich opfert tausend Dank.

:dankeschoen:

Lg Alke

Larusso 19.08.2010 18:26
Froh das wir helfen konten :abklatsch:

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen schicke mir bitte eine PM.

Jeder andere möge bitte einen eigenen Thread erstellen


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:54 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131