Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   TR/Kazy.mekml.1 und jetzt? (https://www.trojaner-board.de/97858-tr-kazy-mekml-1-a.html)

criß 21.04.2011 21:05
TR/Kazy.mekml.1 und jetzt?
 
hallo
haben seit heut auch den TR/Kazy.mekml.1 und nachdem ich hier schon n bisschen gelesen hab, den OTL runtergeladen und einen scan durchlaufen lassen.
hier die ergebnisse:

OTL Logfile:
Code:
OTL logfile created on: 21.04.2011 21:05:41 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\pablo\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 54,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 216,41 Gb Total Space | 24,01 Gb Free Space | 11,09% Space Free | Partition Type: NTFS
Drive D: | 107,22 Gb Total Space | 89,70 Gb Free Space | 83,66% Space Free | Partition Type: NTFS
Drive O: | 245,59 Mb Total Space | 245,03 Mb Free Space | 99,77% Space Free | Partition Type: FAT
 
Computer Name: PABLO-PC | User Name: pablo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.04.21 20:59:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\pablo\Desktop\OTL.exe
PRC - [2011.04.21 14:18:25 | 000,569,344 | ---- | M] (WinTrust) -- C:\ProgramData\MRtPNAFMRSnT.exe
PRC - [2011.04.08 17:17:40 | 000,176,848 | ---- | M] (iWin Inc.) -- C:\Programme\iWin Games\iWinTrusted.exe
PRC - [2010.09.16 18:36:40 | 000,328,568 | ---- | M] (BitTorrent, Inc.) -- C:\Programme\uTorrent\uTorrent.exe
PRC - [2010.09.01 08:39:18 | 001,164,584 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.07.06 16:01:16 | 002,634,048 | ---- | M] (Veoh Networks) -- C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2010.03.28 21:47:44 | 001,692,440 | ---- | M] (ParetoLogic) -- C:\Programme\ParetoLogic\FileCure\FileCure.exe
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.10.30 13:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\DTLite.exe
PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2009.04.17 10:01:48 | 000,366,849 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\guardgui.exe
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.02.13 08:00:00 | 000,199,680 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFME.EXE
PRC - [2008.07.21 15:07:44 | 002,752,512 | -H-- | M] (Electronic Arts) -- C:\Programme\Electronic Arts\EADM\Core.exe
PRC - [2008.06.10 20:26:28 | 000,222,456 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2008.05.27 19:35:30 | 000,040,960 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\Programme\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
PRC - [2008.02.26 17:24:06 | 004,939,776 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.10.23 14:52:26 | 002,764,800 | ---- | M] () -- C:\RecInfo\RecInfo.exe
PRC - [2007.10.12 15:00:12 | 000,180,224 | ---- | M] (hablamax) -- C:\ProgramData\Web.de\adminsvc.exe
PRC - [2007.09.26 10:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007.05.17 23:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe
PRC - [2007.04.10 23:46:52 | 000,709,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe
PRC - [2006.12.08 10:52:04 | 000,204,800 | -H-- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe
PRC - [2006.11.02 11:44:50 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\attrib.exe
PRC - [2006.10.25 00:08:40 | 000,107,112 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\ccApp.exe
PRC - [2006.10.25 00:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) -- c:\Programme\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2006.09.20 20:05:16 | 000,046,736 | ---- | M] (Symantec Corporation) -- c:\Programme\Common Files\Symantec Shared\AppCore\AppSvc32.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.04.21 20:59:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\pablo\Desktop\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.04.08 17:17:40 | 000,176,848 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Programme\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.06.10 20:26:28 | 000,222,456 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2008.04.02 03:26:27 | 001,174,152 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008.01.29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.10.12 15:00:12 | 000,180,224 | ---- | M] (hablamax) [Auto | Running] -- C:\ProgramData\Web.de\adminsvc.exe -- (AdminSVC)
SRV - [2007.09.26 10:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007.09.26 10:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler)
SRV - [2007.05.17 23:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2006.12.08 10:52:04 | 000,204,800 | -H-- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
SRV - [2006.10.27 02:18:36 | 000,080,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)
SRV - [2006.10.25 00:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - [2006.10.25 00:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2006.10.25 00:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2006.10.25 00:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006.10.13 17:29:12 | 000,049,296 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2006.09.20 20:05:16 | 000,046,736 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010.01.29 16:16:51 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.01.29 16:16:50 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.01.28 22:20:23 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.12.07 21:09:28 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.03.27 10:03:00 | 007,738,816 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.01.19 20:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2008.04.02 03:27:05 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008.02.14 15:56:02 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.07.02 17:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007.07.02 17:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.06.13 23:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
DRV - [2007.04.10 23:46:53 | 001,966,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2006.11.06 12:14:10 | 001,119,616 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.10.24 15:40:22 | 000,185,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006.10.24 15:40:22 | 000,144,784 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2006.10.24 15:40:22 | 000,038,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2006.10.24 15:40:22 | 000,037,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2006.10.24 15:40:22 | 000,026,384 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006.10.24 15:40:22 | 000,011,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2006.10.20 06:10:16 | 000,202,872 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20061025.029\IDSvix86.sys -- (IDSvix86)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.web.de/tab2 [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://go.web.de/tab2 [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.web.de/home
IE - HKLM\..\URLSearchHook: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Programme\iWin\tbiWin.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/home
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.web.de/tab2 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://go.web.de/tab2 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.web.de/home
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Programme\iWin\tbiWin.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13"
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\ProgramData\iWin Games\firefox [2008.11.13 21:49:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\PROGRA~1\Mozilla Firefox\components [2010.12.27 20:40:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\PROGRA~1\Mozilla Firefox\plugins [2010.09.15 10:49:28 | 000,000,000 | ---D | M]
 
[2008.11.06 23:44:30 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\pablo\AppData\Roaming\mozilla\Extensions
[2008.11.06 23:44:30 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\pablo\AppData\Roaming\mozilla\Extensions\{6334D996-EA3E-4a0e-AA8D-15BA56B37241}
[2010.12.19 16:38:13 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\pablo\AppData\Roaming\mozilla\Firefox\Profiles\w6lbc0qh.default\extensions
[2009.09.26 14:19:15 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\pablo\AppData\Roaming\mozilla\Firefox\Profiles\w6lbc0qh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008.11.06 23:47:26 | 000,000,000 | -H-D | M] ("I ♥ Miro") -- C:\Users\pablo\AppData\Roaming\mozilla\Firefox\Profiles\w6lbc0qh.default\extensions\{216ec66d-214a-43ea-92f0-5373f8405c88}
[2008.10.30 00:30:26 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Users\pablo\AppData\Roaming\mozilla\Firefox\Profiles\w6lbc0qh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009.12.08 22:56:24 | 000,000,000 | -H-D | M] (DVDVideoSoft Toolbar) -- C:\Users\pablo\AppData\Roaming\mozilla\Firefox\Profiles\w6lbc0qh.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010.01.28 22:21:05 | 000,000,000 | -H-D | M] ("DAEMON Tools Toolbar") -- C:\Users\pablo\AppData\Roaming\mozilla\Firefox\Profiles\w6lbc0qh.default\extensions\DTToolbar@toolbarnet.com
[2009.12.08 22:56:44 | 000,000,873 | -H-- | M] () -- C:\Users\pablo\AppData\Roaming\Mozilla\Firefox\Profiles\w6lbc0qh.default\searchplugins\conduit.xml
[2010.01.28 22:20:55 | 000,002,055 | -H-- | M] () -- C:\Users\pablo\AppData\Roaming\Mozilla\Firefox\Profiles\w6lbc0qh.default\searchplugins\daemon-search.xml
[2010.12.19 04:48:16 | 000,000,950 | -H-- | M] () -- C:\Users\pablo\AppData\Roaming\Mozilla\Firefox\Profiles\w6lbc0qh.default\searchplugins\icqplugin-1.xml
[2008.10.28 23:54:08 | 000,000,950 | -H-- | M] () -- C:\Users\pablo\AppData\Roaming\Mozilla\Firefox\Profiles\w6lbc0qh.default\searchplugins\icqplugin-2.xml
[2008.11.24 21:53:42 | 000,000,950 | -H-- | M] () -- C:\Users\pablo\AppData\Roaming\Mozilla\Firefox\Profiles\w6lbc0qh.default\searchplugins\icqplugin-3.xml
[2009.10.15 20:04:51 | 000,000,950 | -H-- | M] () -- C:\Users\pablo\AppData\Roaming\Mozilla\Firefox\Profiles\w6lbc0qh.default\searchplugins\icqplugin-4.xml
[2008.10.28 19:12:41 | 000,000,962 | -H-- | M] () -- C:\Users\pablo\AppData\Roaming\Mozilla\Firefox\Profiles\w6lbc0qh.default\searchplugins\icqplugin.xml
[2008.09.27 14:09:54 | 000,000,273 | -H-- | M] () -- C:\Users\pablo\AppData\Roaming\Mozilla\Firefox\Profiles\w6lbc0qh.default\searchplugins\search.xml
[2010.11.29 17:50:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2008.10.28 19:16:01 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.10.13 19:58:33 | 000,000,000 | ---D | M] (Talkback) -- C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org
[2008.10.28 19:16:01 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\PROGRA~1\MOZILLA FIREFOX\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07}
[2009.10.02 17:06:22 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\PROGRA~1\MOZILLA FIREFOX\EXTENSIONS\{B13721C7-F507-4982-B2E5-502A71474FED}
[2008.10.29 10:35:04 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRA~1\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2010.01.17 16:59:41 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRA~1\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2009.10.13 19:58:33 | 000,000,000 | ---D | M] (Talkback) -- C:\PROGRA~1\MOZILLA FIREFOX\EXTENSIONS\TALKBACK@MOZILLA.ORG
[2008.11.13 21:49:39 | 000,000,000 | ---D | M] (iWinGames Plugin) -- C:\PROGRAMDATA\IWIN GAMES\FIREFOX
[2009.10.13 19:58:23 | 000,067,688 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\jar50.dll
[2009.10.13 19:58:23 | 000,054,368 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\jsd3250.dll
[2009.10.13 19:58:23 | 000,034,944 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\myspell.dll
[2009.10.13 19:58:24 | 000,046,712 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\spellchk.dll
[2009.10.13 19:58:24 | 000,172,136 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\xpinstal.dll
[2009.01.06 21:16:47 | 000,024,576 | ---- | M] (RealNetworks) -- C:\Programme\Mozilla Firefox\plugins\npgcplug.dll
[2005.04.27 22:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Programme\Mozilla Firefox\plugins\npracplug.dll
[2009.10.13 19:58:31 | 000,001,525 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.10.13 19:58:31 | 000,001,063 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.10.13 19:58:31 | 000,000,998 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.10.13 19:58:31 | 000,000,815 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Programme\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll (Symantec Corporation)
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Programme\iWin Games\iWinGamesHookIE.dll (iWin Inc.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (iWin Toolbar) - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Programme\iWin\tbiWin.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Programme\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (iWin Toolbar) - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Programme\iWin\tbiWin.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (iWin Toolbar) - {CE0C2586-DA36-452B-ACDB-320D9BCB19BF} - C:\Programme\iWin\tbiWin.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [osCheck] c:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [recinfo369] c:\RecInfo\RecInfo.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKCU..\Run: [EPSON PX650 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFME.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [MRtPNAFMRSnT] C:\ProgramData\MRtPNAFMRSnT.exe (WinTrust)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\pablo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\pablo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Privacy Tray.lnk = C:\Programme\GnuPT\WPT\WinPT.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldde-de.cab (MSN Photo Upload Tool)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1222761945 (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\pablo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\pablo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{e274f267-0c4a-11df-973a-002421046f5f}\Shell - "" = AutoRun
O33 - MountPoints2\{e274f267-0c4a-11df-973a-002421046f5f}\Shell\AutoRun\command - "" = K:\SETUP.EXE -autorun
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.21 21:05:23 | 000,580,608 | -H-- | C] (OldTimer Tools) -- C:\Users\pablo\Desktop\OTL.exe
[2011.04.21 14:18:26 | 000,569,344 | -H-- | C] (WinTrust) -- C:\ProgramData\MRtPNAFMRSnT.exe
[2011.04.20 01:49:01 | 000,000,000 | -H-D | C] -- C:\Users\pablo\Desktop\Neuer Ordner (5)
[2011.04.19 22:41:44 | 000,000,000 | -H-D | C] -- C:\Users\pablo\AppData\Roaming\Rovio
[2011.04.19 21:44:44 | 000,000,000 | -H-D | C] -- C:\Users\pablo\AppData\Local\Babylon
[2011.04.19 21:44:43 | 000,000,000 | -H-D | C] -- C:\Users\pablo\AppData\Roaming\Babylon
[2011.04.19 21:44:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\Babylon
[2011.04.19 21:44:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2011.04.19 17:10:45 | 000,000,000 | -H-D | C] -- C:\Users\pablo\Desktop\Neuer Ordner (4)
[2011.04.13 18:01:40 | 000,000,000 | -H-D | C] -- C:\Users\pablo\Bookworm Adventures
[2011.04.13 18:01:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zylom
[2011.04.13 18:01:07 | 000,000,000 | ---D | C] -- C:\Programme\RealArcade
[2011.04.12 23:55:47 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.12 23:55:46 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.12 23:55:44 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.04.12 23:55:44 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.04.12 23:55:43 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.04.12 23:55:43 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.04.12 23:55:43 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.04.12 23:55:43 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.04.12 23:55:42 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.04.12 23:55:42 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.12 23:55:42 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.04.12 23:55:41 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.12 23:55:41 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.12 23:55:41 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.04.12 23:55:41 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.04.12 23:55:41 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.04.12 23:55:40 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.04.12 23:55:39 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.04.12 23:55:39 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.04.12 23:49:55 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011.04.12 23:29:12 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.04.12 23:29:12 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.04.12 23:29:10 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.12 23:29:10 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.12 23:29:05 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.12 23:28:53 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.12 23:28:51 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2011.04.12 23:28:48 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.12 23:28:48 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.12 23:26:57 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.04.12 23:26:57 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011.04.12 23:26:57 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011.04.12 23:26:57 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2009.01.06 21:16:49 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\RngInterstitial.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.21 21:19:03 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.04.21 21:08:06 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.21 21:08:06 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.21 21:08:06 | 000,122,442 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.21 21:08:06 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.21 21:04:55 | 000,487,424 | -H-- | M] () -- C:\ProgramData\45539080.exe
[2011.04.21 21:04:34 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.21 21:04:33 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\FileCure Startup.job
[2011.04.21 21:04:24 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011.04.21 21:04:24 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.21 21:04:24 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.21 21:04:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.21 21:04:14 | 2146,689,024 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.21 20:59:00 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Users\pablo\Desktop\OTL.exe
[2011.04.21 14:59:08 | 000,320,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.21 14:18:25 | 000,569,344 | -H-- | M] (WinTrust) -- C:\ProgramData\MRtPNAFMRSnT.exe
[2011.04.21 13:57:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.21 10:28:01 | 000,000,240 | ---- | M] () -- C:\Windows\tasks\Epson Printer Software Downloader.job
[2011.04.19 21:45:12 | 000,002,053 | ---- | M] () -- C:\Users\Public\Desktop\Babylon.lnk
[2011.04.19 18:00:00 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2011.04.18 22:04:52 | 000,171,520 | -H-- | M] () -- C:\Users\pablo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.18 20:45:57 | 000,017,408 | -H-- | M] () -- C:\Users\pablo\AppData\Local\WebpageIcons.db
[2011.04.16 04:25:01 | 000,000,418 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2011.04.16 03:41:02 | 000,000,364 | ---- | M] () -- C:\Windows\tasks\FileCure Default.job
[2011.04.13 18:02:15 | 000,000,772 | -H-- | M] () -- C:\Users\pablo\Desktop\Bookworm Adventures.lnk
[2011.04.13 18:01:40 | 000,000,133 | -H-- | M] () -- C:\Users\pablo\Desktop\Zylom.url
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.21 21:04:54 | 000,487,424 | -H-- | C] () -- C:\ProgramData\45539080.exe
[2011.04.21 14:58:19 | 2146,689,024 | -HS- | C] () -- C:\hiberfil.sys
[2011.04.19 21:44:44 | 000,002,053 | ---- | C] () -- C:\Users\Public\Desktop\Babylon.lnk
[2011.04.13 18:02:15 | 000,000,772 | -H-- | C] () -- C:\Users\pablo\Desktop\Bookworm Adventures.lnk
[2011.04.13 18:01:40 | 000,000,133 | -H-- | C] () -- C:\Users\pablo\Desktop\Zylom.url
[2011.04.13 01:14:45 | 000,000,868 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job
[2010.11.15 18:40:24 | 000,050,344 | ---- | C] () -- C:\Programme\Uninstall Mini Balla 2006.exe
[2010.09.13 17:52:38 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe
[2010.06.27 16:32:50 | 000,017,408 | -H-- | C] () -- C:\Users\pablo\AppData\Local\WebpageIcons.db
[2010.03.24 16:43:15 | 000,001,682 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2010.03.24 16:43:15 | 000,000,056 | RHS- | C] () -- C:\Windows\System32\9E63D8604E.sys
[2010.01.29 16:16:51 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.01.29 16:16:50 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.01.28 03:09:54 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.10.13 17:28:27 | 000,000,120 | ---- | C] () -- C:\Windows\CMRGDB01.INI
[2009.10.13 17:28:23 | 000,004,779 | ---- | C] () -- C:\Windows\CMRGUNST.INI
[2009.10.02 17:10:08 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.08.07 22:33:40 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.07 22:33:40 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.08.07 22:33:06 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.05.30 02:37:40 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.05.30 02:31:52 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.04.16 21:29:32 | 000,000,552 | -H-- | C] () -- C:\Users\pablo\AppData\Local\d3d8caps.dat
[2009.04.16 21:28:04 | 000,001,356 | -H-- | C] () -- C:\Users\pablo\AppData\Local\d3d9caps.dat
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.09.23 12:23:39 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.09.10 12:23:50 | 000,000,464 | -H-- | C] () -- C:\Users\pablo\AppData\Roaming\wklnhst.dat
[2008.09.09 21:29:05 | 000,000,000 | ---- | C] () -- C:\Windows\PhEdit.INI
[2008.09.09 21:04:18 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2008.09.09 21:04:18 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2008.09.09 21:04:18 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2008.09.09 21:04:18 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2008.09.09 21:04:18 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2008.09.09 21:04:18 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2008.09.09 21:04:18 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2008.09.09 21:04:18 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2008.09.09 21:04:18 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2008.09.09 21:04:18 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2008.09.09 21:04:18 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2008.09.09 21:04:18 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2008.09.09 21:04:18 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2008.09.09 21:04:18 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2008.09.09 21:04:18 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2008.09.09 21:04:18 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2008.09.09 21:04:18 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2008.09.09 21:04:18 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2008.09.09 21:04:18 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008.09.09 16:17:14 | 000,171,520 | -H-- | C] () -- C:\Users\pablo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.05.30 19:41:07 | 000,000,342 | ---- | C] () -- C:\Windows\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}_WiseFW.ini
[2007.09.04 12:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007.04.10 23:46:52 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini
[2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.02 17:33:31 | 000,618,204 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,122,442 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,320,512 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,586,980 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,101,052 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.08.11 09:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2004.09.01 17:49:17 | 003,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:6533A988
@Alternate Data Stream - 64 bytes -> C:\Users\pablo\Tracy Chapman - For My Lover (Album Version).avi:TOC.WMV
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:8AEA12E8
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:A1128200
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:75C2528D
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:EB79041A
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:32758ED6
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:1E3035E2
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:DCBD0AC7
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:CB5C4185
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:C04C48D4
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:6F71E822
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:E091E936
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:698B483C
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:DF236465
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:C4870D32
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:290A724C
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:E6B3E318
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:5F280981
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:77CE0242
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:581B0446
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:E73AD533
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:77CF9481
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:4B970D7A
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:257AC7F8
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:98E4FEC6
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:472EB08A
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:F0E52E4F
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:5F3235B3
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:2A6BF249
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:EAD1940E
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:B7F727B8
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:AED4FFF5
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5BA6D27E
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:4F09946C
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:FF333535
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:53B47F8A
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:EFD52482
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:2702A8B3
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:0E1DD4C5
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:34B9286E
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:6972373C
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:93CEB973
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:E868CDC2
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:CF185254
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:429EC15A
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:08AC8A76
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:24E8169B
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:CDCE26D3
 
< End of report >
--- --- ---


und noch das zweite:

OTL Logfile:
Code:
OTL Extras logfile created on: 21.04.2011 21:05:41 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\pablo\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 54,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 216,41 Gb Total Space | 24,01 Gb Free Space | 11,09% Space Free | Partition Type: NTFS
Drive D: | 107,22 Gb Total Space | 89,70 Gb Free Space | 83,66% Space Free | Partition Type: NTFS
Drive O: | 245,59 Mb Total Space | 245,03 Mb Free Space | 99,77% Space Free | Partition Type: FAT
 
Computer Name: PABLO-PC | User Name: pablo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- C:\Program Files\ParetoLogic\FileCure\FileCure_noapp.exe %1 (ParetoLogic)
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"UacDisableNotify" = 0
"InternetSettingsDisableNotify" = 0
"AutoUpdateDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0AAE4AB9-05D7-44F7-9B0F-94249DB8EC47}" = lport=445 | protocol=6 | dir=in | app=system |
"{66F7F48E-1EF9-4D99-B1B2-24FF7176F6CC}" = lport=138 | protocol=17 | dir=in | app=system |
"{A3C40E56-03E7-4E48-9339-279EA860CFF5}" = rport=139 | protocol=6 | dir=out | app=system |
"{B88766C4-751B-4FCF-93D8-CEAE2ABED598}" = rport=137 | protocol=17 | dir=out | app=system |
"{CAAE537E-E1F3-4C43-B5E6-D4EE0C4C76B5}" = rport=445 | protocol=6 | dir=out | app=system |
"{D4E5EEFA-9CF7-4D84-9AD7-18CC826D3B74}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DDDA2D15-314C-4942-9075-B77A7B0C7FDB}" = rport=138 | protocol=17 | dir=out | app=system |
"{E97FF89D-EF31-4A14-B0C8-38E644F3B83F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{F2734FBB-279B-4F13-B971-F34FE5F0FFAF}" = lport=137 | protocol=17 | dir=in | app=system |
"{F4D18BDB-0629-4755-A488-192138FAFE93}" = lport=139 | protocol=6 | dir=in | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0025EB18-6632-42A0-99C4-0D57BA884102}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0CE7BC3D-84DF-4E14-8137-7A2EED505350}" = protocol=6 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{2D87E381-7EDF-4B42-B358-6D912B621F97}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{3D1A72F6-2AE0-44FD-AAB7-CB613D487D7B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{3EE36C16-EE41-4B38-894E-6C55D75850BF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{4EA490CF-CFDB-495B-A4A1-9773506408B6}" = protocol=6 | dir=in | app=c:\program files\iwin games\webupdater.exe |
"{50E7BB67-AB1D-46A4-AC08-E7FB9962BC77}" = protocol=17 | dir=in | app=c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe |
"{57607F00-89D5-4459-BD1A-8D43E66AA417}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{789A518F-0A1B-4E51-A96B-22B4D951A654}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe |
"{7F6C9084-4608-4A81-AF17-4A68B89E051F}" = protocol=17 | dir=in | app=c:\program files\iwin games\iwingames.exe |
"{80616181-E9ED-4D76-906D-971AAB03432F}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{843E9780-BBEB-41BC-98C4-D57CDC83A772}" = protocol=17 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"{9563085C-E533-4F12-BDB7-07AD9116B6DD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{989D6816-DDA6-4F84-A584-703284E5D44D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{AFED63F6-8614-4D9E-99DE-DB673C7F7593}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{B4732F6A-8916-4F89-87B1-01AD2B12FB4A}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{B5FFCCCC-584E-40CA-8C99-E09C3049BAD0}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe |
"{D042E2CF-7CC5-49B9-9A72-A561621E406F}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe |
"{D12973E1-D033-449D-8F90-1FC48BBC8A69}" = protocol=6 | dir=in | app=c:\program files\iwin games\iwingames.exe |
"{D29B898F-892B-41B1-901A-BE07D1225A36}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{D54450AC-98E8-4FE1-BABB-A4C300379E46}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{DA3E266F-7B7F-42DC-B7D4-50E139290603}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe |
"{E8E5316E-7A42-47D7-A815-FA0C59002F4D}" = protocol=6 | dir=in | app=c:\program files\fujitsu siemens computers\fsclounge\fscwbaseupdaterservice\2\fscwbaseupdaterservice.exe |
"{F1E87292-7997-4E5B-9B3C-DF51B0C06D9D}" = protocol=17 | dir=in | app=c:\program files\iwin games\webupdater.exe |
"{F56E6D8B-F4C2-407D-915E-F1406C97A293}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"TCP Query User{2DCDD54C-BCA3-41F4-9E63-FA9D8F92ADA3}C:\program files\mmtoolz\internettv\internettv.exe" = protocol=6 | dir=in | app=c:\program files\mmtoolz\internettv\internettv.exe |
"TCP Query User{401E4E8D-2292-4C8F-809E-FF311300BE0E}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"TCP Query User{4CEFCADF-11FD-4990-A01A-165AD7555F83}C:\program files\zattoo\zattood.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattood.exe |
"TCP Query User{89F323A6-7814-4014-B694-FAFEE8597B45}C:\program files\zattoo\zattoo.exe" = protocol=6 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"TCP Query User{8DC620BA-1A0F-46C5-A13B-C83DD4443E2C}C:\program files\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"TCP Query User{A0FD5B02-540A-4DEB-822C-62A8C23C940D}C:\program files\icq6\icq.exe" = protocol=6 | dir=in | app=c:\program files\icq6\icq.exe |
"TCP Query User{D8711A72-9E5E-44E8-8BED-C725E07B1C64}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{E8EE1298-42D7-4E2B-AF43-E7471134FA79}C:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe" = protocol=6 | dir=in | app=c:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe |
"UDP Query User{19C83C63-742B-402B-9658-A60397120121}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{37830EE0-65C7-4235-AE83-29858670C94E}C:\program files\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files\google\google earth\plugin\geplugin.exe |
"UDP Query User{4945DB64-B1FA-405C-A4DC-47FC398EBB66}C:\program files\zattoo\zattoo.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattoo.exe |
"UDP Query User{955C5B4D-0C77-4FAD-BA02-FE0D1BF8D4A9}C:\program files\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\eadm\core.exe |
"UDP Query User{956CF4FC-F375-48CA-BD3C-2A2C49884ABA}C:\program files\icq6\icq.exe" = protocol=17 | dir=in | app=c:\program files\icq6\icq.exe |
"UDP Query User{9C6FF2DF-655C-49C8-AA2C-CAD995FAD5DA}C:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe" = protocol=17 | dir=in | app=c:\program files\participatory culture foundation\miro\xulrunner\python\miro_downloader.exe |
"UDP Query User{C9D290DB-2C3D-432F-ABED-60704579EEFF}C:\program files\mmtoolz\internettv\internettv.exe" = protocol=17 | dir=in | app=c:\program files\mmtoolz\internettv\internettv.exe |
"UDP Query User{E844DACC-CBB4-4A73-9B47-371E82E06F29}C:\program files\zattoo\zattood.exe" = protocol=17 | dir=in | app=c:\program files\zattoo\zattood.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C34B801-6AEC-4667-B053-03A67E2D0415}" = Apple Application Support
"{0D00CD3F-AEDC-45F1-A2DD-DADF74407D7B}_is1" = Edna Bricht Aus 6.3
"{0E77B4E0-0D8B-4F93-B419-29CE8498E6B6}" = Simon the Sorcerer - Wer will schon Kontakt?
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216010FF}" = Java(TM) 6 Update 17
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{3672B097-EA69-4bfe-B92F-29AE6D9D2B34}" = Norton Internet Security
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3CCAD2EF-CFF2-4637-82AA-AABF370282D3}" = ccCommon
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective
"{48185814-A224-447A-81DA-71BD20580E1B}" = Norton Internet Security
"{4843B611-8FCB-4428-8C23-31D0A5EAE164}" = Norton Confidential Browser Component
"{4E5459A7-20FC-44D6-8832-80AE5A8D2B47}_is1" = GnuPT Version 3.6.7
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{726DBFE3-BE2B-4FFA-9787-D6495765CFD2}" = Microsoft LifeCam
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DB77BE4-629D-458D-BD68-9F36667C2177}" = TubeBox!
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{94D66D71-12F0-48A5-B46A-D4B835A0F1B7}" = FirstSteps Diagnostics
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A129ABC-A53A-4209-A21E-D5DEDFB7CCA8}" = Norton Protection Center
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}" = FSCLounge
"{9A9DBEBC-C800-4776-A970-D76D6AA405B1}" = PHOTOfunSTUDIO -viewer-
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF4434001}" = Epson Printer Software Downloader
"{B7C61755-DB48-4003-948F-3D34DB8EAF69}" = MSRedist
"{BD009869-6498-4CF9-9016-E9EA6E3742B2}" = The Whispered World
"{C1C441C4-57FA-4950-BDBA-BABFBAA2AA39}" = ParetoLogic FileCure
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D16A31F9-276D-4968-A753-FFEAC56995D0}" = Epson Print CD
"{D353CC51-430D-4C6F-9B7E-52003DA1E05A}" = Norton Confidential Web Protection Component
"{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}" = iTunes
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{E3EFA461-EB83-4C3B-9C47-2C1D58A01555}" = Norton Internet Security
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton Internet Security
"{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4DB525F-A986-4249-B98B-42A8066251CA}" = AV
"{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1031}" = Nero 7 Essentials
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"10 Days To Save The World" = 10 Days To Save The World (nur deinstallation)
"87f22455ae2e457413fab5f880d72f9a" = Bookworm Adventures
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"AlawarGameBox" = Alawar Game Box
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"Be A King" = Be A King (nur deinstallation)
"BFG-Bookworm Deluxe" = Bookworm Deluxe
"BFGC" = Big Fish Games: Game Manager
"BFG-Ice Cream Craze - Tycoon Takeover" = Ice Cream Craze: Tycoon Takeover
"BGroom" = BGroom
"Big Fish Games Center" = Big Fish Games Center (remove only)
"Big Fish Games Sudoku" = Big Fish Games Sudoku (remove only)
"Boggle_is1" = Boggle
"Bookworm Adventures Deluxe" = Bookworm Adventures Deluxe
"Bookworm Adventures Vol. 2" = Bookworm Adventures Vol. 2
"Cheatbook 05.2009" = Cheatbook 05.2009
"Coconut Queen" = Coconut Queen (nur deinstallation)
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Dirty Split" = Dirty Split (remove only)
"DivX Setup.divx.com" = DivX-Setup
"Drakensang_is1" = Drakensang (Patch Version 1.02)
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"Eco Rescue: Project Rainforest" = Eco Rescue: Project Rainforest (nur deinstallation)
"Epson Printer Software Downloader" = Epson Printer Software Downloader
"EPSON PX650 Series" = Druckerdeinstallation für EPSON PX650 Series
"EPSON Scanner" = EPSON Scan
"Epson Stylus Photo PX650_TX650 Benutzerhandbuch" = Epson Stylus Photo PX650_TX650 Handbuch
"Fairy Godmother Tycoon" = Fairy Godmother Tycoon (nur deinstallation)
"Farm Frenzy 3" = Farm Frenzy 3 (nur deinstallation)
"Farm Frenzy 3 ." = Farm Frenzy 3 .
"Farm Frenzy 3 Ice Age 1.00" = Farm Frenzy 3 Ice Age 1.00
"Farm Frenzy: Gone Fishing!" = Farm Frenzy: Gone Fishing! (nur deinstallation)
"Farm Mania 2" = Farm Mania 2 (nur deinstallation)
"Fever Frenzy" = Fever Frenzy (remove only)
"Fiona Finch and the Finest Flowers" = Fiona Finch and the Finest Flowers (nur deinstallation)
"Fishdom: Frosty Splash" = Fishdom: Frosty Splash (nur deinstallation)
"Free Studio_is1" = Free Studio version 4.2
"GNU Backgammon_is1" = GNU Backgammon (MAIN branch, 20081113 code)
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ICQToolbar" = ICQ Toolbar
"InstallShield_{EF7E931D-DC84-471B-8DB6-A83358095474}" = EA Download Manager
"InternetTV_is1" = InternetTV 7.12
"IrfanView" = IrfanView (remove only)
"Island Realms" = Island Realms (nur deinstallation)
"iWin Toolbar" = iWin Toolbar
"iWinArcade" = iWin Games (remove only)
"Jewel Quest II" = Jewel Quest II (nur deinstallation)
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Luxor Amun Rising" = Luxor Amun Rising (remove only)
"Mah Jong Quest III" = Mah Jong Quest III (nur deinstallation)
"Mahjong Towers Eternity EU" = Mahjong Towers Eternity EU (remove only)
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mini Balla 2006" = Mini Balla 2006
"Mini-Mäuse" = Mini-Mäuse
"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)
"My Free Mahjong_is1" = My Free Mahjong
"My Tribe" = My Tribe (nur entfernen)
"My Tribe 1.00" = My Tribe 1.00
"Mystery Case Files - Prime Suspects" = Mystery Case Files - Prime Suspects (remove only)
"NVIDIA Drivers" = NVIDIA Drivers
"Photo Mania" = Photo Mania (nur entfernen)
"Picasa 3" = Picasa 3
"Poker Superstars II" = Poker Superstars II (remove only)
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"QuickSFV" = QuickSFV (Remove only)
"RealArcade 1.2" = RealArcade
"RollerCoaster Tycoon Setup" = Roll
"Royal Trouble" = Royal Trouble (nur deinstallation)
"Sanitarium" = Sanitarium
"SKIP BO Castaway Caper1.0" = SKIP BO Castaway Caper
"SKIP¯BO Castaway Caper" = SKIP¯BO Castaway Caper (nur deinstallation)
"Sprill & Rithies Adventures In Time" = Sprill & Rithies Adventures In Time (nur deinstallation)
"Super Granny 5" = Super Granny 5 (nur deinstallation)
"SymSetup.{5AA2CD16-706F-41f3-87C5-2B5A031F2B3B}" = Norton Internet Security (Symantec Corporation)
"Tahiti Hidden Pearls" = Tahiti Hidden Pearls (nur deinstallation)
"The Clumsys" = The Clumsys (nur entfernen)
"The Enchanting Islands" = The Enchanting Islands (nur deinstallation)
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"Veoh Web Player Beta" = Veoh Web Player
"WEB.DE IE7 Browser Update" = WEB.DE IE7 Browser Update
"WinGimp-2.0_is1" = GIMP 2.6.7
"WinRAR archiver" = WinRAR
"Zattoo" = Zattoo 3.3.4 Beta
"Zattoo4" = Zattoo4 4.0.5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Farm Frenzy 2 Deluxe" = Farm Frenzy 2 Deluxe
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"SKIP-BO Castaway Caper(TM)" = SKIP-BO Castaway Caper(TM)
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 20.04.2011 04:17:44 | Computer Name = pablo-PC | Source = RasClient | ID = 20227
Description =
 
Error - 20.04.2011 04:19:05 | Computer Name = pablo-PC | Source = RasClient | ID = 20227
Description =
 
Error - 20.04.2011 13:23:50 | Computer Name = pablo-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 21.04.2011 02:32:01 | Computer Name = pablo-PC | Source = RasClient | ID = 20227
Description =
 
Error - 21.04.2011 02:33:22 | Computer Name = pablo-PC | Source = RasClient | ID = 20227
Description =
 
Error - 21.04.2011 06:46:36 | Computer Name = pablo-PC | Source = RasClient | ID = 20227
Description =
 
Error - 21.04.2011 06:47:57 | Computer Name = pablo-PC | Source = RasClient | ID = 20227
Description =
 
Error - 21.04.2011 06:49:18 | Computer Name = pablo-PC | Source = RasClient | ID = 20227
Description =
 
Error - 21.04.2011 08:20:09 | Computer Name = pablo-PC | Source = Application Hang | ID = 1002
Description = Programm iexplore.exe, Version 8.0.6001.19048 arbeitet nicht mehr
mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet
"Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen
über das Problem zu suchen. Prozess-ID: 1764 Anfangszeit: 01cbffea8f121339 Zeitpunkt
der Beendigung: 19
 
Error - 21.04.2011 08:55:57 | Computer Name = pablo-PC | Source = EventSystem | ID = 4609
Description =
 
[ Media Center Events ]
Error - 18.06.2010 14:21:46 | Computer Name = pablo-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
 
 
Error - 23.06.2010 07:48:12 | Computer Name = pablo-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
 
 
Error - 11.07.2010 08:08:18 | Computer Name = pablo-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
 
 
Error - 17.07.2010 03:59:38 | Computer Name = pablo-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
 
 
Error - 17.07.2010 13:00:42 | Computer Name = pablo-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
 
 
Error - 27.07.2010 17:06:37 | Computer Name = pablo-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
 
 
Error - 28.07.2010 17:17:17 | Computer Name = pablo-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
 
 
Error - 29.01.2011 08:00:48 | Computer Name = pablo-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
 
 
Error - 15.02.2011 05:05:13 | Computer Name = pablo-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
 
 
Error - 13.04.2011 15:14:35 | Computer Name = pablo-PC | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
GetLastError returned 10000105 Prozess: DefaultDomain Objektname: Media Center Guide
 
 
[ System Events ]
Error - 21.04.2011 08:56:30 | Computer Name = pablo-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 21.04.2011 08:56:30 | Computer Name = pablo-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 21.04.2011 08:56:34 | Computer Name = pablo-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 21.04.2011 08:56:34 | Computer Name = pablo-PC | Source = DCOM | ID = 10005
Description =
 
Error - 21.04.2011 08:56:36 | Computer Name = pablo-PC | Source = Service Control Manager | ID = 7001
Description =
 
Error - 21.04.2011 08:56:43 | Computer Name = pablo-PC | Source = DCOM | ID = 10005
Description =
 
Error - 21.04.2011 09:04:37 | Computer Name = pablo-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 21.04.2011 10:29:17 | Computer Name = pablo-PC | Source = Service Control Manager | ID = 7022
Description =
 
Error - 21.04.2011 10:36:09 | Computer Name = pablo-PC | Source = DCOM | ID = 10010
Description =
 
Error - 21.04.2011 15:09:31 | Computer Name = pablo-PC | Source = Service Control Manager | ID = 7022
Description =
 
 
< End of report >
--- --- ---


bitte sagt uns was wir damit anfangen können?
danke
und frohe ostern

kira 21.04.2011 22:41
Hallo und Herzlich Willkommen! :)

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen:)

Zitat:
Wenn ein System kompromittiert wurde, ist das System nicht mehr vertrauenswürdig
Eine Neuinstallation garantiert die rückstandsfreie Entfernung der Infektion - Lesestoff: "Hilfe: Ich wurde das Opfer eines Hackerangriffs. Was soll ich tun?" - Säubern eines gefährdeten Systems
Falls du doch für die Systemreinigung entscheidest - Ein System zu bereinigen kann ein paar Tage dauern (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst::

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
:OTL
PRC - [2011.04.21 14:18:25 | 000,569,344 | ---- | M] (WinTrust) -- C:\ProgramData\MRtPNAFMRSnT.exe
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
[2011.04.21 21:04:55 | 000,487,424 | -H-- | M] () -- C:\ProgramData\45539080.exe
@Alternate Data Stream - 64 bytes -> C:\Users\pablo\Tracy Chapman - For My Lover (Album Version).avi:TOC.WMV

:Commands
[purity]
[emptytemp]

2.
Lade Dir Malwarebytes Anti-Malware von→ malwarebytes.org
  • Installieren und per Doppelklick starten.
  • Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
  • "Komplett Scan durchführen" wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung

3.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool Ccleaner herunter
Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ falls nötig - unter Options settings-> "german" einstellen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

4.
Erneut ein OTL-Log erstellen und posten:-> OTL-Anleitung

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B hjtsanlist o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
Coverflow

criß 22.04.2011 20:49
hallo
und vielen dank für deine hilfe
haben jetzt deine anweisungen befolgt also hier erst mal die ergebnisse:

1. otl-log:
Code:
All processes killed
========== OTL ==========
No active process named MRtPNAFMRSnT.exe was found!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
File C:\ProgramData\45539080.exe not found.
ADS C:\Users\pablo\Tracy Chapman - For My Lover (Album Version).avi:TOC.WMV deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 41 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: pablo
->Temp folder emptied: 2742601026 bytes
->Temporary Internet Files folder emptied: 665770250 bytes
->Java cache emptied: 29438732 bytes
->FireFox cache emptied: 20430512 bytes
->Google Chrome cache emptied: 8976536 bytes
->Flash cache emptied: 100663 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 331776 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 193500262 bytes
RecycleBin emptied: 152120179 bytes
 
Total Files Cleaned = 3.637,00 mb
 
 
OTL by OldTimer - Version 3.2.22.3 log created on 04222011_125137

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\TMP0000003DE0019F04D92893A8 not found!

Registry entries deleted on Reboot...
mbam-scan:
Code:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6418

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19048

22.04.2011 21:13:20
mbam-log-2011-04-22 (21-13-20).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|K:\|L:\|M:\|O:\|)
Durchsuchte Objekte: 377885
Laufzeit: 1 Stunde(n), 44 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 4

Infizierte Speicherprozesse:
c:\programdata\mrtpnafmrsnt.exe (Trojan.FakeAlert) -> 1384 -> Unloaded process successfully.

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MRtPNAFMRSnT (Trojan.FakeAlert) -> Value: MRtPNAFMRSnT -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Value: *.securewebinfo.com -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Value: *.safetyincludes.com -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Value: *.securemanaging.com -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\programdata\mrtpnafmrsnt.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\program files\Games\My Tribe\MyTribe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\pablo\favorites\antivirus scan.url (Rogue.Link) -> Quarantined and deleted successfully.
c:\Users\pablo\documents\my documents.url (Trojan.Zlob) -> Quarantined and deleted successfully.
ccleaner:

Code:
10 Days To Save The World (nur deinstallation)                17.07.2010        87,2MB       
Activation Assistant for the 2007 Microsoft Office suites        Microsoft Corporation        29.05.2008        14,0MB       
Adobe Flash Player 10 ActiveX        Adobe Systems Incorporated        13.09.2010                10.1.82.76
Adobe Flash Player Plugin        Adobe Systems Incorporated        10.10.2008                9.0.124.0
Adobe Reader 8.1.2 - Deutsch        Adobe Systems Incorporated        01.04.2008        99,6MB        8.1.2
Alawar Game Box                28.10.2008        2,71MB       
Apple Application Support        Apple Inc.        01.10.2009        32,2MB        1.0
Apple Mobile Device Support        Apple Inc.        01.10.2009        40,4MB        2.6.0.32
Apple Software Update        Apple Inc.        18.09.2008        2,16MB        2.1.1.116
Avira AntiVir Personal - Free Antivirus        Avira GmbH        12.10.2009        134,3MB       
AVS Update Manager 1.0        Online Media Technologies Ltd.        23.03.2010        10,4MB       
AVS Video Converter 6        Online Media Technologies Ltd.        23.03.2010        34,1MB       
AVS4YOU Software Navigator 1.4        Online Media Technologies Ltd.        23.03.2010        8,74MB       
Be A King (nur deinstallation)                22.07.2009        28,8MB       
BGroom                28.06.2010        11,3MB       
Big Fish Games Center (remove only)                29.05.2008        172,3MB       
Big Fish Games Sudoku (remove only)                29.05.2008        172,3MB       
Big Fish Games: Game Manager                23.04.2010        6,64MB        1.5.1.0
Boggle                13.12.2009        34,7MB       
Bonjour        Apple Inc.        01.10.2009        0,49MB        1.0.106
Bookworm Adventures                12.04.2011        32,2MB       
Bookworm Adventures Deluxe        GameHouse, Inc.        23.04.2010        31,9MB       
Bookworm Adventures Vol. 2        PopCap Games        15.10.2009        74,6MB       
Bookworm Deluxe                15.10.2009        12,8MB       
CCleaner        Piriform        21.04.2011        3,60MB        3.05
Cheatbook 05.2009                25.01.2010        7,55MB       
Coconut Queen (nur deinstallation)                17.07.2010        107,6MB       
Compatibility Pack für 2007 Office System        Microsoft Corporation        12.04.2011        56,2MB        12.0.6425.1000
DAEMON Tools Toolbar        DT Soft Ltd        27.01.2010        2,46MB        1.1.1.0014
Dirty Split (remove only)                22.01.2010        225MB       
DivX-Setup        DivX, Inc.        12.09.2010        2,34MB        2.0.4.2
Drakensang (Patch Version 1.02)        dtp AG        16.09.2010        4.809MB       
Driver Detective        PC Drivers HeadQuarters        28.01.2010        5,35MB        8.0.1
Druckerdeinstallation für EPSON PX650 Series        SEIKO EPSON Corporation        12.07.2010               
DVDVideoSoft Toolbar                07.12.2009        69,1MB       
EA Download Manager        Electronic Arts        26.12.2010        6,61MB        4.0.0.396
Eco Rescue:  Project Rainforest (nur deinstallation)                14.09.2009        134,2MB       
Edna Bricht Aus 6.3                02.03.2010        6.887MB       
Epson Easy Photo Print 2        SEIKO EPSON CORPORATION        12.07.2010        98,9MB        2.1.0.0
Epson Print CD        SEIKO EPSON CORPORATION        12.07.2010        26,9MB        2.00.00
Epson Printer Software Downloader                12.07.2010               
EPSON Scan                12.07.2010        15,8MB       
Epson Stylus Photo PX650_TX650 Handbuch                12.07.2010        8,17MB       
Fairy Godmother Tycoon (nur deinstallation)                03.04.2010        50,1MB       
Farm Frenzy 2 Deluxe        Zylom Games        04.01.2009        38,7MB        1.0.0
Farm Frenzy 3 (nur deinstallation)                11.09.2009        92,8MB       
Farm Frenzy 3 .                25.02.2010        98,9MB       
Farm Frenzy 3 Ice Age 1.00                21.04.2010        92,9MB       
Farm Frenzy: Gone Fishing! (nur deinstallation)                27.10.2010        88,4MB       
Farm Mania 2 (nur deinstallation)                08.01.2010        227MB       
Fever Frenzy (remove only)                04.01.2009        46,5MB       
Fiona Finch and the Finest Flowers (nur deinstallation)                13.12.2010        125,1MB       
FirstSteps Diagnostics        Fujitsu Siemens Computers        01.04.2008        4,67MB        1.00
Fishdom: Frosty Splash (nur deinstallation)                28.11.2009        57,6MB       
Free Studio version 4.2        DVDVideoSoft Limited.        07.12.2009        66,7MB       
FSCLounge        Fujitsu Siemens Computers        29.05.2008        8,47MB        1.0.0
GIMP 2.6.7                14.10.2009        87,0MB       
GNU Backgammon (MAIN branch, 20081113 code)        Free Software Foundation        07.12.2010        41,8MB       
GnuPT Version 3.6.7        GnuPT - Protect Your Data        05.04.2010        6,14MB        3.6.7
Google Chrome        Google Inc.        05.03.2010        157,9MB        10.0.648.205
Google Desktop        Google        29.05.2008        8,57MB        -
Google Earth        Google        28.09.2010        85,4MB        5.2.1.1588
Google Toolbar for Internet Explorer        Google Inc.        12.04.2011        44,7MB       
Google Updater        Google Inc.        12.10.2008        3,96MB        2.4.1368.5602
Ice Cream Craze: Tycoon Takeover                23.04.2010        50,7MB       
ICQ Toolbar        ICQ        27.10.2008                3.0.0
ICQ6        ICQ        27.10.2008        42,5MB        6.00.0000
InternetTV 7.12        MMToolz, Inc.        19.10.2008        1,14MB       
IrfanView (remove only)                14.10.2009        1,85MB       
Island Realms (nur deinstallation)                06.06.2010        48,2MB       
iTunes        Apple Inc.        01.10.2009        132,4MB        9.0.1.8
iWin Games (remove only)                21.07.2009        2,69MB       
iWin Toolbar                12.11.2008        1,90MB       
Java(TM) 6 Update 17        Sun Microsystems, Inc.        28.10.2008        94,4MB        6.0.170
Jewel Quest II (nur deinstallation)                06.09.2009        36,2MB       
LiveUpdate 3.2 (Symantec Corporation)        Symantec Corporation        22.09.2008        8,56MB        3.2.0.68
LiveUpdate Notice (Symantec Corporation)        Symantec Corporation        22.09.2008        7,59MB        1.4.5
Luxor Amun Rising (remove only)                29.05.2008        18,1MB       
Mah Jong Quest III (nur deinstallation)                09.01.2010        96,3MB       
Mahjong Towers Eternity EU (remove only)                29.05.2008        15,7MB       
Malwarebytes' Anti-Malware        Malwarebytes Corporation        21.04.2011        4,80MB       
McAfee Security Scan Plus        McAfee, Inc.        14.09.2010        9,10MB        2.0.181.2
Microsoft .NET Framework 3.5 SP1        Microsoft Corporation        06.08.2009        27,8MB       
Microsoft LifeCam        Microsoft        01.10.2009        57,7MB        1.40.164.0
Microsoft Office Home and Student 2007        Microsoft Corporation        23.10.2010        297MB        12.0.6425.1000
Microsoft Office PowerPoint Viewer 2007 (German)        Microsoft Corporation        12.04.2011        51,0MB        12.0.6425.1000
Microsoft Silverlight        Microsoft Corporation        21.04.2011        79,9MB        4.0.60310.0
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        23.03.2010        0,33MB        8.0.59193
Microsoft Visual C++ 2005 Redistributable - KB2467175        Microsoft Corporation        12.04.2011        0,29MB        8.0.51011
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148        Microsoft Corporation        22.10.2010        0,19MB        9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570        Microsoft Corporation        12.04.2011        0,58MB        9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17        Microsoft Corporation        12.10.2009        0,58MB        9.0.30729
Microsoft Works        Microsoft Corporation        16.12.2010        377MB        9.7.0621
Mini Balla 2006                14.11.2010        4,47MB       
Mini-Mäuse                12.10.2009        5,05MB       
Move Networks Media Player for Internet Explorer                02.10.2009        1,09MB       
Mozilla Firefox (2.0.0.20)        Mozilla        12.10.2009        24,5MB        2.0.0.20 (de)
MSXML 4.0 SP2 (KB936181)        Microsoft Corporation        01.11.2008        1,27MB        4.20.9848.0
MSXML 4.0 SP2 (KB941833)        Microsoft Corporation        01.04.2008        1,27MB        4.20.9849.0
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        12.11.2008        1,28MB        4.20.9870.0
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        25.11.2009        1,34MB        4.20.9876.0
My Free Mahjong        MyPlayCity, Inc.        08.01.2010        7,00MB        1.0
My Tribe (nur entfernen)                22.01.2010        60,1MB       
My Tribe 1.00                23.01.2010        60,2MB       
Mystery Case Files - Prime Suspects (remove only)                29.05.2008        39,3MB       
Nero 7 Essentials        Nero AG        18.03.2010        2.644MB        7.03.1152
Norton Internet Security (Symantec Corporation)        Symantec Corporation        29.05.2008        26,9MB        10.1.0.26
NVIDIA Drivers        NVIDIA Corporation        19.04.2009                1.3
NVIDIA PhysX        NVIDIA Corporation        19.04.2009        119,9MB        9.09.0203
OpenOffice.org 3.2        OpenOffice.org        16.05.2010        356MB        3.2.9483
ParetoLogic FileCure        ParetoLogic, Inc.        14.04.2010        4,08MB        1.1.1.0
Photo Mania (nur entfernen)                04.01.2009        19,9MB       
PHOTOfunSTUDIO -viewer-        Panasonic        08.09.2008        59,1MB        2.01.000
Picasa 3        Google, Inc.        27.07.2010        74,3MB        3.6
Poker Superstars II (remove only)                29.05.2008        30,3MB       
ProtectDisc Driver, Version 11        ProtectDisc Software GmbH        27.02.2011        100,00KB        11.0.0.12
QuickSFV (Remove only)                28.01.2010        0,27MB       
QuickTime        Apple Inc.        01.10.2009        76,5MB        7.64.17.73
RealArcade                05.01.2009        52,8MB       
Realtek High Definition Audio Driver                01.04.2008               
Roll                12.09.2010        152,9MB       
Royal Trouble (nur deinstallation)                27.10.2010        147,6MB       
Sanitarium                27.01.2010        84,0MB       
Simon the Sorcerer - Wer will schon Kontakt?        The Games Company        27.02.2011        2.282MB        1.0
SKIP BO Castaway Caper        Adnan_Boy 2008        25.01.2010        18,5MB        1.0
SKIP-BO Castaway Caper(TM)        Zylom Games        08.01.2010        68,5MB        1.0.0
SKIP¯BO Castaway Caper (nur deinstallation)                11.10.2009        21,5MB       
Skype web features        Skype Technologies S.A.        01.10.2009        4,34MB        1.0.3971
Skype™ 4.2        Skype Technologies S.A.        07.10.2010        31,7MB        4.2.187
SPORE™        Electronic Arts        26.12.2010        3.862MB        1.00.0000
Sprill & Rithies Adventures In Time (nur deinstallation)                21.06.2010        353MB       
Super Granny 5 (nur deinstallation)                12.04.2011        73,7MB       
Tahiti Hidden Pearls (nur deinstallation)                22.01.2010        45,0MB       
The Clumsys (nur entfernen)                04.01.2009        90,8MB       
The Enchanting Islands (nur deinstallation)                22.01.2010        40,0MB       
The Whispered World        Deep Silver        28.01.2010        2.525MB        1.00
TubeBox!        Jens Lorek        01.12.2010        12,9MB        3.4.1
Uninstall 1.0.0.1                07.12.2009        39,5MB       
Veoh Web Player        Veoh Networks, Inc.        28.11.2010        30,5MB        1.1.2.0000
Vista Codec Package        Shark007        16.02.2010        52,5MB        5.5.8
WEB.DE IE7 Browser Update        WEB.DE        31.10.2008               
WinRAR                28.01.2010        3,79MB       
Zattoo 3.3.4 Beta        Zattoo Inc.        19.07.2009        18,4MB        3.3.4 Beta
Zattoo4 4.0.5        Zattoo Inc.        26.06.2010        39,9MB        4.0.5
µTorrent                23.01.2010        0,31MB        1.8.5
2.otl-log

OTL Logfile:
Code:
OTL logfile created on: 21.04.2011 21:05:41 - Run 1
OTL by OldTimer - Version 3.2.22.3    Folder = C:\Users\pablo\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 54,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 216,41 Gb Total Space | 24,01 Gb Free Space | 11,09% Space Free | Partition Type: NTFS
Drive D: | 107,22 Gb Total Space | 89,70 Gb Free Space | 83,66% Space Free | Partition Type: NTFS
Drive O: | 245,59 Mb Total Space | 245,03 Mb Free Space | 99,77% Space Free | Partition Type: FAT
 
Computer Name: PABLO-PC | User Name: pablo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.04.21 20:59:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\pablo\Desktop\OTL.exe
PRC - [2011.04.21 14:18:25 | 000,569,344 | ---- | M] (WinTrust) -- C:\ProgramData\MRtPNAFMRSnT.exe
PRC - [2011.04.08 17:17:40 | 000,176,848 | ---- | M] (iWin Inc.) -- C:\Programme\iWin Games\iWinTrusted.exe
PRC - [2010.09.16 18:36:40 | 000,328,568 | ---- | M] (BitTorrent, Inc.) -- C:\Programme\uTorrent\uTorrent.exe
PRC - [2010.09.01 08:39:18 | 001,164,584 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.07.06 16:01:16 | 002,634,048 | ---- | M] (Veoh Networks) -- C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2010.03.28 21:47:44 | 001,692,440 | ---- | M] (ParetoLogic) -- C:\Programme\ParetoLogic\FileCure\FileCure.exe
PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.10.30 13:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Lite\DTLite.exe
PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2009.04.17 10:01:48 | 000,366,849 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\guardgui.exe
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009.02.13 08:00:00 | 000,199,680 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIFME.EXE
PRC - [2008.07.21 15:07:44 | 002,752,512 | -H-- | M] (Electronic Arts) -- C:\Programme\Electronic Arts\EADM\Core.exe
PRC - [2008.06.10 20:26:28 | 000,222,456 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2008.05.27 19:35:30 | 000,040,960 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\Programme\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
PRC - [2008.02.26 17:24:06 | 004,939,776 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.19 09:33:39 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.10.23 14:52:26 | 002,764,800 | ---- | M] () -- C:\RecInfo\RecInfo.exe
PRC - [2007.10.12 15:00:12 | 000,180,224 | ---- | M] (hablamax) -- C:\ProgramData\Web.de\adminsvc.exe
PRC - [2007.09.26 10:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) -- C:\Programme\Symantec\LiveUpdate\AluSchedulerSvc.exe
PRC - [2007.05.17 23:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe
PRC - [2007.04.10 23:46:52 | 000,709,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\vVX1000.exe
PRC - [2006.12.08 10:52:04 | 000,204,800 | -H-- | M] (Fujitsu Siemens Computers) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe
PRC - [2006.11.02 11:44:50 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\attrib.exe
PRC - [2006.10.25 00:08:40 | 000,107,112 | ---- | M] (Symantec Corporation) -- C:\Programme\Common Files\Symantec Shared\ccApp.exe
PRC - [2006.10.25 00:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) -- c:\Programme\Common Files\Symantec Shared\ccSvcHst.exe
PRC - [2006.09.20 20:05:16 | 000,046,736 | ---- | M] (Symantec Corporation) -- c:\Programme\Common Files\Symantec Shared\AppCore\AppSvc32.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.04.21 20:59:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\pablo\Desktop\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011.04.08 17:17:40 | 000,176,848 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Programme\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.06.10 20:26:28 | 000,222,456 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2008.04.02 03:26:27 | 001,174,152 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2008.01.29 17:38:32 | 000,583,048 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe -- (LiveUpdate Notice Service)
SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.10.12 15:00:12 | 000,180,224 | ---- | M] (hablamax) [Auto | Running] -- C:\ProgramData\Web.de\adminsvc.exe -- (AdminSVC)
SRV - [2007.09.26 10:53:56 | 002,999,664 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE -- (LiveUpdate)
SRV - [2007.09.26 10:53:56 | 000,554,352 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -- (Automatisches LiveUpdate - Scheduler)
SRV - [2007.05.17 23:45:33 | 000,271,720 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2006.12.08 10:52:04 | 000,204,800 | -H-- | M] (Fujitsu Siemens Computers) [Auto | Running] -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
SRV - [2006.10.27 02:18:36 | 000,080,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Norton Internet Security\isPwdSvc.exe -- (ISPwdSvc)
SRV - [2006.10.25 00:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (LiveUpdate Notice Ex)
SRV - [2006.10.25 00:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (CLTNetCnService)
SRV - [2006.10.25 00:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr)
SRV - [2006.10.25 00:08:20 | 000,107,624 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr)
SRV - [2006.10.13 17:29:12 | 000,049,296 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe -- (comHost)
SRV - [2006.09.20 20:05:16 | 000,046,736 | ---- | M] (Symantec Corporation) [Auto | Running] -- c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe -- (SymAppCore)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2010.01.29 16:16:51 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2010.01.29 16:16:50 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010.01.28 22:20:23 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009.12.07 21:09:28 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.03.27 10:03:00 | 007,738,816 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.01.19 20:31:56 | 000,277,544 | ---- | M] (Protect Software GmbH) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\acedrv11.sys -- (acedrv11)
DRV - [2008.04.02 03:27:05 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2008.02.14 15:56:02 | 000,118,784 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.07.02 17:37:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007.07.02 17:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.06.13 23:47:12 | 000,048,256 | ---- | M] (JMicron Technology Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\jraid.sys -- (JRAID)
DRV - [2007.04.10 23:46:53 | 001,966,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000)
DRV - [2006.11.06 12:14:10 | 001,119,616 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.10.24 15:40:22 | 000,185,744 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2006.10.24 15:40:22 | 000,144,784 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2006.10.24 15:40:22 | 000,038,928 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMIDS.SYS -- (SYMIDS)
DRV - [2006.10.24 15:40:22 | 000,037,008 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMNDISV.SYS -- (SYMNDISV)
DRV - [2006.10.24 15:40:22 | 000,026,384 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2006.10.24 15:40:22 | 000,011,792 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2006.10.20 06:10:16 | 000,202,872 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Symantec\Definitions\SymcData\idsdefs\20061025.029\IDSvix86.sys -- (IDSvix86)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.web.de/tab2 [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://go.web.de/tab2 [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.web.de/home
IE - HKLM\..\URLSearchHook: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Programme\iWin\tbiWin.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.web.de/home
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://go.web.de/tab2 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://go.web.de/tab2 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.web.de/home
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Programme\iWin\tbiWin.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13"
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0849}: C:\ProgramData\iWin Games\firefox [2008.11.13 21:49:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Components: C:\PROGRA~1\Mozilla Firefox\components [2010.12.27 20:40:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0.0.20\extensions\\Plugins: C:\PROGRA~1\Mozilla Firefox\plugins [2010.09.15 10:49:28 | 000,000,000 | ---D | M]
 
[2008.11.06 23:44:30 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\pablo\AppData\Roaming\mozilla\Extensions
[2008.11.06 23:44:30 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\pablo\AppData\Roaming\mozilla\Extensions\{6334D996-EA3E-4a0e-AA8D-15BA56B37241}
[2010.12.19 16:38:13 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\pablo\AppData\Roaming\mozilla\Firefox\Profiles\w6lbc0qh.default\extensions
[2009.09.26 14:19:15 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Users\pablo\AppData\Roaming\mozilla\Firefox\Profiles\w6lbc0qh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008.11.06 23:47:26 | 000,000,000 | -H-D | M] ("I ♥ Miro") -- C:\Users\pablo\AppData\Roaming\mozilla\Firefox\Profiles\w6lbc0qh.default\extensions\{216ec66d-214a-43ea-92f0-5373f8405c88}
[2008.10.30 00:30:26 | 000,000,000 | -H-D | M] (Yahoo! Toolbar) -- C:\Users\pablo\AppData\Roaming\mozilla\Firefox\Profiles\w6lbc0qh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009.12.08 22:56:24 | 000,000,000 | -H-D | M] (DVDVideoSoft Toolbar) -- C:\Users\pablo\AppData\Roaming\mozilla\Firefox\Profiles\w6lbc0qh.default\extensions\{e9911ec6-1bcc-40b0-9993-e0eea7f6953f}
[2010.01.28 22:21:05 | 000,000,000 | -H-D | M] ("DAEMON Tools Toolbar") -- C:\Users\pablo\AppData\Roaming\mozilla\Firefox\Profiles\w6lbc0qh.default\extensions\DTToolbar@toolbarnet.com
[2009.12.08 22:56:44 | 000,000,873 | -H-- | M] () -- C:\Users\pablo\AppData\Roaming\Mozilla\Firefox\Profiles\w6lbc0qh.default\searchplugins\conduit.xml
[2010.01.28 22:20:55 | 000,002,055 | -H-- | M] () -- C:\Users\pablo\AppData\Roaming\Mozilla\Firefox\Profiles\w6lbc0qh.default\searchplugins\daemon-search.xml
[2010.12.19 04:48:16 | 000,000,950 | -H-- | M] () -- C:\Users\pablo\AppData\Roaming\Mozilla\Firefox\Profiles\w6lbc0qh.default\searchplugins\icqplugin-1.xml
[2008.10.28 23:54:08 | 000,000,950 | -H-- | M] () -- C:\Users\pablo\AppData\Roaming\Mozilla\Firefox\Profiles\w6lbc0qh.default\searchplugins\icqplugin-2.xml
[2008.11.24 21:53:42 | 000,000,950 | -H-- | M] () -- C:\Users\pablo\AppData\Roaming\Mozilla\Firefox\Profiles\w6lbc0qh.default\searchplugins\icqplugin-3.xml
[2009.10.15 20:04:51 | 000,000,950 | -H-- | M] () -- C:\Users\pablo\AppData\Roaming\Mozilla\Firefox\Profiles\w6lbc0qh.default\searchplugins\icqplugin-4.xml
[2008.10.28 19:12:41 | 000,000,962 | -H-- | M] () -- C:\Users\pablo\AppData\Roaming\Mozilla\Firefox\Profiles\w6lbc0qh.default\searchplugins\icqplugin.xml
[2008.09.27 14:09:54 | 000,000,273 | -H-- | M] () -- C:\Users\pablo\AppData\Roaming\Mozilla\Firefox\Profiles\w6lbc0qh.default\searchplugins\search.xml
[2010.11.29 17:50:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2008.10.28 19:16:01 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.10.13 19:58:33 | 000,000,000 | ---D | M] (Talkback) -- C:\Programme\Mozilla Firefox\extensions\talkback@mozilla.org
[2008.10.28 19:16:01 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\PROGRA~1\MOZILLA FIREFOX\EXTENSIONS\{800B5000-A755-47E1-992B-48A1C1357F07}
[2009.10.02 17:06:22 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\PROGRA~1\MOZILLA FIREFOX\EXTENSIONS\{B13721C7-F507-4982-B2E5-502A71474FED}
[2008.10.29 10:35:04 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRA~1\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2010.01.17 16:59:41 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRA~1\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2009.10.13 19:58:33 | 000,000,000 | ---D | M] (Talkback) -- C:\PROGRA~1\MOZILLA FIREFOX\EXTENSIONS\TALKBACK@MOZILLA.ORG
[2008.11.13 21:49:39 | 000,000,000 | ---D | M] (iWinGames Plugin) -- C:\PROGRAMDATA\IWIN GAMES\FIREFOX
[2009.10.13 19:58:23 | 000,067,688 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\jar50.dll
[2009.10.13 19:58:23 | 000,054,368 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\jsd3250.dll
[2009.10.13 19:58:23 | 000,034,944 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\myspell.dll
[2009.10.13 19:58:24 | 000,046,712 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\spellchk.dll
[2009.10.13 19:58:24 | 000,172,136 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\xpinstal.dll
[2009.01.06 21:16:47 | 000,024,576 | ---- | M] (RealNetworks) -- C:\Programme\Mozilla Firefox\plugins\npgcplug.dll
[2005.04.27 22:10:49 | 000,102,400 | ---- | M] (RealNetworks) -- C:\Programme\Mozilla Firefox\plugins\npracplug.dll
[2009.10.13 19:58:31 | 000,001,525 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.10.13 19:58:31 | 000,001,063 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2009.10.13 19:58:31 | 000,000,998 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2009.10.13 19:58:31 | 000,000,815 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Programme\Common Files\Symantec Shared\coShared\Browser\1.0\NppBHO.dll (Symantec Corporation)
O2 - BHO: (IEHlprObj Class) - {8CA5ED52-F3FB-4414-A105-2E3491156990} - C:\Programme\iWin Games\iWinGamesHookIE.dll (iWin Inc.)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (iWin Toolbar) - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Programme\iWin\tbiWin.dll (Conduit Ltd.)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Programme\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.)
O3 - HKLM\..\Toolbar: (iWin Toolbar) - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Programme\iWin\tbiWin.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (iWin Toolbar) - {CE0C2586-DA36-452B-ACDB-320D9BCB19BF} - C:\Programme\iWin\tbiWin.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ccApp] c:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [osCheck] c:\Program Files\Norton Internet Security\osCheck.exe (Symantec Corporation)
O4 - HKLM..\Run: [recinfo369] c:\RecInfo\RecInfo.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Symantec PIF AlertEng] C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
O4 - HKLM..\Run: [VX1000] C:\Windows\vVX1000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe (Electronic Arts)
O4 - HKCU..\Run: [EPSON PX650 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFME.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [MRtPNAFMRSnT] C:\ProgramData\MRtPNAFMRSnT.exe (WinTrust)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\pablo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\pablo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Privacy Tray.lnk = C:\Programme\GnuPT\WPT\WinPT.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe (ICQ, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} hxxp://gfx2.hotmail.com/mail/w3/pr01/resources/VistaMSNPUpldde-de.cab (MSN Photo Upload Tool)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1222761945 (Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\pablo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\pablo\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{e274f267-0c4a-11df-973a-002421046f5f}\Shell - "" = AutoRun
O33 - MountPoints2\{e274f267-0c4a-11df-973a-002421046f5f}\Shell\AutoRun\command - "" = K:\SETUP.EXE -autorun
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.21 21:05:23 | 000,580,608 | -H-- | C] (OldTimer Tools) -- C:\Users\pablo\Desktop\OTL.exe
[2011.04.21 14:18:26 | 000,569,344 | -H-- | C] (WinTrust) -- C:\ProgramData\MRtPNAFMRSnT.exe
[2011.04.20 01:49:01 | 000,000,000 | -H-D | C] -- C:\Users\pablo\Desktop\Neuer Ordner (5)
[2011.04.19 22:41:44 | 000,000,000 | -H-D | C] -- C:\Users\pablo\AppData\Roaming\Rovio
[2011.04.19 21:44:44 | 000,000,000 | -H-D | C] -- C:\Users\pablo\AppData\Local\Babylon
[2011.04.19 21:44:43 | 000,000,000 | -H-D | C] -- C:\Users\pablo\AppData\Roaming\Babylon
[2011.04.19 21:44:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\Babylon
[2011.04.19 21:44:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2011.04.19 17:10:45 | 000,000,000 | -H-D | C] -- C:\Users\pablo\Desktop\Neuer Ordner (4)
[2011.04.13 18:01:40 | 000,000,000 | -H-D | C] -- C:\Users\pablo\Bookworm Adventures
[2011.04.13 18:01:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zylom
[2011.04.13 18:01:07 | 000,000,000 | ---D | C] -- C:\Programme\RealArcade
[2011.04.12 23:55:47 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.12 23:55:46 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.12 23:55:44 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.04.12 23:55:44 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.04.12 23:55:43 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.04.12 23:55:43 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.04.12 23:55:43 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.04.12 23:55:43 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.04.12 23:55:42 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.04.12 23:55:42 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.12 23:55:42 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.04.12 23:55:41 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.12 23:55:41 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.12 23:55:41 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.04.12 23:55:41 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.04.12 23:55:41 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.04.12 23:55:40 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011.04.12 23:55:39 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.04.12 23:55:39 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.04.12 23:49:55 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\odbc32.dll
[2011.04.12 23:29:12 | 003,602,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011.04.12 23:29:12 | 003,550,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011.04.12 23:29:10 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.12 23:29:10 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.12 23:29:05 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.12 23:28:53 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.12 23:28:51 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sdclt.exe
[2011.04.12 23:28:48 | 000,726,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.12 23:28:48 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.12 23:26:57 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011.04.12 23:26:57 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbe.dll
[2011.04.12 23:26:57 | 000,177,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2011.04.12 23:26:57 | 000,153,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\sbeio.dll
[2009.01.06 21:16:49 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\RngInterstitial.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.04.21 21:19:03 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2011.04.21 21:08:06 | 000,618,204 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.21 21:08:06 | 000,586,980 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.21 21:08:06 | 000,122,442 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.21 21:08:06 | 000,101,052 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.21 21:04:55 | 000,487,424 | -H-- | M] () -- C:\ProgramData\45539080.exe
[2011.04.21 21:04:34 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.04.21 21:04:33 | 000,000,380 | ---- | M] () -- C:\Windows\tasks\FileCure Startup.job
[2011.04.21 21:04:24 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2011.04.21 21:04:24 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.04.21 21:04:24 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.04.21 21:04:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.04.21 21:04:14 | 2146,689,024 | -HS- | M] () -- C:\hiberfil.sys
[2011.04.21 20:59:00 | 000,580,608 | -H-- | M] (OldTimer Tools) -- C:\Users\pablo\Desktop\OTL.exe
[2011.04.21 14:59:08 | 000,320,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.21 14:18:25 | 000,569,344 | -H-- | M] (WinTrust) -- C:\ProgramData\MRtPNAFMRSnT.exe
[2011.04.21 13:57:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.04.21 10:28:01 | 000,000,240 | ---- | M] () -- C:\Windows\tasks\Epson Printer Software Downloader.job
[2011.04.19 21:45:12 | 000,002,053 | ---- | M] () -- C:\Users\Public\Desktop\Babylon.lnk
[2011.04.19 18:00:00 | 000,000,444 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
[2011.04.18 22:04:52 | 000,171,520 | -H-- | M] () -- C:\Users\pablo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.18 20:45:57 | 000,017,408 | -H-- | M] () -- C:\Users\pablo\AppData\Local\WebpageIcons.db
[2011.04.16 04:25:01 | 000,000,418 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
[2011.04.16 03:41:02 | 000,000,364 | ---- | M] () -- C:\Windows\tasks\FileCure Default.job
[2011.04.13 18:02:15 | 000,000,772 | -H-- | M] () -- C:\Users\pablo\Desktop\Bookworm Adventures.lnk
[2011.04.13 18:01:40 | 000,000,133 | -H-- | M] () -- C:\Users\pablo\Desktop\Zylom.url
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.04.21 21:04:54 | 000,487,424 | -H-- | C] () -- C:\ProgramData\45539080.exe
[2011.04.21 14:58:19 | 2146,689,024 | -HS- | C] () -- C:\hiberfil.sys
[2011.04.19 21:44:44 | 000,002,053 | ---- | C] () -- C:\Users\Public\Desktop\Babylon.lnk
[2011.04.13 18:02:15 | 000,000,772 | -H-- | C] () -- C:\Users\pablo\Desktop\Bookworm Adventures.lnk
[2011.04.13 18:01:40 | 000,000,133 | -H-- | C] () -- C:\Users\pablo\Desktop\Zylom.url
[2011.04.13 01:14:45 | 000,000,868 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job
[2010.11.15 18:40:24 | 000,050,344 | ---- | C] () -- C:\Programme\Uninstall Mini Balla 2006.exe
[2010.09.13 17:52:38 | 000,045,568 | ---- | C] () -- C:\Windows\UniFish3.exe
[2010.06.27 16:32:50 | 000,017,408 | -H-- | C] () -- C:\Users\pablo\AppData\Local\WebpageIcons.db
[2010.03.24 16:43:15 | 000,001,682 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2010.03.24 16:43:15 | 000,000,056 | RHS- | C] () -- C:\Windows\System32\9E63D8604E.sys
[2010.01.29 16:16:51 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2010.01.29 16:16:50 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2010.01.28 03:09:54 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.10.13 17:28:27 | 000,000,120 | ---- | C] () -- C:\Windows\CMRGDB01.INI
[2009.10.13 17:28:23 | 000,004,779 | ---- | C] () -- C:\Windows\CMRGUNST.INI
[2009.10.02 17:10:08 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2009.08.07 22:33:40 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.07 22:33:40 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.08.07 22:33:06 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009.05.30 02:37:40 | 000,205,824 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.05.30 02:31:52 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.04.16 21:29:32 | 000,000,552 | -H-- | C] () -- C:\Users\pablo\AppData\Local\d3d8caps.dat
[2009.04.16 21:28:04 | 000,001,356 | -H-- | C] () -- C:\Users\pablo\AppData\Local\d3d9caps.dat
[2008.10.07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.09.23 12:23:39 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008.09.10 12:23:50 | 000,000,464 | -H-- | C] () -- C:\Users\pablo\AppData\Roaming\wklnhst.dat
[2008.09.09 21:29:05 | 000,000,000 | ---- | C] () -- C:\Windows\PhEdit.INI
[2008.09.09 21:04:18 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2008.09.09 21:04:18 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2008.09.09 21:04:18 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2008.09.09 21:04:18 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2008.09.09 21:04:18 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2008.09.09 21:04:18 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2008.09.09 21:04:18 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2008.09.09 21:04:18 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2008.09.09 21:04:18 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2008.09.09 21:04:18 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2008.09.09 21:04:18 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2008.09.09 21:04:18 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2008.09.09 21:04:18 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2008.09.09 21:04:18 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2008.09.09 21:04:18 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2008.09.09 21:04:18 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2008.09.09 21:04:18 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2008.09.09 21:04:18 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2008.09.09 21:04:18 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008.09.09 16:17:14 | 000,171,520 | -H-- | C] () -- C:\Users\pablo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.05.30 19:41:07 | 000,000,342 | ---- | C] () -- C:\Windows\{9A3BC157-B94F-4EFD-ABA9-1E56DEB00655}_WiseFW.ini
[2007.09.04 12:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007.04.10 23:46:52 | 000,015,498 | ---- | C] () -- C:\Windows\VX1000.ini
[2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006.11.02 17:33:31 | 000,618,204 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2006.11.02 17:33:31 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2006.11.02 17:33:31 | 000,122,442 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2006.11.02 17:33:31 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 000,320,512 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,586,980 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,101,052 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006.08.11 09:52:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\EvOnlDiag.dll
[2004.09.01 17:49:17 | 003,375,104 | ---- | C] () -- C:\Windows\System32\qt-mt331.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 99 bytes -> C:\ProgramData\TEMP:6533A988
@Alternate Data Stream - 64 bytes -> C:\Users\pablo\Tracy Chapman - For My Lover (Album Version).avi:TOC.WMV
@Alternate Data Stream - 147 bytes -> C:\ProgramData\TEMP:8AEA12E8
@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:A1128200
@Alternate Data Stream - 145 bytes -> C:\ProgramData\TEMP:75C2528D
@Alternate Data Stream - 143 bytes -> C:\ProgramData\TEMP:EB79041A
@Alternate Data Stream - 141 bytes -> C:\ProgramData\TEMP:32758ED6
@Alternate Data Stream - 140 bytes -> C:\ProgramData\TEMP:1E3035E2
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:DCBD0AC7
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:CB5C4185
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:C04C48D4
@Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:6F71E822
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:E091E936
@Alternate Data Stream - 131 bytes -> C:\ProgramData\TEMP:698B483C
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:DF236465
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:C4870D32
@Alternate Data Stream - 130 bytes -> C:\ProgramData\TEMP:290A724C
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:E6B3E318
@Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:5F280981
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:77CE0242
@Alternate Data Stream - 126 bytes -> C:\ProgramData\TEMP:581B0446
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:E73AD533
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:77CF9481
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:4B970D7A
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:257AC7F8
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:98E4FEC6
@Alternate Data Stream - 123 bytes -> C:\ProgramData\TEMP:472EB08A
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:F0E52E4F
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:5F3235B3
@Alternate Data Stream - 121 bytes -> C:\ProgramData\TEMP:2A6BF249
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:EAD1940E
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:B7F727B8
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:AED4FFF5
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:5BA6D27E
@Alternate Data Stream - 118 bytes -> C:\ProgramData\TEMP:4F09946C
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:FF333535
@Alternate Data Stream - 117 bytes -> C:\ProgramData\TEMP:53B47F8A
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:EFD52482
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:2702A8B3
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:0E1DD4C5
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:34B9286E
@Alternate Data Stream - 113 bytes -> C:\ProgramData\TEMP:6972373C
@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:93CEB973
@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:E868CDC2
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:CF185254
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:429EC15A
@Alternate Data Stream - 103 bytes -> C:\ProgramData\TEMP:08AC8A76
@Alternate Data Stream - 102 bytes -> C:\ProgramData\TEMP:24E8169B
@Alternate Data Stream - 100 bytes -> C:\ProgramData\TEMP:CDCE26D3

< End of report >
--- --- ---


so, hoffe mal dass ichs bis hierhin richtig hab.
bin wirklich dankbar für deine hilfe
schönes wochenende

kira 23.04.2011 00:01
1.
Du hast deinen Rechner mit zwei Anti-Viren-Programmen generell `geschwächt`: Avira und Norton
Wichtig:
Nur eine Firewall sowie ein Antiviren Programm verwenden, welche sich immer auf dem aktuellsten Stand befinden sollten!
Mehr AV Programme bedeutet nicht mehr Sicherheit!Die Scanner behindern sich gegenseitig (bei beiden den On-Access Scan aktiviert bzw laufen ständig im Hintergrund) und ein Systemcrash kann die Folge sein oder im schlechtesten fall, kannst Du über eine komplette Neuinstallation freuen! Deinstalliere also eines der AV-Programme und lass nur noch eins auf deinem PC laufen.
Zitat:
►Bevor du ein anderes Antivirenprogramm installierst solltest du auf jeden Fall das vorherige vollständig deinstallieren!
also entscheide dich entweder für Avira/Antivir oder Symantec/Norton!
Je nachdem, wie Du Dich entscheidest
► Entweder Avira deinstallieren:
unter Software, oder und noch das Tool Download Avira RegistryCleaner verwenden


Norton Antivirus vollständig zu deinstallieren - gehe auf der Symantec-Webseite und suche nach den speziellen Deinstallations-Tools, mit denen die letzten Reste (auch) entfernt werden sollten:► Norton Removal Tool (für alle Produkte ab 2003 bis 2008) von hier herunterladen
oder hier: ►Norton Removal Tool für alle Produkte ab 2003 bis 2010 / wintotal.de

2.
Zitat:
**Vor dem Löschen temporärer Dateien sollte man unbedingt alle Anwendungen beenden!
**lösche nur den Inhalt der Ordner, nicht die Ordner selbst!
**Der Temp Ordner,ist für temporäre Dateien,also der Inhalt kann man ohne weiteres löschen.- Dateien, die noch in Benutzung sind,nicht löschbar.
alle Anwendungen schließen → Ordner für temporäre Dateien bitte leeren
lösche nur den Inhalt der Ordner, nicht die Ordner selbst! - Dateien, die noch in Benutzung sind,nicht löschbar.
gib in der Suchleiste unter dem Windows Start Button folgendes ein:
Code:
%temp%
Inhalt markieren und löschen:
- anschließend den Papierkorb leeren

3.
reinige dein System mit Ccleaner:
  • "Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

[color=blue4.[/color]
bin ich mir nicht sicher, ob Du absichtlich installiert hast, da oft mit andere Programm wird mitinstalliert bzw angeboten(vermutlich durch Adobe Reader):
Code:
McAfee Security Scan Plus
obwohl selbst die Programmierer/hersteller ein sehr gute Ruf hat, durch dieses "Helferprinzip" wird dein PC nicht noch mehr geschützt, aber beeinträchtigt die Systemleistung

5.
Deine Javaversion ist nicht aktuell!
Da aufgrund alter Sicherheitslücken ist Java sehr anfällig, deinstalliere zunächst alle vorhandenen Java-Versionen:
→ Systemsteuerung → Software → deinstallieren...
→ Rechner neu aufstarten
→ Downloade nun die Offline-Version von Java Version 6 Update 24 von Oracle herunter
Achte darauf, eventuell angebotene Toolbars abwählen (den Haken bei der Toolbar entfernen)!

6.
Adobe Reader aktualisieren :
Adobe Reader
Oder: Adobe starten-> gehe auf "Hilfe"-> "Nach Update suchen..."

7.
gehört nicht auf ein sauberes System:
unter `Systemsteuerung --> Programme und Funktionen
Code:
DAEMON Tools Toolbar
8.
  • lade Dir SUPERAntiSpyware FREE Edition herunter.
  • installiere das Programm und update online.
  • starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
  • setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
  • anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
  • auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
  • um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
  • drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

9.
- "Link:-> ESET Online Scanner
>>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.► [Sicherheit] Autorun Funktion für mehr Sicherheit auf allen Laufwerken deaktivieren /Avira Support Forum

-> Führe dann einen Komplett-Systemcheck mit Eset/Nod32 durch

- folgendes bitte anhaken > "Remove found threads" und "Scan archives"
- die Scanergebnis als *.txt Dateien speichern)
- meistens "C:\Programme\Eset\EsetOnlineScanner\log.txt"

Vor dem Scan Einstellungen im Internet Explorer:
- "Extras→ Internetoptionen→ Sicherheit":
- alles auf Standardstufe stellen
- Active X erlauben
- um den Scan zu starten: wenn du danach gefragt wirst (den Text in der Informationsleiste ) - ActiveX-Steuerelement installieren lassen

** Gibt es weitere Auffälligkeiten/Probleme mit dem Rechner?


Alle Zeitangaben in WEZ +1. Es ist jetzt 08:35 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131