Noch ein "Sanduhr-Problem" und mehr...

#0
31.03.2010, 23:38
...neu hier

Beiträge: 7
#1 Guten abend & guten morgen,
seit heute abend läuft irgendwas schief.
surfe mit firefox, hatte aber nach nach halber stunde screensaver "windows viren alarmnachrichten", die mich aufforderte ne exe runter zu laden ( exe natürlich nicht runtergeladen oder ausgeführt).
hat mich mühe gekostet, die popups zu schließen. daraufhin hatte ich 3 pornolink-verknüpfungen auf dem desktop. bei dateipfad öffnen führte der pfad zum ie.

ich schau den bigbrother-livestream von clipfish über einen externen player. damit das funktioniert, muss ich aber im ie den geschützten modus abschalten. ich benutze den ie also nur, um mich in mein livestream-abo einzuloggen, danach ist er aus.

außerdem gabs einige seltsame exes im taskmanager.

nach neustart meldet mein rechner jetzt immer "project1 funktioniert nicht" u." khvcol funktioniert nicht". googlen brachte mich nicht weiter.
windows meldet dann, dass die datenausführungsverhinderung "project1" geschlossen hat.

die vista-sanduhr ist nun ständig beim cursor aktiv, cpu auslastung ist wie gewohnt, der laptop dröhnt aber wie unter voller höchstleistung.

über eure hilfe würde ich mich sehr freuen!
merci
melanie

------------------------------------------------------------------------------------------------------------------------------

Schritt 2
temporäre dateien beseitigt

--------------------------------------------------------------------------------------------------------------------------------

Schritt 3:
Malwarebytes:

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 3938

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

31.03.2010 21:14:42
mbam-log-2010-03-31 (21-14-42).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 101726
Laufzeit: 7 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 1
Infizierte Speichermodule: 2
Infizierte Registrierungsschlüssel: 8
Infizierte Registrierungswerte: 5
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 1
Infizierte Dateien: 35

Infizierte Speicherprozesse:
c:\lsass.exe (Trojan.Agent) -> Unloaded process successfully.

Infizierte Speichermodule:
C:\Windows\System32\jan6s8c.dll (Trojan.Downloader) -> Delete on reboot.
C:\Windows\System32\app_dll.dll (Trojan.Agent.Gen) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{a9ba40a1-74f1-52bd-f434-00b15a2c8953} (Trojan.Downloader) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{a9ba40a1-74f1-52bd-f434-00b15a2c8953} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a9ba40a1-74f1-52bd-f434-00b15a2c8953} (Trojan.Downloader) -> Delete on reboot.
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Protection System (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\WEK9EMDHI9 (Trojan.Agent) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hsa8ffushf83hoigjhs98jgijg9sd8e (Trojan.Downloader) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{a9ba40a1-74f1-52bd-f434-00b15a2c8953} (Trojan.Downloader) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\idstrf (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\nofolderoptions (Hijack.FolderOptions) -> Delete on reboot.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
C:\Program Files\Protection System (Rogue.ProtectionSystem) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Windows\System32\jan6s8c.dll (Trojan.Downloader) -> Delete on reboot.
C:\Users\Melanie\AppData\Local\Temp\eehz439 .exe (Trojan.Downloader) -> Delete on reboot.
C:\patch.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\lecs.exe (Backdoor.IRCbot) -> Quarantined and deleted successfully.
C:\moodless.exe (Backdoor.IRCbot) -> Quarantined and deleted successfully.
C:\Windows\System32\srv.net (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\wuaucldt .exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Users\Melanie\AppData\Local\Temp\mdm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Melanie\AppData\Local\Temp\taskmgr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Melanie\AppData\Local\Temp\winamp.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Melanie\AppData\Local\Temp\ecwmxnosra.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Melanie\AppData\Local\Temp\goo944.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Melanie\AppData\Local\Temp\avp .exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Melanie\AppData\Local\Temp\nvsvc32.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Melanie\AppData\Local\Temp\nxcasoemwr.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.
C:\Users\Melanie\AppData\Local\Temp\z8uc366h5i6q62.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Temp\VRT4CF6.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Windows\Temp\VRT7F7B.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Windows\Temp\VRTC5A4.tmp (Spyware.OnlineGames) -> Quarantined and deleted successfully.
C:\Users\Melanie\wuaucldt.exe (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\js.mui (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\sshnas21.dll (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\System32\app_dll.dll (Trojan.Agent.Gen) -> Delete on reboot.
C:\Users\Melanie\.COMMgr\complmgr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\Melanie\AppData\Local\Temp\wmpscfgs.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\Temp\wmpscfgs.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Internet Explorer\wmpscfgs.exe (Trojan.Agent) -> Delete on reboot.
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\lsass.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\Melanie\oashdihasidhasuidhiasdhiashdiuasdhasd (Malware.Trace) -> Quarantined and deleted successfully.
C:\Windows\sc.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\Melanie\AppData\Local\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Program Files\Adobe\acrotray .exe (Trojan.Agent) -> Delete on reboot.
C:\Windows\System32\wuaucldt.exe (Trojan.Agent) -> Quarantined and deleted successfully.

--------------------------------------------------------------------------------------------------------------------------------

Schritt 4
Gmer Report funktioniert nicht, obwohl als admin ausgeführt. habs 5 x probiert, ich bekomme nen bluescreen, und der rechner startet neu.

--------------------------------------------------------------------------------------------------------------------------------

Schritt 5
Hijackthis-Logfiles


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:09:41, on 31.03.2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Users\Melanie\AppData\Local\Temp\khvcol.exe
C:\Windows\system32\taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\DllHost.exe
c:\lsass.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 9\SnagitIEAddin.dll
O4 - HKLM\..\Run: [19620] C:\Users\Melanie\AppData\Local\Temp\khvcol.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: Evernote.lnk = F:\Evernote3\EvernoteTray.exe
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Add to &Evernote - res://C:\Program Files\Evernote\Evernote3.5\enbar.dll/2000
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files\Evernote\Evernote3.5\enbar.dll
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - AppInit_DLLs: app_dll.dll
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

--
End of file - 3383 bytes

--------------------------------------------------------------------------------------------------------------------------------
Schritt 6.
Erstellen einer Uninstall Liste

7-Zip 4.65
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3 - Deutsch
Advertisement Service
Apple Application Support
Apple Software Update
aTube Catcher
Broadcom 802.11-WLAN-Adapter
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Plus Web Player
ESU for Microsoft Vista
Evernote
foobar2000 v0.9.5.2
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
HP Quick Launch Buttons 6.40 B2
HP QuickTouch 1.00 D2
HP Wireless Assistant
ICQ Contact Revealer 1.0
ICQ7
Java(TM) 6 Update 15
JDownloader
Last.fm 1.5.4.24567
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Choice Guard
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.6.2pre)
Mozilla Thunderbird (3.0.3)
MSVCRT
Notepad++
NVIDIA Drivers
QuickTime
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
RocketDock 1.3.5
Snagit 9.1.2
Streamripper (Remove only)
Synaptics Pointing Device Driver
VC80CRTRedist - 8.0.50727.4053
VLC media player 1.0.5
Winamp
Windows Live Anmelde-Assistent
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live-Uploadtool
WinRAR archiver
Zattoo4 4.0.4
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Da ich ja nicht die einzige mit dem Sanduhr-Problem bin, hab ich die im thread empfohlenen schritte auch mal gemacht.

Java aktualisiert --> OK

--------------------------------------------------------------------------------------------------------------------------------

Systemscan mit OTL

Code

OTL logfile created on: 31.03.2010 23:21:13 - Run 1
OTL by OldTimer - Version 3.1.37.3     Folder = C:\Users\Melanie\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 60,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225,40 Gb Total Space | 45,06 Gb Free Space | 19,99% Space Free | Partition Type: NTFS
Drive D: | 7,48 Gb Total Space | 7,42 Gb Free Space | 99,14% Space Free | Partition Type: NTFS
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MELANIE-PC
Current User Name: Melanie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - C:\Users\Melanie\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Melanie\AppData\Local\Temp\khvcol.exe ()
PRC - C:\Windows\System32\rundll32.exe ()
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
PRC - C:\Windows\System32\rundll32 .exe (Microsoft Corporation)


[color=#E56717]========== Modules (SafeList) ==========[/color]

MOD - C:\Users\Melanie\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)


[color=#E56717]========== Win32 Services (SafeList) ==========[/color]

SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Com4Qlb) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)


[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (NETw3v32) Intel(R) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (NETw4v32) Intel(R) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBttn.sys (Hewlett-Packard Development Company, L.P.)


[color=#E56717]========== Standard Registry (SafeList) ==========[/color]


[color=#E56717]========== Internet Explorer ==========[/color]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

[color=#E56717]========== FireFox ==========[/color]

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "http://www.yodl.de/href.php?hrefname=FF-splug_google&q="
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Hyperwords"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.de/"
FF - prefs.js..extensions.enabledItems: CLEO@guid.customsoftwareconsult.com:4.3
FF - prefs.js..extensions.enabledItems: copylinkurl@bluelightdev.com:1.3
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.5.10
FF - prefs.js..extensions.enabledItems: foxyMeter@tim-wood.net:0.5.0
FF - prefs.js..extensions.enabledItems: lazarus@interclue.com:2.0.5
FF - prefs.js..extensions.enabledItems: max@subfighter.com:1.0.3
FF - prefs.js..extensions.enabledItems: morningCoffee@shaneliesegang:1.33
FF - prefs.js..extensions.enabledItems: netvideohunter@netvideohunter.com:0.4.3
FF - prefs.js..extensions.enabledItems: shelve@thomas.link:1.22
FF - prefs.js..extensions.enabledItems: sortplaces@andyhalford.com:1.6.7
FF - prefs.js..extensions.enabledItems: sxipper@sxip.com:2.3.3
FF - prefs.js..extensions.enabledItems: toplinebookmark@shenlian.de:1.07
FF - prefs.js..extensions.enabledItems: youtube2mp3@mondayx.de:1.0.6
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.0.3
FF - prefs.js..extensions.enabledItems: {139a120b-c2ea-41d2-bf70-542d9f063dfd}:2.03.3
FF - prefs.js..extensions.enabledItems: {1d8e98fb-53c3-47a8-9fb9-1b51bbf3890d}:1.2
FF - prefs.js..extensions.enabledItems: {21cfaec0-dbb3-11dc-95ff-0800200c9a66}:1.1.2.4
FF - prefs.js..extensions.enabledItems: {2e17e2b2-b8d4-4a67-8d7b-fafa6cc9d1d0}:1.2.5.1
FF - prefs.js..extensions.enabledItems: {31E65147-5A53-4e52-8A64-FF6EBFA36D76}:1.6.29
FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2c}:0.6.4
FF - prefs.js..extensions.enabledItems: {3541c267-2580-4144-854e-2e05c8670121}:1.5.3
FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.3.2
FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.3.7
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.3
FF - prefs.js..extensions.enabledItems: {a76cd07b-f0d7-4ef9-9566-8faef6e290e4}:1.3.1
FF - prefs.js..extensions.enabledItems: {b9bfaf1c-a63f-47cd-8b9a-29526ced9060}:0.3
FF - prefs.js..extensions.enabledItems: {C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9}:0.6.0.5
FF - prefs.js..extensions.enabledItems: {cd617375-6743-4ee8-bac4-fbf10f35729e}:2.7.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2
FF - prefs.js..extensions.enabledItems: {E0B8C461-F8FB-49b4-8373-FE32E9252800}:3.0.0.71760
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100211.5
FF - prefs.js..extensions.enabledItems: {ec268e28-22c6-4a6c-ac22-635cabee283c}:1.0.1
FF - prefs.js..extensions.enabledItems: {ff81e780-5cc0-11d9-9669-0800200c9a66}:1.8
FF - prefs.js..extensions.enabledItems: smarterwiki@wikiatic.com:3.1.2
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.6.7
FF - prefs.js..extensions.enabledItems: quickdrag@mozilla.ktechcomputing.com:2.0.2.1
FF - prefs.js..extensions.enabledItems: {de1b245c-de57-11da-ba2d-0050c2490048}:1.0.8
FF - prefs.js..extensions.enabledItems: {bee6eb20-01e0-ebd1-da83-080329fb9a3a}:0.1
FF - prefs.js..extensions.enabledItems: {e2c58150-9d72-11dd-ad8b-0800200c9a66}:1.3.1
FF - prefs.js..keyword.URL: "http://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=SP2&o=14906&locale=de_DE&q="


FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.03.24 13:22:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2pre\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.03.24 13:22:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.3\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.03.26 13:59:05 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.3\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.03.14 16:29:02 | 000,000,000 | ---D | M]

[2010.02.01 18:28:48 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\mozilla\Extensions
[2010.02.01 18:28:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melanie\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.03.31 15:44:37 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions
[2010.03.19 11:39:27 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2010.02.01 16:45:56 | 000,000,000 | ---D | M] (URL Link) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\{139a120b-c2ea-41d2-bf70-542d9f063dfd}
[2010.02.01 16:45:57 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}(150)
[2010.02.01 16:45:57 | 000,000,000 | ---D | M] (FetchMP3 Video to Audio Converter) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\{1d8e98fb-53c3-47a8-9fb9-1b51bbf3890d}
[2010.02.01 16:45:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.02.01 16:45:57 | 000,000,000 | ---D | M] (Easy DragToGo) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\{21cfaec0-dbb3-11dc-95ff-0800200c9a66}
[2010.02.01 16:45:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\{21e48e29-f574-4619-b65d-0f00eea92e5b}
[2010.02.01 16:45:57 | 000,000,000 | ---D | M] (Unhide Passwords) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\{2e17e2b2-b8d4-4a67-8d7b-fafa6cc9d1d0}
[2010.03.25 23:10:01 | 000,000,000 | ---D | M] (TV-Fox) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}
[2010.02.01 16:45:57 | 000,000,000 | ---D | M] (Advanced URL Builder) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\{31E65147-5A53-4e52-8A64-FF6EBFA36D76}
[2010.02.01 16:45:58 | 000,000,000 | ---D | M] (MinimizeToTray) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\{3502a070-ea2f-11dd-ba2f-0800200c9a66}
[2010.02.01 16:45:58 | 000,000,000 | ---D | M] (Organize Status Bar) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2c}
[2010.02.13 20:38:10 | 000,000,000 | ---D | M] (Stay-Open Menu) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\{3541c267-2580-4144-854e-2e05c8670121}
[2010.02.01 16:45:58 | 000,000,000 | ---D | M] (Back to Top) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\{3C9A65A6-9563-4485-BA4A-4BCD698BCFB4}
[2010.02.01 16:45:58 | 000,000,000 | ---D | M] (AddThis) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}(151)
[2010.02.01 16:45:58 | 000,000,000 | ---D | M] (Tab Clicking Options) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\{43520B8F-4107-4351-AC64-9BCC5EEA24B9}
[2010.02.01 16:45:58 | 000,000,000 | ---D | M] (Favicon Picker 3) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\{446c03e0-2c35-11db-a98b-0800200c9a67}
[2010.02.01 16:45:59 | 000,000,000 | ---D | M] (FEBE) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
[2010.02.01 16:45:59 | 000,000,000 | ---D | M] (SmartSearch) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\{4fa0d965-cd01-4d08-9bdb-0d8c47cfd5d8}(152)
[2010.03.27 13:40:16 | 000,000,000 | ---D | M] (ScrapBook) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
[2010.02.01 16:45:59 | 000,000,000 | ---D | M] (Boox) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\{53c4d698-0a74-873e-7946-7d19bb035667}
[2010.02.01 16:46:02 | 000,000,000 | ---D | M] (DragIt) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\{575cbcb9-3b7e-493a-b001-886b3ae793b5}
[2010.02.01 16:46:03 | 000,000,000 | ---D | M] (ChatZilla [de]) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}(153)
[2010.02.01 16:46:03 | 000,000,000 | ---D | M] (Save Image in Folder) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\{5e594888-3e8e-47da-b2c6-b0b545112f84}(154)
[2010.02.01 16:46:03 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2010.02.01 16:46:04 | 000,000,000 | ---D | M] (History Submenus) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\{7102aba3-045c-4ec2-b921-46d87636d84b}(155)
[2010.02.01 16:46:04 | 000,000,000 | ---D | M] (Firefox Showcase) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}(156)
[2010.03.27 13:40:14 | 000,000,000 | ---D | M] (Hyperwords) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\{9A752782-D706-479b-98F8-3F66BF921692}
[2010.02.01 16:46:05 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010.02.01 16:46:05 | 000,000,000 | ---D | M] (jDownFF) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\{a3b24d40-bac4-11dc-95ff-0800200c9a66}
[2010.02.01 16:46:08 | 000,000,000 | ---D | M] (Image Toolbar) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\{A4732521-77D9-447E-A557-B279AC923F06}(157)
[2010.02.01 16:46:08 | 000,000,000 | ---D | M] (Bookmark All) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\{a76cd07b-f0d7-4ef9-9566-8faef6e290e4}
[2010.02.01 16:46:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\{aba3f5c2-35d5-4960-bdfc-de9c162e39ce}
[2010.02.01 16:46:08 | 000,000,000 | ---D | M] (Abduction!) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\{b0e1b4a6-2c6f-4e99-94f2-8e625d7ae255}
[2010.02.01 16:46:08 | 000,000,000 | ---D | M] () -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}
[2010.02.01 16:46:09 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}(158)
[2010.03.25 23:13:57 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2010.02.03 08:58:28 | 000,000,000 | ---D | M] (QuickNote) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\{C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9}
[2010.02.01 16:46:14 | 000,000,000 | ---D | M] (Interclue) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\{c33c5b47-69c8-45a4-a5e0-af85bbe628dd}(159)
[2010.02.28 11:37:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}
[2010.02.01 16:46:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}(160)
[2010.02.01 16:46:15 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.02.10 19:48:59 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2010.02.01 16:46:16 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}(161)
[2010.02.01 16:46:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010.03.25 23:04:14 | 000,000,000 | ---D | M] (MinimizeToTray Plus) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\{de1b245c-de57-11da-ba2d-0050c2490048}
[2010.02.13 20:38:13 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2010.02.13 20:38:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}-trash
[2010.02.01 16:46:18 | 000,000,000 | ---D | M] (Black Steel) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\{e2c58150-9d72-11dd-ad8b-0800200c9a66}
[2010.02.01 16:46:18 | 000,000,000 | ---D | M] (All Customized Links) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\{E2C5E80C-79B5-485a-A493-3E87E28823A5}
[2010.02.13 20:38:06 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.03.25 07:42:50 | 000,000,000 | ---D | M] (Plain Text Links) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\{ec268e28-22c6-4a6c-ac22-635cabee283c}
[2010.02.01 16:46:24 | 000,000,000 | ---D | M] (FoxTab) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}(162)
[2010.02.01 16:46:31 | 000,000,000 | ---D | M] (WorldIP) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\{f36c6cd1-da73-491d-b290-8fc9115bfa55}(163)
[2010.02.01 16:46:33 | 000,000,000 | ---D | M] (New Tab King) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\{FC5BAC7D-D696-4ba6-B913-CF8F000C33DF}(164)
[2010.02.01 16:46:33 | 000,000,000 | ---D | M] (Open link in...) -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\{ff81e780-5cc0-11d9-9669-0800200c9a66}
[2010.02.01 16:45:38 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\abhere2@moztw(143).org
[2010.02.01 16:45:38 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\aging-tabs@design-noir.de
[2010.02.01 16:45:39 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\autopager@mozilla(144).org
[2010.02.01 16:45:39 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\CLEO@guid.customsoftwareconsult.com
[2010.02.01 16:45:39 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\copylinkurl@bluelightdev.com
[2010.02.01 16:45:42 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\foxmarks@kei(145).com
[2010.03.07 17:15:51 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\foxmarks@kei.com
[2010.02.01 16:45:48 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\foxyMeter@tim-wood.net
[2010.02.01 16:45:48 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\glasser@sixxgate.com
[2010.02.01 16:45:48 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\lazarus@interclue.com
[2010.02.01 16:45:48 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\max@subfighter.com
[2010.02.01 16:45:50 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\morningCoffee@shaneliesegang
[2010.02.01 16:45:50 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\netvideohunter@netvideohunter.com
[2010.02.01 16:45:50 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\one@h3j4.com
[2010.02.01 16:45:50 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\personas@christopher(146).beard
[2010.02.01 16:45:54 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\piclens@cooliris(147).com
[2010.02.10 19:48:56 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\quickdrag@mozilla.ktechcomputing.com
[2010.02.01 16:45:54 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\savecomplete@perlprogrammer.com
[2010.03.27 13:40:16 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\shelve@thomas.link
[2010.03.19 11:39:27 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\SkipScreen@SkipScreen
[2010.02.01 16:45:54 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\smarterwiki@wikiatic(148).com
[2010.02.10 19:49:00 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\smarterwiki@wikiatic.com
[2010.03.29 19:47:32 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\sortplaces@andyhalford.com
[2010.03.07 17:15:46 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\sxipper@sxip.com
[2010.02.01 16:45:56 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\TooManyTabs@visibotech(149).com
[2010.02.01 16:45:56 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\toplinebookmark@shenlian.de
[2010.03.11 16:43:29 | 000,000,000 | ---D | M] -- C:\Users\Melanie\AppData\Roaming\mozilla\Firefox\Profiles\iqhcx5ez.default\extensions\youtube2mp3@mondayx.de
[2009.06.12 20:28:30 | 000,002,438 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\FireFox\Profiles\iqhcx5ez.default\searchplugins\album-cover-artorg.xml
[2009.06.12 20:24:48 | 000,000,737 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\FireFox\Profiles\iqhcx5ez.default\searchplugins\captaincrawl.xml
[2009.06.12 20:25:12 | 000,000,921 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\FireFox\Profiles\iqhcx5ez.default\searchplugins\crawlinet.xml
[2009.08.29 14:32:42 | 000,000,966 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\FireFox\Profiles\iqhcx5ez.default\searchplugins\dictionarycom.xml
[2009.08.29 14:32:42 | 000,001,757 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\FireFox\Profiles\iqhcx5ez.default\searchplugins\google-blogs.xml
[2009.08.29 14:32:42 | 000,001,759 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\FireFox\Profiles\iqhcx5ez.default\searchplugins\google-books.xml
[2009.08.29 14:32:42 | 000,001,769 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\FireFox\Profiles\iqhcx5ez.default\searchplugins\google-directory.xml
[2009.08.29 14:32:42 | 000,001,674 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\FireFox\Profiles\iqhcx5ez.default\searchplugins\google-finance.xml
[2009.08.29 14:32:42 | 000,001,765 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\FireFox\Profiles\iqhcx5ez.default\searchplugins\google-groups.xml
[2009.08.29 14:32:42 | 000,001,725 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\FireFox\Profiles\iqhcx5ez.default\searchplugins\google-images.xml
[2009.08.29 14:32:42 | 000,001,714 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\FireFox\Profiles\iqhcx5ez.default\searchplugins\google-maps.xml
[2009.08.29 14:32:42 | 000,001,740 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\FireFox\Profiles\iqhcx5ez.default\searchplugins\google-news.xml
[2009.08.29 14:32:42 | 000,001,674 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\FireFox\Profiles\iqhcx5ez.default\searchplugins\google-products.xml
[2009.08.29 14:32:42 | 000,001,722 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\FireFox\Profiles\iqhcx5ez.default\searchplugins\google-scholar.xml
[2009.08.29 14:32:42 | 000,001,671 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\FireFox\Profiles\iqhcx5ez.default\searchplugins\google-trends.xml
[2009.08.29 14:32:42 | 000,001,743 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\FireFox\Profiles\iqhcx5ez.default\searchplugins\google-video.xml
[2009.07.22 09:37:46 | 000,004,440 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\FireFox\Profiles\iqhcx5ez.default\searchplugins\hyperwords.xml
[2009.08.29 14:32:42 | 000,000,718 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\FireFox\Profiles\iqhcx5ez.default\searchplugins\imdb-1.xml
[2009.06.12 21:43:24 | 000,001,504 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\FireFox\Profiles\iqhcx5ez.default\searchplugins\imdb.xml
[2009.08.29 14:32:42 | 000,001,481 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\FireFox\Profiles\iqhcx5ez.default\searchplugins\longman-english-dictionary.xml
[2009.07.09 19:51:06 | 000,003,915 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\FireFox\Profiles\iqhcx5ez.default\searchplugins\sweetim.xml
[2009.08.29 14:32:42 | 000,000,923 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\FireFox\Profiles\iqhcx5ez.default\searchplugins\thesauruscom.xml
[2009.08.29 14:32:42 | 000,000,990 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\Mozilla\FireFox\Profiles\iqhcx5ez.default\searchplugins\youtube.xml
[2010.03.31 23:17:33 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.01.12 22:03:50 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll
[2010.01.16 03:15:29 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.01.16 03:15:29 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.01.16 03:15:29 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.16 03:15:29 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.16 03:15:29 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2010.03.31 23:09:18 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.Brenz.pl
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O3 - HKLM\..\Toolbar: (Snagit) - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Programme\TechSmith\Snagit 9\SnagitIEAddin.dll (TechSmith Corporation)
O4 - HKLM..\Run: [23798] C:\Users\Melanie\AppData\Local\Temp\khvcol.exe ()
O4 - Startup: C:\Users\Melanie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Evernote.lnk = F:\Evernote3\EvernoteTray.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O8 - Extra context menu item: Add to &Evernote - C:\Program Files\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, Inc.)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Programme\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Programme\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: TaskMan - (C:\Users\Melanie\AppData\Roaming\gnwwy.exe) - C:\Users\Melanie\AppData\Roaming\gnwwy.exe ()
O24 - Desktop WallPaper: C:\Users\Melanie\Pictures\BilderMelanie\MiserySignalsWall.jpg
O24 - Desktop BackupWallPaper: C:\Users\Melanie\Pictures\BilderMelanie\MiserySignalsWall.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2010.03.31 23:19:00 | 000,555,520 | ---- | C] (OldTimer Tools) -- C:\Users\Melanie\Desktop\OTL.exe
[2010.03.31 23:18:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2010.03.31 23:18:33 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Java
[2010.03.31 23:17:33 | 000,153,376 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.03.31 23:17:33 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.03.31 23:17:33 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.03.31 23:16:02 | 016,291,616 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Melanie\Desktop\jre-6u19-windows-i586.exe
[2010.03.31 23:04:34 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.03.31 23:04:34 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.03.31 23:04:34 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.03.31 23:04:25 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.03.31 23:04:24 | 000,000,000 | --SD | C] -- C:\Test
[2010.03.31 23:03:39 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.03.31 23:03:15 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.03.31 22:07:23 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.03.31 22:07:04 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Melanie\Desktop\HijackThisInstaller.exe
[2010.03.31 21:31:03 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.03.31 21:03:23 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Roaming\Malwarebytes
[2010.03.31 21:03:02 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.03.31 21:03:00 | 000,020,824 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.03.31 21:03:00 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.03.31 21:03:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.03.31 21:02:17 | 005,918,776 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Melanie\Desktop\mbam-setup.exe
[2010.03.31 20:45:04 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\MigWiz
[2010.03.31 19:58:09 | 000,000,000 | -HSD | C] -- C:\Users\Melanie\.COMMgr
[2010.03.27 18:48:20 | 000,000,000 | ---D | C] -- C:\Users\Melanie\Wohnung
[2010.03.27 13:21:16 | 000,000,000 | ---D | C] -- C:\Users\Melanie\Fonts
[2010.03.25 22:51:30 | 000,000,000 | ---D | C] -- C:\Users\Melanie\Software2010
[2010.03.22 01:18:27 | 000,000,000 | R--D | C] -- C:\Users\Melanie\Desktop\Bücher
[2010.03.21 22:48:17 | 000,000,000 | R--D | C] -- C:\Users\Melanie\Desktop\DownLz
[2010.03.19 22:30:03 | 000,000,000 | ---D | C] -- C:\Users\Melanie\PDFs
[2010.03.14 20:46:00 | 000,000,000 | ---D | C] -- C:\Programme\DsNET Corp
[2010.03.14 16:30:08 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Roaming\DivX
[2010.03.14 16:28:15 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DivX Shared
[2010.03.14 16:28:13 | 000,000,000 | ---D | C] -- C:\Programme\DivX
[2010.03.14 07:16:28 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\Apple Computer
[2010.03.13 20:36:10 | 000,000,000 | ---D | C] -- C:\Users\Melanie\Filme
[2010.03.13 16:19:53 | 000,000,000 | ---D | C] -- C:\Users\Melanie\Documents\Meine empfangenen Dateien
[2010.03.09 19:29:11 | 000,000,000 | ---D | C] -- C:\Users\Melanie\Documents\ICQ
[2010.03.08 18:50:28 | 000,000,000 | ---D | C] -- C:\Programme\ICQ Contact Revealer
[2010.03.08 18:46:12 | 000,000,000 | ---D | C] -- C:\Users\Melanie\Tracing
[2010.03.08 18:45:13 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft
[2010.03.08 18:45:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010.03.08 18:44:50 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live SkyDrive
[2010.03.08 18:44:24 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live
[2010.03.08 18:43:58 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010.03.08 18:41:23 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Windows Live
[2010.03.08 16:19:16 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Roaming\ICQ
[2010.03.08 16:19:15 | 000,000,000 | ---D | C] -- C:\Users\Melanie\AppData\Local\AOL
[2010.03.08 16:18:56 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.0
[2008.01.21 04:24:21 | 000,047,616 | ---- | C] (CANON INC.) -- C:\Users\Melanie\AppData\Local\wimcod.dll
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2010.03.31 23:20:23 | 002,097,152 | -HS- | M] () -- C:\Users\Melanie\NTUSER.DAT
[2010.03.31 23:19:01 | 000,555,520 | ---- | M] (OldTimer Tools) -- C:\Users\Melanie\Desktop\OTL.exe
[2010.03.31 23:17:16 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deploytk.dll
[2010.03.31 23:17:16 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2010.03.31 23:17:16 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2010.03.31 23:17:16 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2010.03.31 23:16:39 | 001,418,794 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.03.31 23:16:39 | 000,618,430 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.03.31 23:16:39 | 000,587,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.03.31 23:16:39 | 000,122,842 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.03.31 23:16:39 | 000,101,250 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.03.31 23:16:22 | 016,291,616 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Melanie\Desktop\jre-6u19-windows-i586.exe
[2010.03.31 23:11:40 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At36.job
[2010.03.31 23:11:39 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At35.job
[2010.03.31 23:11:38 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At34.job
[2010.03.31 23:11:37 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At33.job
[2010.03.31 23:11:36 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At32.job
[2010.03.31 23:11:35 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At31.job
[2010.03.31 23:11:34 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At30.job
[2010.03.31 23:11:34 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At29.job
[2010.03.31 23:11:33 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At28.job
[2010.03.31 23:11:32 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At27.job
[2010.03.31 23:11:31 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At26.job
[2010.03.31 23:11:30 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At25.job
[2010.03.31 23:11:28 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At12.job
[2010.03.31 23:11:27 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At11.job
[2010.03.31 23:11:27 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At10.job
[2010.03.31 23:11:26 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At9.job
[2010.03.31 23:11:25 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At8.job
[2010.03.31 23:11:24 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At7.job
[2010.03.31 23:11:18 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At6.job
[2010.03.31 23:11:17 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At5.job
[2010.03.31 23:11:17 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At4.job
[2010.03.31 23:11:15 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At3.job
[2010.03.31 23:11:14 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At2.job
[2010.03.31 23:11:13 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At1.job
[2010.03.31 23:09:37 | 000,028,029 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.03.31 23:09:37 | 000,028,029 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.03.31 23:09:16 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.03.31 23:09:16 | 000,003,712 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.03.31 23:09:15 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.03.31 23:09:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.03.31 23:08:02 | 000,524,288 | -HS- | M] () -- C:\Users\Melanie\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.03.31 23:08:02 | 000,065,536 | -HS- | M] () -- C:\Users\Melanie\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.03.31 23:07:42 | 001,346,574 | -H-- | M] () -- C:\Users\Melanie\AppData\Local\IconCache.db
[2010.03.31 23:01:55 | 003,906,159 | R--- | M] () -- C:\Users\Melanie\Desktop\Test.exe
[2010.03.31 22:29:30 | 000,028,698 | ---- | M] () -- C:\Users\Melanie\AppData\Roaming\chk.ag
[2010.03.31 22:07:24 | 000,001,874 | ---- | M] () -- C:\Users\Melanie\Desktop\HijackThis.lnk
[2010.03.31 22:07:05 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Melanie\Desktop\HijackThisInstaller.exe
[2010.03.31 22:00:14 | 236,878,973 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.03.31 21:38:31 | 000,000,316 | ---- | M] () -- C:\Windows\tasks\At24.job
[2010.03.31 21:38:30 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At23.job
[2010.03.31 21:38:29 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At22.job
[2010.03.31 21:38:28 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At21.job
[2010.03.31 21:38:28 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At20.job
[2010.03.31 21:38:27 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At19.job
[2010.03.31 21:38:26 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At18.job
[2010.03.31 21:38:26 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At17.job
[2010.03.31 21:38:25 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At16.job
[2010.03.31 21:38:24 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At15.job
[2010.03.31 21:38:23 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At14.job
[2010.03.31 21:38:22 | 000,000,384 | ---- | M] () -- C:\Windows\tasks\At13.job
[2010.03.31 21:37:52 | 000,051,200 | ---- | M] () -- C:\lsass.exe
[2010.03.31 21:22:57 | 000,321,024 | ---- | M] () -- C:\Users\Melanie\Desktop\4wl64q2x.exe
[2010.03.31 21:03:06 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.03.31 21:02:30 | 005,918,776 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Melanie\Desktop\mbam-setup.exe
[2010.03.31 20:17:04 | 000,189,440 | RHS- | M] () -- C:\Users\Melanie\AppData\Roaming\gnwwy.exe
[2010.03.31 19:58:28 | 000,094,720 | ---- | M] () -- C:\Windows\System32\rundll32.exe
[2010.03.31 19:57:57 | 000,177,664 | ---- | M] () -- C:\Windows\Yrofya.exe
[2010.03.31 19:57:49 | 000,122,880 | ---- | M] () -- C:\Windows\SC.INS
[2010.03.30 20:19:25 | 000,017,408 | ---- | M] () -- C:\Users\Melanie\AppData\Local\WebpageIcons.db
[2010.03.30 00:46:30 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.03.30 00:45:52 | 000,020,824 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.03.27 16:21:55 | 000,009,216 | ---- | M] () -- C:\Users\Melanie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.03.12 18:02:38 | 000,261,632 | ---- | M] () -- C:\Windows\PEV.exe
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2010.03.31 23:11:39 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At36.job
[2010.03.31 23:11:38 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At35.job
[2010.03.31 23:11:37 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At34.job
[2010.03.31 23:11:36 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At33.job
[2010.03.31 23:11:35 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At32.job
[2010.03.31 23:11:34 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At31.job
[2010.03.31 23:11:34 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At30.job
[2010.03.31 23:11:33 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At29.job
[2010.03.31 23:11:32 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At28.job
[2010.03.31 23:11:31 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At27.job
[2010.03.31 23:11:30 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At26.job
[2010.03.31 23:11:29 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At25.job
[2010.03.31 23:11:27 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At12.job
[2010.03.31 23:11:27 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At11.job
[2010.03.31 23:11:26 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At10.job
[2010.03.31 23:11:14 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At3.job
[2010.03.31 23:11:13 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At2.job
[2010.03.31 23:11:12 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At1.job
[2010.03.31 23:04:34 | 000,261,632 | ---- | C] () -- C:\Windows\PEV.exe
[2010.03.31 23:04:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.03.31 23:04:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.03.31 23:04:34 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.03.31 23:04:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.03.31 23:01:55 | 003,906,159 | R--- | C] () -- C:\Users\Melanie\Desktop\Test.exe
[2010.03.31 22:07:24 | 000,001,874 | ---- | C] () -- C:\Users\Melanie\Desktop\HijackThis.lnk
[2010.03.31 22:05:15 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At8.job
[2010.03.31 22:05:15 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At7.job
[2010.03.31 22:05:14 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At6.job
[2010.03.31 22:05:12 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At5.job
[2010.03.31 22:05:11 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At4.job
[2010.03.31 21:38:31 | 000,000,316 | ---- | C] () -- C:\Windows\tasks\At24.job
[2010.03.31 21:38:29 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At23.job
[2010.03.31 21:38:28 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At22.job
[2010.03.31 21:38:28 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At21.job
[2010.03.31 21:38:27 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At20.job
[2010.03.31 21:38:26 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At19.job
[2010.03.31 21:38:26 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At18.job
[2010.03.31 21:38:25 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At17.job
[2010.03.31 21:38:24 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At16.job
[2010.03.31 21:38:23 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At15.job
[2010.03.31 21:38:22 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At14.job
[2010.03.31 21:38:21 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At13.job
[2010.03.31 21:30:08 | 236,878,973 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.03.31 21:22:57 | 000,321,024 | ---- | C] () -- C:\Users\Melanie\Desktop\4wl64q2x.exe
[2010.03.31 21:19:12 | 000,051,200 | ---- | C] () -- C:\lsass.exe
[2010.03.31 21:03:06 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.03.31 20:35:28 | 000,000,384 | ---- | C] () -- C:\Windows\tasks\At9.job
[2010.03.31 20:17:25 | 000,189,440 | RHS- | C] () -- C:\Users\Melanie\AppData\Roaming\gnwwy.exe
[2010.03.31 19:58:31 | 000,177,664 | ---- | C] () -- C:\Windows\Yrofya.exe
[2010.03.31 19:57:50 | 000,122,880 | ---- | C] () -- C:\Windows\SC.INS
[2010.02.20 21:09:57 | 000,009,216 | ---- | C] () -- C:\Users\Melanie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.02.15 21:23:53 | 000,017,408 | ---- | C] () -- C:\Users\Melanie\AppData\Local\WebpageIcons.db
[2010.02.01 18:18:27 | 000,028,029 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.02.01 18:18:26 | 000,028,029 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010.02.01 17:37:23 | 000,000,000 | ---- | C] () -- C:\Users\Melanie\AppData\Local\QSwitch.txt
[2010.02.01 17:37:23 | 000,000,000 | ---- | C] () -- C:\Users\Melanie\AppData\Local\DSwitch.txt
[2010.02.01 17:37:23 | 000,000,000 | ---- | C] () -- C:\Users\Melanie\AppData\Local\AtStart.txt
[2010.02.01 17:09:25 | 000,028,698 | ---- | C] () -- C:\Users\Melanie\AppData\Roaming\chk.ag
[2010.02.01 15:15:42 | 000,000,680 | ---- | C] () -- C:\Users\Melanie\AppData\Local\d3d9caps.dat
[2009.06.07 13:27:20 | 000,073,728 | ---- | C] () -- C:\Windows\System32\vbzlib1.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.03.09 10:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
< End of report >







Extras.Txt

Code

OTL Extras logfile created on: 31.03.2010 23:21:13 - Run 1
OTL by OldTimer - Version 3.1.37.3     Folder = C:\Users\Melanie\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 60,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225,40 Gb Total Space | 45,06 Gb Free Space | 19,99% Space Free | Partition Type: NTFS
Drive D: | 7,48 Gb Total Space | 7,42 Gb Free Space | 99,14% Space Free | Partition Type: NTFS
Unable to calculate disk information.
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MELANIE-PC
Current User Name: Melanie
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]


[color=#E56717]========== File Associations ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[color=#E56717]========== Shell Spawning ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [foobar2000.enqueue] -- "C:\Program Files\foobar2000\foobar2000.exe" /add "%1" ()
Directory [foobar2000.play] -- "C:\Program Files\foobar2000\foobar2000.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[color=#E56717]========== Security Center Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"oobe_av" = 1
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[color=#E56717]========== Authorized Applications List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{7425C6AD-9F95-4205-9569-7D3D853513D2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{CDDC8B30-603B-4334-92D6-BCDCEE98E365}" = lport=2869 | protocol=6 | dir=in | app=system |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01D7C39F-6E51-4126-A35C-34360EC70B1E}" = protocol=6 | dir=in | app=c:\windows\temp\vrt64b0.tmp |
"{0748CEB5-1733-4987-9847-F1D8C08AA0CD}" = protocol=17 | dir=in | app=c:\windows\temp\vrt64b0.tmp |
"{074ECBF4-1046-443E-88A1-BF28BBE96654}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{0FA6F77B-9144-4EF4-80B6-CAC6F2EE06AC}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{2117269E-69FD-4BFA-B9E9-253FA97B0A27}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{2B0A45B9-D347-47CD-927F-23C884D3CA5A}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{2F11B479-F09E-493F-B815-05B1861759AE}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{361ED45F-7D04-49F9-A130-8556A573D04A}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{3E640D0E-C76C-4AD1-87D0-9225D0D434FD}" = protocol=6 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{79BF77FF-68AA-47BF-BC06-60A348F22203}" = protocol=17 | dir=in | app=c:\windows\temp\vrt64b0.tmp |
"{89D61B26-2226-44E8-9AAB-BA493DF53172}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{B3204352-75F4-4A1D-9F5C-29265B4F0C9B}" = protocol=6 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{B90D4E8D-34BC-493C-8BF0-087413BD2F18}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{BA30811A-7557-4282-924B-50ABDF0B0338}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{CC30CA0C-5370-4E32-82CE-553E6243646C}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"{D25F2FFF-D8C3-41EB-8DD9-56483B869F18}" = protocol=17 | dir=in | app=c:\program files\icq7.0\icq.exe |
"{D2F155F3-CF22-45BE-8107-16B0150F9742}" = protocol=6 | dir=in | app=c:\windows\temp\vrt64b0.tmp |
"{F1543FE1-A296-43DE-9E41-B8E441CFF54D}" = protocol=17 | dir=in | app=c:\program files\icq7.0\aolload.exe |
"TCP Query User{0311C968-22D7-45A2-A132-2F970CB3B8A8}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{B3D84C74-F13B-488A-A801-147F89D95523}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 19
"{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}" = HP QuickTouch 1.00 D2
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 B2
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5C209D68-1411-4725-8CDE-1676A85E083E}_is1" = ICQ Contact Revealer 1.0
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{65AA10FF-6F32-48AE-881F-FC96E7BF3A5E}" = ESU for Microsoft Vista
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{88EB38EF-4D2C-436D-ABD3-56B232674062}" = ICQ7
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3 - Deutsch
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B440D659-FECA-4BDD-A12B-5C9F05790FF3}" = Snagit 9.1.2
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F761359C-9CED-45AE-9A51-9D6605CD55C4}" = Evernote
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"aTube Catcher" = aTube Catcher
"Broadcom 802.11b Network Adapter" = Broadcom 802.11-WLAN-Adapter
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"foobar2000" = foobar2000 v0.9.5.2
"HijackThis" = HijackThis 2.0.2
"JDownloader" = JDownloader
"LastFM_is1" = Last.fm 1.5.4.24567
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.2pre)" = Mozilla Firefox (3.6.2pre)
"Mozilla Thunderbird (3.0.3)" = Mozilla Thunderbird (3.0.3)
"Notepad++" = Notepad++
"NVIDIA Drivers" = NVIDIA Drivers
"RocketDock_is1" = RocketDock 1.3.5
"srv" = Advertisement Service
"Streamripper" = Streamripper (Remove only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Zattoo4" = Zattoo4 4.0.4

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Anwendungserkennung

[color=#E56717]========== Last 10 Event Log Errors ==========[/color]

[ Application Events ]
Error - 31.03.2010 17:06:57 | Computer Name = Melanie-PC | Source = SPP | ID = 16387
Description =

Error - 31.03.2010 17:06:57 | Computer Name = Melanie-PC | Source = System Restore | ID = 8193
Description =

Error - 31.03.2010 17:06:59 | Computer Name = Melanie-PC | Source = SPP | ID = 16387
Description =

Error - 31.03.2010 17:06:59 | Computer Name = Melanie-PC | Source = System Restore | ID = 8193
Description =

Error - 31.03.2010 17:10:02 | Computer Name = Melanie-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung VRT1E68.tmp, Version 1.0.0.0, Zeitstempel 0x4bb29dfe,
fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode
0xc0000005, Fehleroffset 0x001c8e80,  Prozess-ID 0xeb0, Anwendungsstartzeit 01cad116851d01c9.

Error - 31.03.2010 17:10:47 | Computer Name = Melanie-PC | Source = WinMgmt | ID = 10
Description =

Error - 31.03.2010 17:17:07 | Computer Name = Melanie-PC | Source = SPP | ID = 16387
Description =

Error - 31.03.2010 17:17:07 | Computer Name = Melanie-PC | Source = System Restore | ID = 8193
Description =

Error - 31.03.2010 17:17:11 | Computer Name = Melanie-PC | Source = SPP | ID = 16387
Description =

Error - 31.03.2010 17:17:11 | Computer Name = Melanie-PC | Source = System Restore | ID = 8193
Description =

[ System Events ]
Error - 31.03.2010 15:39:53 | Computer Name = Melanie-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 31.03.2010 um 21:38:04 unerwartet heruntergefahren.

Error - 31.03.2010 15:44:01 | Computer Name = Melanie-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 31.03.2010 um 21:39:53 unerwartet heruntergefahren.

Error - 31.03.2010 15:44:05 | Computer Name = Melanie-PC | Source = HTTP | ID = 15016
Description =

Error - 31.03.2010 15:45:35 | Computer Name = Melanie-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 31.03.2010 16:00:28 | Computer Name = Melanie-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 31.03.2010 um 21:58:50 unerwartet heruntergefahren.

Error - 31.03.2010 16:03:01 | Computer Name = Melanie-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 31.03.2010 um 22:00:28 unerwartet heruntergefahren.

Error - 31.03.2010 16:03:05 | Computer Name = Melanie-PC | Source = HTTP | ID = 15016
Description =

Error - 31.03.2010 16:04:38 | Computer Name = Melanie-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 31.03.2010 17:09:15 | Computer Name = Melanie-PC | Source = HTTP | ID = 15016
Description =

Error - 31.03.2010 17:10:48 | Computer Name = Melanie-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >
Seitenanfang Seitenende
01.04.2010, 10:05
Moderator

Beiträge: 5694
#2 Backdoor Warnung

Da Dein Computer mit einer sog. Backdoor (Hintertür) infiziert ist, lies Dir diesen Beitrag sehr aufmerksam durch. Eine Backdoor versteckt sich durch ein Rootkit. Backdoors verursachen diverse Schäden in Windows und erlauben dem Angreifer die komplette Kontrolle über das infizierte System zu übernehmen. Sei Dir bewusst, dass der Angreifer neue Schädlinge bei Bedarf "nachladen" kann, dass er Tastatur-Eingaben mitloggen kann, dass er Programme ausführen kann und/oder sehen kann, was auf Deinem Bildschirm passiert. Daher lautet meine dringende Empfehlung, zu formatieren und Windows neu zu installieren. Das Thema wird sehr kontrovers diskutiert, aber viele Experten aus der "Security Comunity" sind sicher, dass ein einmal mit einer Backdoor infiziertes System auch nach einer Bereiniung nicht wieder als vertrauenswürdig anzusehen ist, denn es ist nicht das Gefährliche, was wir sehen, sondern das, was wir nicht sehen.

Eine weitere Gefahr bei dieser Art von Infektion ist der Identitätsklau, denn diese Art von Schädling kann alle Deine Passwörter stehlen, E-Mail-Daten, Bankdaten, Karten-Nummern usw. durch
Mitloggen der Tastatur-Eingaben ausspionieren. Mit diesem System auf keinen Fall mehr Online-Banking, Filesharing, Mailing oder Messaging betreiben.

Bitte trenne den Computer während der Neuinstallation oder Bereinigung vom
Internet (Netz und WLAN), denn wenn der Computer am Netz angeschlossen ist, kann der Angreifer das
System weiter modifizieren und vorbeugende Maßnahmen treffen, damit eine Bereinigung so manipuliert
wird, dass Fixes nicht so ausgeführt werden, wie vorgesehen. Tiefergehende Informationen zu diesem
Thema findest Du bei Gehen Sie sicher ins Internet.

Lasse mich wissen, ob Du den Rechner neu aufsetzt oder ob Du trotz obiger
Warnung eine umfangreiche, langwierige Bereinigung versuchen möchtest, deren Ende sein könnte, dass
das System trotz Bereinigungsversuch neu aufgesetzt werden muss.

Zitat

Da der Computer aktuell
als komprimitiert eingestuft wird, unbedingt den Rechner vom Netz trennen, wenn er unbeaufsichtigt ist. Mit diesem Computer keinesfalls Online-Banking, Filesharing, Mailing oder Messaging betreiben.
Keine Up- und Downloads, außer auf Security-Seiten. Alle auf diesem System gespeicherten Passwörter
von einem garantiert sauberen Rechner aus durch neue ersetzen. Mehr Information zum Thema, siehe auch
System-Sicherheit
Seitenanfang Seitenende
02.04.2010, 10:46
...neu hier

Themenstarter

Beiträge: 7
#3 guten morgen,

mir blieb nichts anderes übrig als den pc neu aufzusetzen.
ich konnte auch auf dieses board nicht mehr zugreifen.

danke für die hilfe & und allen schöne ostertage....
Seitenanfang Seitenende
02.04.2010, 13:47
Moderator

Beiträge: 5694
#4 Danke Dir für die Rückmeldung. Zumal es sowieso das sinnvollste war das System komplett neu aufzusetzen ;)

Dir auch frohe Ostern.
Seitenanfang Seitenende