[cahele]

In the past days Ive had some problems with the computer, after some research I find out that the virus is the famous fake Windows Security Center...
Ive tryed downloading Malwarebytes, several anti virus, etc. but it keeps appearing and installing Digital Protection...
This same virus blocked my audio and my taskmanager. Im working in the SafeMode, I dont know what to do and Im not in my home country so I need online help
Thanks

[Advertisements]

Hello cahele and welcome to GeeksToGo
I'm hammerman and I'm going to help you fix your problem.

Before we begin, here are some guidelines which will help us both in fixing your problem.

• Malware removal is not instantaneous and will take a number of steps to complete. Please continue to carry out the steps requested until I let you know that your computer appears clean.
• Please do no attach logs or post them in Quote/Code boxes unless requested.
• I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread. You can copy and paste these instructions into Notepad and then save the text file to your Desktop. If you need any help with this or further clarification, please let me know.
• When posting logs, please ensure Word Wrap is turned off in Notepad. Open Notepad, select Format on the menu bar and make sure that Word Wrap is unchecked.
• Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
• If in doubt about anything, please ask.

Please follow these steps.

-- Step 1 --

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Under the Custom Scan box paste this in
  
  netsvcs
  %SYSTEMDRIVE%\*.*
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\drivers\*.sys /90
  
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

-- Step 2 --

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

• Double click GMER.exe.
  
• If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
• In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
    
    Click the image to enlarge it
• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
• Save the log where you can easily find it, such as your desktop.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.Hello and welcome to GeeksToGo

[hammerman]

Hello cahele and welcome to GeeksToGo
I'm hammerman and I'm going to help you fix your problem.

Before we begin, here are some guidelines which will help us both in fixing your problem.

• Malware removal is not instantaneous and will take a number of steps to complete. Please continue to carry out the steps requested until I let you know that your computer appears clean.
• Please do no attach logs or post them in Quote/Code boxes unless requested.
• I suggest you print or save any instructions I give you for easy reference. We may be using Safe mode and you will not always be able to access this thread. You can copy and paste these instructions into Notepad and then save the text file to your Desktop. If you need any help with this or further clarification, please let me know.
• When posting logs, please ensure Word Wrap is turned off in Notepad. Open Notepad, select Format on the menu bar and make sure that Word Wrap is unchecked.
• Please follow the steps exactly in the same order posted. If you can't perform a certain step, or you're unsure on what to do, please stop and let me know.
• If in doubt about anything, please ask.

Please follow these steps.

-- Step 1 --

• Download OTL to your desktop.
• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• When the window appears, underneath Output at the top change it to Minimal Output.
• Under the Custom Scan box paste this in
  
  netsvcs
  %SYSTEMDRIVE%\*.*
  %systemroot%\*. /mp /s
  CREATERESTOREPOINT
  %systemroot%\system32\*.dll /lockedfiles
  %systemroot%\Tasks\*.job /lockedfiles
  %systemroot%\System32\config\*.sav
  %systemroot%\system32\drivers\*.sys /90
  
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

-- Step 2 --

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

• Double click GMER.exe.
  
• If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
• In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
    
    Click the image to enlarge it
• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
• Save the log where you can easily find it, such as your desktop.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.Hello and welcome to GeeksToGo

[cahele]

OTL
OTL logfile created on: 05/05/2010 01:30:02 p.m. - Run 2
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Dokumente und Einstellungen\Caro\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000140A | Country: Costa Rica | Language: ESC | Date Format: dd/MM/yyyy

1.014,00 Mb Total Physical Memory | 757,00 Mb Available Physical Memory | 75,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 94,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 145,32 Gb Total Space | 133,00 Gb Free Space | 91,52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CAROHERRERA
Current User Name: Caro
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Dokumente und Einstellungen\Caro\Desktop\OTL.exe (OldTimer Tools)
PRC - c:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Dokumente und Einstellungen\Caro\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (ACDaemon) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Programme\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Programme\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Programme\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (McProxy) -- c:\Programme\Gemeinsame Dateien\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\Programme\Gemeinsame Dateien\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (SOHDms) -- C:\Programme\Gemeinsame Dateien\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Programme\Gemeinsame Dateien\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (SOHPlMgr) -- C:\Programme\Gemeinsame Dateien\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Programme\Gemeinsame Dateien\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (SOHDBSvr) -- C:\Programme\Gemeinsame Dateien\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VCFw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (uCamMonitor) -- C:\Programme\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Programme\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (IviRegMgr) -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Driver Services (SafeList) ==========

DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (MPFP) -- C:\WINDOWS\system32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (L1c) -- C:\WINDOWS\system32\drivers\l1c51x86.sys (Atheros Communications, Inc.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\ambfilt.sys (Creative)
DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (5U876UVC) -- C:\WINDOWS\system32\drivers\5U876.sys (Ricoh co.,Ltd.)
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (risdptsk) -- C:\WINDOWS\system32\drivers\risdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (ArcSoftKsUFilter) -- C:\WINDOWS\system32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (Changer) -- C:\WINDOWS\system32\drivers\changer.sys (Microsoft Corporation)
DRV - (lbrtfdc) -- C:\WINDOWS\system32\drivers\lbrtfdc.sys (Toshiba Corp.)
DRV - (regi) -- C:\WINDOWS\system32\drivers\regi.sys (InterVideo)
DRV - (AWINDIS5) -- C:\WINDOWS\system32\AWINDIS5.SYS (AMBIT Microsystems Corporation.)
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.live.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.live.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Programme\McAfee\SiteAdvisor [2010/05/04 18:36:17 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2008/12/25 05:31:46 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AzMixerSel] C:\Programme\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [jhaf897ifhdifhsd9fdiujhndd] C:\WINDOWS\System32\svvchost.exe File not found
O4 - HKLM..\Run: [mcagent_exe] C:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Programme\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Programme\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Switcher.exe] C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIO Update 4] C:\Programme\Sony\VAIO Update 4\VAIOUpdt.exe (Sony Corporation)
O4 - HKCU..\Run: [asrkn_pfu.exe] C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Temp\asrkn_pfu.exe (Microsoft Corporation)
O4 - HKCU..\Run: [M5T8QL3YW3] C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Temp\Mph.exe ()
O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\VAIO Flavored Wallpaper 1024x600.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\VAIO Flavored Wallpaper 1024x600.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/18 16:23:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/04 21:23:46 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys
[2010/05/04 18:33:53 | 000,000,000 | ---D | C] -- C:\Programme\Digital Protection
[2010/05/04 18:29:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/05/04 15:40:51 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Caro\Desktop\OTL.exe
[2010/05/02 19:00:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Desktop\tdsskiller
[2010/05/01 19:58:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Malwarebytes
[2010/05/01 19:50:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/01 19:50:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010/05/01 19:50:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/01 19:50:53 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010/05/01 19:20:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia
[2010/05/01 19:19:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe
[2010/05/01 17:30:52 | 000,000,000 | ---D | C] -- C:\Programme\AxBx
[2010/05/01 12:49:40 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys
[2010/05/01 12:49:40 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2010/05/01 12:49:36 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\changer.sys
[2010/05/01 12:49:36 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2010/05/01 12:49:31 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys
[2010/05/01 12:47:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\9056589C0AB5F79B5F8A8DB3FCF89729
[2010/05/01 12:39:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/04/27 21:58:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/04/27 21:58:16 | 000,000,000 | ---D | C] -- C:\Programme\MSBuild
[2010/04/27 21:58:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/04/27 21:58:04 | 000,000,000 | ---D | C] -- C:\Programme\Reference Assemblies
[2010/04/27 21:57:27 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2010/04/27 21:57:27 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2010/04/27 21:57:27 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2010/04/27 21:57:26 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2010/04/27 21:57:26 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2010/04/27 21:57:26 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2010/04/27 21:57:25 | 000,000,000 | ---D | C] -- C:\99f95159b85f4aa5ad24
[2010/04/27 21:49:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/04/27 15:15:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe
[2010/04/26 17:29:07 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010/04/25 16:05:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\ArcSoft
[2010/04/25 11:24:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\Ares
[2010/04/25 11:24:41 | 000,000,000 | ---D | C] -- C:\Programme\Ares
[2010/04/25 11:01:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Eigene Dateien\Meine empfangenen Dateien
[2010/04/25 10:58:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Tracing
[2010/04/25 10:46:05 | 000,273,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2010/04/25 10:45:51 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2010/04/25 10:45:47 | 002,148,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/04/25 10:45:46 | 002,027,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/04/25 10:45:45 | 002,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2010/04/25 10:45:28 | 000,455,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010/04/25 10:45:23 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/04/25 10:40:29 | 000,765,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2010/04/25 10:40:14 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2010/04/25 10:40:13 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2010/04/25 10:39:34 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/04/25 10:38:35 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2010/04/25 10:36:06 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll
[2010/04/25 10:16:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/04/24 22:30:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Apple Computer
[2010/04/24 22:29:33 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2010/04/24 22:27:47 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010/04/24 22:27:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/24 22:27:35 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2010/04/24 22:25:52 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2010/04/24 22:25:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer
[2010/04/24 22:25:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\Apple
[2010/04/24 22:25:25 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update
[2010/04/24 22:25:12 | 003,003,680 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2010/04/24 22:24:17 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2010/04/24 22:23:56 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Apple
[2010/04/24 22:23:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple
[2010/04/24 22:23:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\Apple Computer
[2010/04/24 22:09:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Google
[2010/04/24 21:56:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\Temp
[2010/04/24 21:56:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google
[2010/04/24 21:52:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ArcSoft
[2010/04/24 21:52:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\ArcSoft
[2010/04/24 21:51:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google
[2010/04/24 21:51:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\skypePM
[2010/04/24 21:51:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\Google
[2010/04/24 21:50:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Skype
[2010/04/24 21:50:21 | 000,000,000 | ---D | C] -- C:\Programme\Google
[2010/04/24 21:50:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google
[2010/04/24 21:50:05 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype
[2010/04/24 21:49:57 | 000,000,000 | R--D | C] -- C:\Programme\Skype
[2010/04/24 21:45:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Macromedia
[2010/04/24 21:44:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\SACore
[2010/04/24 17:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/04/24 17:45:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Adobe
[2010/04/24 16:38:56 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Microsoft
[2010/04/24 16:38:56 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten
[2010/04/24 16:38:56 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Caro\Eigene Dateien\Eigene Musik
[2010/04/24 16:38:56 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Caro\Eigene Dateien
[2010/04/24 16:38:56 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Caro\Eigene Dateien\Eigene Bilder
[2010/04/24 16:38:56 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Caro\Cookies
[2010/04/24 16:38:56 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Caro\Druckumgebung
[2010/04/24 16:38:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Sun
[2010/04/24 16:38:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Sony Corporation
[2010/04/24 16:38:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\InstallShield
[2010/04/24 16:38:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Identities
[2010/04/24 16:38:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Desktop
[2010/04/24 16:38:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Eigene Dateien\Bluetooth-Exchange-Ordner
[2010/04/24 16:38:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Bluetooth Software
[2010/04/24 16:38:55 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Caro\Favoriten
[2010/04/24 16:38:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2010/04/24 16:38:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\ApplicationHistory
[2010/04/24 16:38:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\Adobe
[2010/04/24 16:38:54 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Caro\SendTo
[2010/04/24 16:38:54 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Caro\Recent
[2010/04/24 16:38:54 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Caro\Startmenü
[2010/04/24 16:38:54 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Caro\Vorlagen
[2010/04/24 16:38:54 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Caro\Netzwerkumgebung
[2010/04/24 16:38:54 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen
[2010/04/24 16:37:52 | 000,000,000 | ---D | C] -- C:\Programme\Programmverknüpfungen
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/05 13:18:41 | 000,011,541 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/05/05 13:18:31 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/05 13:18:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/04 21:25:55 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/04 18:35:53 | 002,621,440 | -H-- | M] () -- C:\Dokumente und Einstellungen\Caro\NTUSER.DAT
[2010/05/04 18:35:44 | 000,008,212 | ---- | M] () -- C:\WINDOWS\mfebcdata
[2010/05/04 18:35:44 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/04 18:35:39 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Caro\ntuser.ini
[2010/05/04 18:35:32 | 003,228,748 | -H-- | M] () -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010/05/04 18:35:30 | 000,000,278 | -H-- | M] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/05/04 18:23:04 | 000,001,008 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/04 15:41:09 | 000,284,915 | ---- | M] () -- C:\Dokumente und Einstellungen\Caro\Desktop\gmer.zip
[2010/05/04 15:40:54 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Caro\Desktop\OTL.exe
[2010/05/04 15:29:23 | 000,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2010/05/02 22:01:04 | 000,001,012 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/01 19:50:58 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/01 12:47:05 | 000,165,376 | ---- | M] () -- C:\WINDOWS\Mhizua.exe
[2010/04/30 22:31:51 | 000,458,822 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010/04/30 22:31:51 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/30 22:31:51 | 000,084,326 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010/04/30 22:31:51 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/30 22:31:49 | 001,069,904 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/29 19:57:28 | 000,003,584 | ---- | M] () -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/29 17:14:55 | 000,015,672 | ---- | M] () -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 20:28:00 | 000,106,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/27 15:14:07 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/25 14:53:40 | 000,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/25 14:53:35 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/04/25 14:53:34 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/04/25 11:24:45 | 000,000,598 | ---- | M] () -- C:\Dokumente und Einstellungen\Caro\Desktop\Ares.lnk
[2010/04/25 11:14:53 | 000,000,104 | ---- | M] () -- C:\Dokumente und Einstellungen\Caro\Desktop\Internet.lnk
[2010/04/24 22:26:39 | 000,001,584 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk
[2010/04/24 22:25:31 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/24 21:51:15 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/04/24 16:39:11 | 000,000,000 | RH-- | M] () -- C:\WINDOWS\System32\drivers\104D_Sony_VPCW11S1E.mrk
[2010/04/24 16:38:03 | 000,000,155 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/04/24 16:38:01 | 000,262,144 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\NTUSER.DAT
[2010/04/24 16:37:59 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/04/24 16:37:52 | 000,005,208 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2010/04/24 16:32:02 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/04 18:35:44 | 000,008,212 | ---- | C] () -- C:\WINDOWS\mfebcdata
[2010/05/04 15:41:09 | 000,284,915 | ---- | C] () -- C:\Dokumente und Einstellungen\Caro\Desktop\gmer.zip
[2010/05/02 12:55:25 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/01 19:50:58 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/01 13:08:54 | 000,000,278 | -H-- | C] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/05/01 12:48:03 | 000,165,376 | ---- | C] () -- C:\WINDOWS\Mhizua.exe
[2010/04/29 19:57:28 | 000,003,584 | ---- | C] () -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/25 14:53:34 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/04/25 14:53:34 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/04/25 11:24:45 | 000,000,598 | ---- | C] () -- C:\Dokumente und Einstellungen\Caro\Desktop\Ares.lnk
[2010/04/25 11:14:53 | 000,000,104 | ---- | C] () -- C:\Dokumente und Einstellungen\Caro\Desktop\Internet.lnk
[2010/04/24 22:29:37 | 000,002,121 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2010/04/24 22:26:39 | 000,001,584 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk
[2010/04/24 22:25:31 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/24 21:51:15 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/04/24 21:51:14 | 000,001,012 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/24 21:51:14 | 000,001,008 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/24 16:39:11 | 000,000,000 | RH-- | C] () -- C:\WINDOWS\System32\drivers\104D_Sony_VPCW11S1E.mrk
[2010/04/24 16:38:58 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010/04/24 16:38:54 | 000,421,888 | -H-- | C] () -- C:\Dokumente und Einstellungen\Caro\ntuser.dat.LOG
[2010/04/24 16:38:54 | 000,000,190 | -HS- | C] () -- C:\Dokumente und Einstellungen\Caro\ntuser.ini
[2010/04/24 16:38:53 | 002,621,440 | -H-- | C] () -- C:\Dokumente und Einstellungen\Caro\NTUSER.DAT
[2010/04/24 16:38:00 | 000,262,144 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\NTUSER.DAT
[2010/04/24 16:38:00 | 000,001,024 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\NTUSER.DAT.LOG
[2009/06/19 10:30:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/06/19 09:34:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2009/06/19 02:09:08 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/06/18 17:21:19 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\WLanDLL.dll
[2009/06/18 17:08:51 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/05/08 15:08:42 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2005/02/17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/06/18 16:23:21 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/04/24 16:37:59 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2008/12/25 05:30:59 | 000,004,952 | RHS- | M] () -- C:\bootfont.bin
[2009/06/18 16:23:21 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/06/18 16:23:21 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/06/18 16:23:21 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/12/25 05:32:58 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/12/25 05:32:59 | 000,251,712 | RHS- | M] () -- C:\ntldr
[2010/05/05 13:17:55 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2010/05/02 19:17:37 | 000,000,603 | ---- | M] () -- C:\rkill.log
[2010/05/02 19:00:34 | 000,032,200 | ---- | M] () -- C:\TDSSKiller.2.2.8.1_02.05.2010_19.00.30_log.txt
[2010/05/02 19:15:25 | 000,032,200 | ---- | M] () -- C:\TDSSKiller.2.2.8.1_02.05.2010_19.15.20_log.txt
[2010/05/02 19:20:45 | 000,031,120 | ---- | M] () -- C:\TDSSKiller.2.2.8.1_02.05.2010_19.20.44_log.txt
[2010/05/02 19:21:02 | 000,031,120 | ---- | M] () -- C:\TDSSKiller.2.2.8.1_02.05.2010_19.21.01_log.txt
[2010/05/02 21:36:42 | 000,032,200 | ---- | M] () -- C:\TDSSKiller.2.2.8.1_02.05.2010_21.36.39_log.txt
[2010/05/03 21:40:37 | 000,032,222 | ---- | M] () -- C:\TDSSKiller.2.2.8.1_03.05.2010_21.40.35_log.txt
[2010/05/04 18:34:32 | 000,032,200 | ---- | M] () -- C:\TDSSKiller.2.2.8.1_04.05.2010_18.34.28_log.txt

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/06/18 18:15:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/06/18 18:15:02 | 001,069,056 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/06/18 18:15:01 | 000,442,368 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/05/04 18:36:12 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atapi.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/17 16:52:48 | 000,079,816 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys
[2010/02/17 16:52:48 | 000,035,272 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys
[2010/02/17 16:52:48 | 000,214,664 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys
[2010/02/17 16:52:10 | 000,034,248 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys
[2010/02/17 16:52:48 | 000,040,552 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys
[2010/02/24 15:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/02/11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
< End of report >

EXTRA (yesterday i did it and this was the EXTRA but today I run it again and there was no extra, so I send you this one)
OTL Extras logfile created on: 04/05/2010 03:55:07 p.m. - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Dokumente und Einstellungen\Caro\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000140A | Country: Costa Rica | Language: ESC | Date Format: dd/MM/yyyy

1.014,00 Mb Total Physical Memory | 789,00 Mb Available Physical Memory | 78,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 95,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 145,32 Gb Total Space | 133,04 Gb Free Space | 91,55% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CAROHERRERA
Current User Name: Caro
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"5246:TCP" = 5246:TCP:*:Enabled:Services
"8992:TCP" = 8992:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"5246:TCP" = 5246:TCP:*:Enabled:Services
"8992:TCP" = 8992:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Programme\iTunes\iTunes.exe" = C:\Programme\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Programme\Gemeinsame Dateien\McAfee\MNA\McNASvc.exe" = C:\Programme\Gemeinsame Dateien\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent -- (McAfee, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23825B69-36DF-4DAD-9CFD-118D11D80F16}" = VAIO Content Folder Setting
"{23F19C34-E309-4506-A530-3BADD41F5953}" = Sony Visual Communication Camera Ver.1.4.230.0
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java™ 6 Update 11
"{27337663-2619-11D4-99DC-0000F49094C7}" = Memory Stick Formatter
"{2878C3C9-9D91-430F-8F50-885BB23DB001}" = VAIO Content Folder Watcher
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{2A0F3EF9-68EE-49E9-A05B-ED5B82DF63E5}" = Wireless Switch Setting Utility
"{327B75F0-92AF-420A-988F-FA596A218E0B}" = VAIO Content Folder Watcher
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A23120C-CD83-4CE6-B451-C5C998052522}" = Battery Care Function
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy Media Creator 10 LJ
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{59452470-A902-477F-9338-9B88101681BD}" = Setting Utility Series
"{64DBE9FE-A07D-41A0-B81A-8D416D9647FF}" = VAIO Content Folder Watcher
"{6B1F20F2-6321-4669-A58C-33DF8E7517FF}" = VAIO Entertainment Platform
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{76BC2442-0002-47FA-9617-43BAD82BEF4C}" = Bonjour
"{7BB90344-0647-468E-925A-7F69F7983421}" = ArcSoft Magic-i Visual Effects 2
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83CDA18E-0BF3-4ACA-872C-B4CDABF2360E}" = VAIO Update 4
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}" = VAIO Media plus
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{9238E8A4-BEBA-43A3-B926-769BDBF194C5}" = VAIO Media plus Opening Movie
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97EC9F81-0A43-4BDB-AA10-F96C7C965E01}" = Atheros AR928X Wireless Network Adapter
"{996A2FAA-7514-4628-9D12-A8FC34A0016E}" = iTunes
"{9973498D-EA29-4A68-BE0B-C88D6E03E928}" = ArcSoft WebCam Companion 2
"{9E319E96-ED8E-4B01-9775-C521A1869A25}" = VAIO Power Management
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9D3D707-4A1A-4227-BE6E-F16448B4CB63}" = VAIO Entertainment Platform
"{AC76BA86-7AD7-1031-7B44-A90100000001}" = Adobe Reader 9.0.1 - Deutsch
"{B5BCBD49-202F-4238-8398-D83D423A48B4}" = Windows Live Anmelde-Assistent
"{B5C3B892-0849-476C-9F46-B12F84819D57}" = Apple Mobile Device Support
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{B75A38E9-3F99-497E-A46E-625FC6D76066}" =
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup aktivieren
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03D02D8-AB64-4785-A48E-5AA8B0FB8C14}" = Sony Home Network Library
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E5D24A5A-F8E0-4F51-8962-DB15F05E03CD}" = VAIO Flavored Wallpaper
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EF3D45BB-2260-4008-88EA-492E7744A9DF}" = Sony Utilities DLL
"{F0D85ADD-DD61-4B43-87A0-6DA52A211A8B}" = VAIO Event Service
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{FBC2AC8F-1669-4A84-9B3F-130A41CEB491}" = Sony Home Network Library
"{FC37C108-821D-4EDE-8F40-D5B497586805}" = VAIO Control Center
"{FE51662F-D8F6-43B5-99D9-D4894AF00F83}" = Roxio Easy Media Creator Home
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ares" = Ares 2.1.5
"HDMI" = Intel® Graphics Media Accelerator Driver
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = WinDVD for VAIO
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSC" = McAfee SecurityCenter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Multi Virus Cleaner 2009_is1" = Multi Virus Cleaner 2009
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 02/05/2010 03:51:13 a.m. | Computer Name = CAROHERRERA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 40141

Error - 02/05/2010 06:47:58 a.m. | Computer Name = CAROHERRERA | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)

Error - 02/05/2010 07:12:55 a.m. | Computer Name = CAROHERRERA | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung asrkn_pfu.exe, Version 1.0.0.1, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 02/05/2010 07:13:41 a.m. | Computer Name = CAROHERRERA | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)

Error - 02/05/2010 12:26:33 p.m. | Computer Name = CAROHERRERA | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)

Error - 02/05/2010 12:45:53 p.m. | Computer Name = CAROHERRERA | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)

Error - 02/05/2010 01:04:47 p.m. | Computer Name = CAROHERRERA | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)

Error - 02/05/2010 03:34:58 p.m. | Computer Name = CAROHERRERA | Source = VzCdbSvc | ID = 7
Description = Das Plug-In-Modul konnte nicht geladen werden. (GUID = {56F9312C-C989-4E04-8C23-299DEE3A36F5})
(Fehlercode = 0x80042019)

Error - 02/05/2010 03:35:10 p.m. | Computer Name = CAROHERRERA | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung asrkn_pfu.exe, Version 1.0.0.1, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.

Error - 02/05/2010 03:35:50 p.m. | Computer Name = CAROHERRERA | Source = Application Hang | ID = 1001
Description = Fehlerhafter Speicherbereich 1838466675.

[ System Events ]
Error - 02/05/2010 06:53:03 a.m. | Computer Name = CAROHERRERA | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
DMICall Fips intelppm mfehidk

Error - 02/05/2010 06:53:33 a.m. | Computer Name = CAROHERRERA | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "McNASvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {24F616A1-B755-4053-8018-C3425DC8B68A}

Error - 02/05/2010 06:53:35 a.m. | Computer Name = CAROHERRERA | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "McNASvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {24F616A1-B755-4053-8018-C3425DC8B68A}

Error - 02/05/2010 07:04:40 a.m. | Computer Name = CAROHERRERA | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 02/05/2010 07:05:06 a.m. | Computer Name = CAROHERRERA | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "StiSvc"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 02/05/2010 07:10:35 a.m. | Computer Name = CAROHERRERA | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
mit den Argumenten "" gestartet wurde, um den folgenden Server zu verwenden: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 02/05/2010 07:13:01 a.m. | Computer Name = CAROHERRERA | Source = DCOM | ID = 10010
Description = Der Server "{C7E39D60-7A9F-42BF-ABB1-03DC0FA4F493}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error - 02/05/2010 07:13:36 a.m. | Computer Name = CAROHERRERA | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
von Dienst mcmscsvc.

Error - 02/05/2010 12:25:26 p.m. | Computer Name = CAROHERRERA | Source = Ftdisk | ID = 262189
Description = Das System konnte den Treiber für das Speicherabbild nicht laden.

Error - 02/05/2010 12:25:26 p.m. | Computer Name = CAROHERRERA | Source = Ftdisk | ID = 262193
Description = Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist
fehlgeschlagen. Stellen Sie sicher, dass eine Auslagerungsdatei auf der Startpartition
vorhanden ist und dass diese groß genug ist, um den gesamten physikalischen Speicher
abbilden zu können.


< End of report >

ARK
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-05-05 15:47:03
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOKUME~1\Caro\LOKALE~1\Temp\fwrdyuog.sys


---- User code sections - GMER 1.0.15 ----

.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[276] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 012F2862
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[276] WS2_32.dll!send 71A14C27 5 Bytes JMP 012F26EE
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[276] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 012F27E0
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[276] WS2_32.dll!recv 71A1676F 5 Bytes JMP 012F2726
.text c:\PROGRA~1\mcafee.com\agent\mcagent.exe[276] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 012F275E
.text C:\DOKUME~1\Caro\LOKALE~1\Temp\Temporäres Verzeichnis 4 für gmer.zip\gmer.exe[544] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 00F72862
.text C:\DOKUME~1\Caro\LOKALE~1\Temp\Temporäres Verzeichnis 4 für gmer.zip\gmer.exe[544] WS2_32.dll!send 71A14C27 5 Bytes JMP 00F726EE
.text C:\DOKUME~1\Caro\LOKALE~1\Temp\Temporäres Verzeichnis 4 für gmer.zip\gmer.exe[544] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 00F727E0
.text C:\DOKUME~1\Caro\LOKALE~1\Temp\Temporäres Verzeichnis 4 für gmer.zip\gmer.exe[544] WS2_32.dll!recv 71A1676F 5 Bytes JMP 00F72726
.text C:\DOKUME~1\Caro\LOKALE~1\Temp\Temporäres Verzeichnis 4 für gmer.zip\gmer.exe[544] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 00F7275E
.text C:\WINDOWS\system32\svchost.exe[1140] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 009D000A
.text C:\WINDOWS\system32\svchost.exe[1140] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 009E000A
.text C:\WINDOWS\system32\svchost.exe[1140] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 5 Bytes JMP 009C000C
.text C:\WINDOWS\system32\svchost.exe[1140] ole32.dll!CoCreateInstance 774D057E 5 Bytes JMP 010A000A
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1492] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 00952862
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1492] WS2_32.dll!send 71A14C27 5 Bytes JMP 009526EE
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1492] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 009527E0
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1492] WS2_32.dll!recv 71A1676F 5 Bytes JMP 00952726
.text C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe[1492] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 0095275E
.text C:\Programme\McAfee\MPF\MPFSrv.exe[1596] WS2_32.dll!closesocket 71A13E2B 5 Bytes JMP 00B72862
.text C:\Programme\McAfee\MPF\MPFSrv.exe[1596] WS2_32.dll!send 71A14C27 5 Bytes JMP 00B726EE
.text C:\Programme\McAfee\MPF\MPFSrv.exe[1596] WS2_32.dll!WSARecv 71A14CB5 5 Bytes JMP 00B727E0
.text C:\Programme\McAfee\MPF\MPFSrv.exe[1596] WS2_32.dll!recv 71A1676F 5 Bytes JMP 00B72726
.text C:\Programme\McAfee\MPF\MPFSrv.exe[1596] WS2_32.dll!WSASend 71A168FA 5 Bytes JMP 00B7275E
.text C:\WINDOWS\Explorer.EXE[1820] ntdll.dll!NtProtectVirtualMemory 7C91D6EE 5 Bytes JMP 00BC000A
.text C:\WINDOWS\Explorer.EXE[1820] ntdll.dll!NtWriteVirtualMemory 7C91DFAE 5 Bytes JMP 00CA000A
.text C:\WINDOWS\Explorer.EXE[1820] ntdll.dll!KiUserExceptionDispatcher 7C91E47C 5 Bytes JMP 00BB000C

---- Devices - GMER 1.0.15 ----

Device -> \Driver\atapi \Device\Harddisk0\DR0 85A4DEE4

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sector 01: copy of MBR
Disk \Device\Harddisk0\DR0 sector 02: copy of MBR
Disk \Device\Harddisk0\DR0 sector 03: copy of MBR
Disk \Device\Harddisk0\DR0 sector 04: copy of MBR
Disk \Device\Harddisk0\DR0 sector 05: copy of MBR
Disk \Device\Harddisk0\DR0 sector 06: copy of MBR
Disk \Device\Harddisk0\DR0 sector 07: copy of MBR
Disk \Device\Harddisk0\DR0 sector 08: copy of MBR
Disk \Device\Harddisk0\DR0 sector 09: copy of MBR
Disk \Device\Harddisk0\DR0 sector 10: copy of MBR
Disk \Device\Harddisk0\DR0 sector 11: copy of MBR
Disk \Device\Harddisk0\DR0 sector 12: copy of MBR
Disk \Device\Harddisk0\DR0 sector 13: copy of MBR
Disk \Device\Harddisk0\DR0 sector 14: copy of MBR
Disk \Device\Harddisk0\DR0 sector 15: copy of MBR
Disk \Device\Harddisk0\DR0 sector 16: copy of MBR
Disk \Device\Harddisk0\DR0 sector 17: copy of MBR
Disk \Device\Harddisk0\DR0 sector 18: copy of MBR
Disk \Device\Harddisk0\DR0 sector 19: copy of MBR
Disk \Device\Harddisk0\DR0 sector 20: copy of MBR
Disk \Device\Harddisk0\DR0 sector 21: copy of MBR
Disk \Device\Harddisk0\DR0 sector 22: copy of MBR
Disk \Device\Harddisk0\DR0 sector 23: copy of MBR
Disk \Device\Harddisk0\DR0 sector 24: copy of MBR
Disk \Device\Harddisk0\DR0 sector 25: copy of MBR
Disk \Device\Harddisk0\DR0 sector 26: copy of MBR
Disk \Device\Harddisk0\DR0 sector 27: copy of MBR
Disk \Device\Harddisk0\DR0 sector 28: copy of MBR
Disk \Device\Harddisk0\DR0 sector 29: copy of MBR
Disk \Device\Harddisk0\DR0 sector 30: copy of MBR
Disk \Device\Harddisk0\DR0 sector 31: copy of MBR
Disk \Device\Harddisk0\DR0 sector 32: copy of MBR
Disk \Device\Harddisk0\DR0 sector 33: copy of MBR
Disk \Device\Harddisk0\DR0 sector 34: copy of MBR
Disk \Device\Harddisk0\DR0 sector 35: copy of MBR
Disk \Device\Harddisk0\DR0 sector 36: copy of MBR
Disk \Device\Harddisk0\DR0 sector 37: copy of MBR
Disk \Device\Harddisk0\DR0 sector 38: copy of MBR
Disk \Device\Harddisk0\DR0 sector 39: copy of MBR
Disk \Device\Harddisk0\DR0 sector 40: copy of MBR
Disk \Device\Harddisk0\DR0 sector 41: copy of MBR
Disk \Device\Harddisk0\DR0 sector 42: copy of MBR
Disk \Device\Harddisk0\DR0 sector 43: copy of MBR
Disk \Device\Harddisk0\DR0 sector 44: copy of MBR
Disk \Device\Harddisk0\DR0 sector 45: copy of MBR
Disk \Device\Harddisk0\DR0 sector 46: copy of MBR
Disk \Device\Harddisk0\DR0 sector 47: copy of MBR
Disk \Device\Harddisk0\DR0 sector 48: copy of MBR
Disk \Device\Harddisk0\DR0 sector 49: copy of MBR
Disk \Device\Harddisk0\DR0 sector 50: copy of MBR
Disk \Device\Harddisk0\DR0 sector 51: copy of MBR
Disk \Device\Harddisk0\DR0 sector 52: copy of MBR
Disk \Device\Harddisk0\DR0 sector 53: copy of MBR
Disk \Device\Harddisk0\DR0 sector 54: copy of MBR
Disk \Device\Harddisk0\DR0 sector 55: copy of MBR
Disk \Device\Harddisk0\DR0 sector 56: copy of MBR
Disk \Device\Harddisk0\DR0 sector 57: copy of MBR
Disk \Device\Harddisk0\DR0 sector 58: copy of MBR
Disk \Device\Harddisk0\DR0 sector 59: copy of MBR
Disk \Device\Harddisk0\DR0 sector 60: copy of MBR
Disk \Device\Harddisk0\DR0 sector 61: copy of MBR
Disk \Device\Harddisk0\DR0 sector 62: copy of MBR
Disk \Device\Harddisk0\DR0 sector 63: copy of MBR

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----

Thanks for your help and the fast answering

[hammerman]

Hi,

Please follow these steps.

-- Step 1 --

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O4 - HKLM..\Run: [jhaf897ifhdifhsd9fdiujhndd] C:\WINDOWS\System32\svvchost.exe File not found
  O4 - HKCU..\Run: [asrkn_pfu.exe] C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Temp\asrkn_pfu.exe (Microsoft Corporation)
  O4 - HKCU..\Run: [M5T8QL3YW3] C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Temp\Mph.exe ()
  [2010/05/04 18:35:44 | 000,008,212 | ---- | M] () -- C:\WINDOWS\mfebcdata
  [2010/05/04 18:35:30 | 000,000,278 | -H-- | M] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
  [2010/05/01 12:47:05 | 000,165,376 | ---- | M] () -- C:\WINDOWS\Mhizua.exe
  
  :Services
  
  :Reg
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
  "3389:TCP"=-
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
  "3389:TCP"=-
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• This fix will produce a report. Please add this to your reply.

-- Step 2 --

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

-- Step 3 --

Run OTL

• When the window appears, underneath Output at the top change it to Minimal Output.
• Under the Custom Scans/Fixes box paste this in the following.
  
  /md5start
  atapi.sys
  /md5stop
  
  
• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
• When the scan completes, it will open a notepad window, OTL.Txt. This is saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of this file and post it with your next reply.

I see you have been running TDSSKiller. Can you please post the last log it produced (C:\TDSSKiller.2.2.8.1_04.05.2010_18.34.28_log.txt)

[cahele]

OTL logfile created on: 05/05/2010 01:30:02 p.m. - Run 2
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Dokumente und Einstellungen\Caro\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000140A | Country: Costa Rica | Language: ESC | Date Format: dd/MM/yyyy

1.014,00 Mb Total Physical Memory | 757,00 Mb Available Physical Memory | 75,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 94,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 145,32 Gb Total Space | 133,00 Gb Free Space | 91,52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CAROHERRERA
Current User Name: Caro
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Dokumente und Einstellungen\Caro\Desktop\OTL.exe (OldTimer Tools)
PRC - c:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Dokumente und Einstellungen\Caro\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (ACDaemon) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Programme\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Programme\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Programme\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (McProxy) -- c:\Programme\Gemeinsame Dateien\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\Programme\Gemeinsame Dateien\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (SOHDms) -- C:\Programme\Gemeinsame Dateien\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Programme\Gemeinsame Dateien\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (SOHPlMgr) -- C:\Programme\Gemeinsame Dateien\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Programme\Gemeinsame Dateien\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (SOHDBSvr) -- C:\Programme\Gemeinsame Dateien\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VCFw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (uCamMonitor) -- C:\Programme\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Programme\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (IviRegMgr) -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Driver Services (SafeList) ==========

DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (MPFP) -- C:\WINDOWS\system32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (L1c) -- C:\WINDOWS\system32\drivers\l1c51x86.sys (Atheros Communications, Inc.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\ambfilt.sys (Creative)
DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (5U876UVC) -- C:\WINDOWS\system32\drivers\5U876.sys (Ricoh co.,Ltd.)
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (risdptsk) -- C:\WINDOWS\system32\drivers\risdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (ArcSoftKsUFilter) -- C:\WINDOWS\system32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (Changer) -- C:\WINDOWS\system32\drivers\changer.sys (Microsoft Corporation)
DRV - (lbrtfdc) -- C:\WINDOWS\system32\drivers\lbrtfdc.sys (Toshiba Corp.)
DRV - (regi) -- C:\WINDOWS\system32\drivers\regi.sys (InterVideo)
DRV - (AWINDIS5) -- C:\WINDOWS\system32\AWINDIS5.SYS (AMBIT Microsystems Corporation.)
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.live.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.live.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Programme\McAfee\SiteAdvisor [2010/05/04 18:36:17 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2008/12/25 05:31:46 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AzMixerSel] C:\Programme\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [jhaf897ifhdifhsd9fdiujhndd] C:\WINDOWS\System32\svvchost.exe File not found
O4 - HKLM..\Run: [mcagent_exe] C:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Programme\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Programme\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Switcher.exe] C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIO Update 4] C:\Programme\Sony\VAIO Update 4\VAIOUpdt.exe (Sony Corporation)
O4 - HKCU..\Run: [asrkn_pfu.exe] C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Temp\asrkn_pfu.exe (Microsoft Corporation)
O4 - HKCU..\Run: [M5T8QL3YW3] C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Temp\Mph.exe ()
O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\VAIO Flavored Wallpaper 1024x600.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\VAIO Flavored Wallpaper 1024x600.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/18 16:23:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/04 21:23:46 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys
[2010/05/04 18:33:53 | 000,000,000 | ---D | C] -- C:\Programme\Digital Protection
[2010/05/04 18:29:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/05/04 15:40:51 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Caro\Desktop\OTL.exe
[2010/05/02 19:00:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Desktop\tdsskiller
[2010/05/01 19:58:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Malwarebytes
[2010/05/01 19:50:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/01 19:50:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010/05/01 19:50:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/01 19:50:53 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010/05/01 19:20:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia
[2010/05/01 19:19:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe
[2010/05/01 17:30:52 | 000,000,000 | ---D | C] -- C:\Programme\AxBx
[2010/05/01 12:49:40 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys
[2010/05/01 12:49:40 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2010/05/01 12:49:36 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\changer.sys
[2010/05/01 12:49:36 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2010/05/01 12:49:31 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys
[2010/05/01 12:47:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\9056589C0AB5F79B5F8A8DB3FCF89729
[2010/05/01 12:39:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/04/27 21:58:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/04/27 21:58:16 | 000,000,000 | ---D | C] -- C:\Programme\MSBuild
[2010/04/27 21:58:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/04/27 21:58:04 | 000,000,000 | ---D | C] -- C:\Programme\Reference Assemblies
[2010/04/27 21:57:27 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2010/04/27 21:57:27 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2010/04/27 21:57:27 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2010/04/27 21:57:26 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2010/04/27 21:57:26 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2010/04/27 21:57:26 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2010/04/27 21:57:25 | 000,000,000 | ---D | C] -- C:\99f95159b85f4aa5ad24
[2010/04/27 21:49:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/04/27 15:15:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe
[2010/04/26 17:29:07 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010/04/25 16:05:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\ArcSoft
[2010/04/25 11:24:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\Ares
[2010/04/25 11:24:41 | 000,000,000 | ---D | C] -- C:\Programme\Ares
[2010/04/25 11:01:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Eigene Dateien\Meine empfangenen Dateien
[2010/04/25 10:58:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Tracing
[2010/04/25 10:46:05 | 000,273,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2010/04/25 10:45:51 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2010/04/25 10:45:47 | 002,148,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/04/25 10:45:46 | 002,027,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/04/25 10:45:45 | 002,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2010/04/25 10:45:28 | 000,455,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010/04/25 10:45:23 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/04/25 10:40:29 | 000,765,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2010/04/25 10:40:14 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2010/04/25 10:40:13 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2010/04/25 10:39:34 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/04/25 10:38:35 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2010/04/25 10:36:06 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll
[2010/04/25 10:16:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/04/24 22:30:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Apple Computer
[2010/04/24 22:29:33 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2010/04/24 22:27:47 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010/04/24 22:27:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/24 22:27:35 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2010/04/24 22:25:52 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2010/04/24 22:25:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer
[2010/04/24 22:25:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\Apple
[2010/04/24 22:25:25 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update
[2010/04/24 22:25:12 | 003,003,680 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2010/04/24 22:24:17 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2010/04/24 22:23:56 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Apple
[2010/04/24 22:23:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple
[2010/04/24 22:23:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\Apple Computer
[2010/04/24 22:09:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Google
[2010/04/24 21:56:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\Temp
[2010/04/24 21:56:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google
[2010/04/24 21:52:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ArcSoft
[2010/04/24 21:52:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\ArcSoft
[2010/04/24 21:51:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google
[2010/04/24 21:51:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\skypePM
[2010/04/24 21:51:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\Google
[2010/04/24 21:50:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Skype
[2010/04/24 21:50:21 | 000,000,000 | ---D | C] -- C:\Programme\Google
[2010/04/24 21:50:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google
[2010/04/24 21:50:05 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype
[2010/04/24 21:49:57 | 000,000,000 | R--D | C] -- C:\Programme\Skype
[2010/04/24 21:45:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Macromedia
[2010/04/24 21:44:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\SACore
[2010/04/24 17:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/04/24 17:45:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Adobe
[2010/04/24 16:38:56 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Microsoft
[2010/04/24 16:38:56 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten
[2010/04/24 16:38:56 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Caro\Eigene Dateien\Eigene Musik
[2010/04/24 16:38:56 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Caro\Eigene Dateien
[2010/04/24 16:38:56 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Caro\Eigene Dateien\Eigene Bilder
[2010/04/24 16:38:56 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Caro\Cookies
[2010/04/24 16:38:56 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Caro\Druckumgebung
[2010/04/24 16:38:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Sun
[2010/04/24 16:38:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Sony Corporation
[2010/04/24 16:38:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\InstallShield
[2010/04/24 16:38:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Identities
[2010/04/24 16:38:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Desktop
[2010/04/24 16:38:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Eigene Dateien\Bluetooth-Exchange-Ordner
[2010/04/24 16:38:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Bluetooth Software
[2010/04/24 16:38:55 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Caro\Favoriten
[2010/04/24 16:38:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2010/04/24 16:38:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\ApplicationHistory
[2010/04/24 16:38:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\Adobe
[2010/04/24 16:38:54 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Caro\SendTo
[2010/04/24 16:38:54 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Caro\Recent
[2010/04/24 16:38:54 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Caro\Startmenü
[2010/04/24 16:38:54 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Caro\Vorlagen
[2010/04/24 16:38:54 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Caro\Netzwerkumgebung
[2010/04/24 16:38:54 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen
[2010/04/24 16:37:52 | 000,000,000 | ---D | C] -- C:\Programme\Programmverknüpfungen
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/05 13:18:41 | 000,011,541 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/05/05 13:18:31 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/05 13:18:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/04 21:25:55 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/04 18:35:53 | 002,621,440 | -H-- | M] () -- C:\Dokumente und Einstellungen\Caro\NTUSER.DAT
[2010/05/04 18:35:44 | 000,008,212 | ---- | M] () -- C:\WINDOWS\mfebcdata
[2010/05/04 18:35:44 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/04 18:35:39 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Caro\ntuser.ini
[2010/05/04 18:35:32 | 003,228,748 | -H-- | M] () -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010/05/04 18:35:30 | 000,000,278 | -H-- | M] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/05/04 18:23:04 | 000,001,008 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/04 15:41:09 | 000,284,915 | ---- | M] () -- C:\Dokumente und Einstellungen\Caro\Desktop\gmer.zip
[2010/05/04 15:40:54 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Caro\Desktop\OTL.exe
[2010/05/04 15:29:23 | 000,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2010/05/02 22:01:04 | 000,001,012 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/01 19:50:58 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/01 12:47:05 | 000,165,376 | ---- | M] () -- C:\WINDOWS\Mhizua.exe
[2010/04/30 22:31:51 | 000,458,822 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010/04/30 22:31:51 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/30 22:31:51 | 000,084,326 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010/04/30 22:31:51 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/30 22:31:49 | 001,069,904 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/29 19:57:28 | 000,003,584 | ---- | M] () -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/29 17:14:55 | 000,015,672 | ---- | M] () -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 20:28:00 | 000,106,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/27 15:14:07 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/25 14:53:40 | 000,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/25 14:53:35 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/04/25 14:53:34 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/04/25 11:24:45 | 000,000,598 | ---- | M] () -- C:\Dokumente und Einstellungen\Caro\Desktop\Ares.lnk
[2010/04/25 11:14:53 | 000,000,104 | ---- | M] () -- C:\Dokumente und Einstellungen\Caro\Desktop\Internet.lnk
[2010/04/24 22:26:39 | 000,001,584 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk
[2010/04/24 22:25:31 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/24 21:51:15 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/04/24 16:39:11 | 000,000,000 | RH-- | M] () -- C:\WINDOWS\System32\drivers\104D_Sony_VPCW11S1E.mrk
[2010/04/24 16:38:03 | 000,000,155 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/04/24 16:38:01 | 000,262,144 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\NTUSER.DAT
[2010/04/24 16:37:59 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/04/24 16:37:52 | 000,005,208 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2010/04/24 16:32:02 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/04 18:35:44 | 000,008,212 | ---- | C] () -- C:\WINDOWS\mfebcdata
[2010/05/04 15:41:09 | 000,284,915 | ---- | C] () -- C:\Dokumente und Einstellungen\Caro\Desktop\gmer.zip
[2010/05/02 12:55:25 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/01 19:50:58 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/01 13:08:54 | 000,000,278 | -H-- | C] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/05/01 12:48:03 | 000,165,376 | ---- | C] () -- C:\WINDOWS\Mhizua.exe
[2010/04/29 19:57:28 | 000,003,584 | ---- | C] () -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/25 14:53:34 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/04/25 14:53:34 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/04/25 11:24:45 | 000,000,598 | ---- | C] () -- C:\Dokumente und Einstellungen\Caro\Desktop\Ares.lnk
[2010/04/25 11:14:53 | 000,000,104 | ---- | C] () -- C:\Dokumente und Einstellungen\Caro\Desktop\Internet.lnk
[2010/04/24 22:29:37 | 000,002,121 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2010/04/24 22:26:39 | 000,001,584 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk
[2010/04/24 22:25:31 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/24 21:51:15 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/04/24 21:51:14 | 000,001,012 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/24 21:51:14 | 000,001,008 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/24 16:39:11 | 000,000,000 | RH-- | C] () -- C:\WINDOWS\System32\drivers\104D_Sony_VPCW11S1E.mrk
[2010/04/24 16:38:58 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010/04/24 16:38:54 | 000,421,888 | -H-- | C] () -- C:\Dokumente und Einstellungen\Caro\ntuser.dat.LOG
[2010/04/24 16:38:54 | 000,000,190 | -HS- | C] () -- C:\Dokumente und Einstellungen\Caro\ntuser.ini
[2010/04/24 16:38:53 | 002,621,440 | -H-- | C] () -- C:\Dokumente und Einstellungen\Caro\NTUSER.DAT
[2010/04/24 16:38:00 | 000,262,144 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\NTUSER.DAT
[2010/04/24 16:38:00 | 000,001,024 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\NTUSER.DAT.LOG
[2009/06/19 10:30:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/06/19 09:34:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2009/06/19 02:09:08 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/06/18 17:21:19 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\WLanDLL.dll
[2009/06/18 17:08:51 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/05/08 15:08:42 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2005/02/17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/06/18 16:23:21 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/04/24 16:37:59 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2008/12/25 05:30:59 | 000,004,952 | RHS- | M] () -- C:\bootfont.bin
[2009/06/18 16:23:21 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/06/18 16:23:21 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/06/18 16:23:21 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/12/25 05:32:58 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/12/25 05:32:59 | 000,251,712 | RHS- | M] () -- C:\ntldr
[2010/05/05 13:17:55 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2010/05/02 19:17:37 | 000,000,603 | ---- | M] () -- C:\rkill.log
[2010/05/02 19:00:34 | 000,032,200 | ---- | M] () -- C:\TDSSKiller.2.2.8.1_02.05.2010_19.00.30_log.txt
[2010/05/02 19:15:25 | 000,032,200 | ---- | M] () -- C:\TDSSKiller.2.2.8.1_02.05.2010_19.15.20_log.txt
[2010/05/02 19:20:45 | 000,031,120 | ---- | M] () -- C:\TDSSKiller.2.2.8.1_02.05.2010_19.20.44_log.txt
[2010/05/02 19:21:02 | 000,031,120 | ---- | M] () -- C:\TDSSKiller.2.2.8.1_02.05.2010_19.21.01_log.txt
[2010/05/02 21:36:42 | 000,032,200 | ---- | M] () -- C:\TDSSKiller.2.2.8.1_02.05.2010_21.36.39_log.txt
[2010/05/03 21:40:37 | 000,032,222 | ---- | M] () -- C:\TDSSKiller.2.2.8.1_03.05.2010_21.40.35_log.txt
[2010/05/04 18:34:32 | 000,032,200 | ---- | M] () -- C:\TDSSKiller.2.2.8.1_04.05.2010_18.34.28_log.txt

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/06/18 18:15:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/06/18 18:15:02 | 001,069,056 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/06/18 18:15:01 | 000,442,368 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/05/04 18:36:12 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atapi.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/17 16:52:48 | 000,079,816 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys
[2010/02/17 16:52:48 | 000,035,272 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys
[2010/02/17 16:52:48 | 000,214,664 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys
[2010/02/17 16:52:10 | 000,034,248 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys
[2010/02/17 16:52:48 | 000,040,552 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys
[2010/02/24 15:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/02/11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
< End of report >

ComboFix 10-05-05.02 - Caro 05/05/2010 21:29:13.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1014.567 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Caro\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Im Speicher befindliches AV aktiv.

.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\dokumente und einstellungen\Caro\Anwendungsdaten\9056589C0AB5F79B5F8A8DB3FCF89729
c:\dokumente und einstellungen\Caro\Anwendungsdaten\9056589C0AB5F79B5F8A8DB3FCF89729\enemies-names.txt
c:\dokumente und einstellungen\Caro\Anwendungsdaten\9056589C0AB5F79B5F8A8DB3FCF89729\lsrslt.ini
c:\dokumente und einstellungen\Caro\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Digital Protection.lnk
c:\programme\Digital Protection
c:\programme\Digital Protection\about.ico
c:\programme\Digital Protection\activate.ico
c:\programme\Digital Protection\buy.ico
c:\programme\Digital Protection\dig.db
c:\programme\Digital Protection\digext.dll
c:\programme\Digital Protection\dighook.dll
c:\programme\Digital Protection\help.ico
c:\programme\Digital Protection\scan.ico
c:\programme\Digital Protection\settings.ico
c:\programme\Digital Protection\Uninstall.exe
c:\programme\Digital Protection\update.ico
c:\programme\WindowsUpdate
c:\recycler\S-1-5-21-1349688397-2566318103-2350713343-1003

Infizierte Kopie von c:\windows\system32\drivers\netbt.sys wurde gefunden und desinfiziert
Kopie von - Kitty had a snack wurde wiederhergestellt
.
original MBR restored successfully !
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PRAGMAxrenemnbdm
-------\Legacy_SSHNAS
-------\Service_PRAGMAxrenemnbdm


((((((((((((((((((((((( Dateien erstellt von 2010-04-05 bis 2010-05-05 ))))))))))))))))))))))))))))))
.

2010-05-05 19:01 . 2010-05-05 19:01 -------- d-----w- C:\_OTL
2010-05-04 19:23 . 2008-04-13 22:15 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-05-02 10:55 . 2010-05-04 19:25 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-01 17:58 . 2010-05-01 17:58 -------- d-----w- c:\dokumente und einstellungen\Caro\Anwendungsdaten\Malwarebytes
2010-05-01 17:50 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-01 17:50 . 2010-05-01 17:50 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-05-01 17:50 . 2010-05-01 17:50 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2010-05-01 17:50 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-01 10:49 . 2008-04-13 22:10 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-05-01 10:49 . 2008-04-13 22:10 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-05-01 10:49 . 2008-04-13 22:11 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-05-01 10:49 . 2008-04-13 22:11 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-05-01 10:49 . 2008-04-13 22:11 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-05-01 10:49 . 2008-04-13 22:11 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-05-01 10:39 . 2010-05-01 10:39 -------- d-----w- c:\windows\Sun
2010-04-27 19:58 . 2010-04-27 19:58 -------- d-----w- c:\windows\system32\XPSViewer
2010-04-27 19:58 . 2010-04-27 19:58 -------- d-----w- c:\programme\MSBuild
2010-04-27 19:58 . 2010-04-27 19:58 -------- d-----w- c:\programme\Reference Assemblies
2010-04-27 19:57 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-04-27 19:57 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-04-27 19:57 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-04-27 19:57 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-04-27 19:57 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-04-27 19:57 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-04-27 19:57 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-04-27 19:57 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-04-27 19:57 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-04-27 19:57 . 2010-04-27 19:57 -------- d-----w- C:\99f95159b85f4aa5ad24
2010-04-26 15:29 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-25 14:05 . 2010-04-25 14:05 -------- d-----w- c:\dokumente und einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\ArcSoft
2010-04-25 09:24 . 2010-04-25 09:24 -------- d-----w- c:\dokumente und einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\Ares
2010-04-25 09:24 . 2010-04-25 09:24 -------- d-----w- c:\programme\Ares
2010-04-25 08:58 . 2010-05-04 16:26 -------- d-----w- c:\dokumente und einstellungen\Caro\Tracing
2010-04-25 08:46 . 2008-06-14 17:32 273024 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-04-25 08:45 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-04-25 08:45 . 2010-02-16 19:04 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-04-25 08:45 . 2010-02-16 19:04 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-04-25 08:45 . 2010-02-16 19:04 2069120 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-04-25 08:45 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-04-25 08:45 . 2009-11-21 15:54 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-04-25 08:40 . 2008-05-27 17:23 765952 -c----w- c:\windows\system32\dllcache\vgx.dll
2010-04-25 08:40 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-04-25 08:40 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-04-25 08:39 . 2009-06-21 21:45 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-04-25 08:39 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-04-25 08:38 . 2009-07-31 04:32 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2010-04-25 08:38 . 2009-07-10 13:26 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-04-25 08:36 . 2009-08-13 15:15 512000 -c----w- c:\windows\system32\dllcache\jscript.dll
2010-04-24 20:30 . 2010-04-25 08:35 -------- d-----w- c:\dokumente und einstellungen\Caro\Anwendungsdaten\Apple Computer
2010-04-24 20:29 . 2009-05-18 11:17 26600 ----a-w- c:\windows\system32\drivers\gearaspiwdm.sys
2010-04-24 20:29 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-04-24 20:27 . 2010-04-24 20:27 -------- d-----w- c:\programme\iPod
2010-04-24 20:27 . 2010-04-24 20:29 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-24 20:27 . 2010-04-24 20:29 -------- d-----w- c:\programme\iTunes
2010-04-24 20:25 . 2010-04-24 20:26 -------- d-----w- c:\programme\QuickTime
2010-04-24 20:25 . 2010-04-24 20:27 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple Computer
2010-04-24 20:25 . 2010-04-24 20:25 -------- d-----w- c:\dokumente und einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\Apple
2010-04-24 20:25 . 2010-04-24 20:25 -------- d-----w- c:\programme\Apple Software Update
2010-04-24 20:25 . 2009-10-16 00:33 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-24 20:25 . 2009-10-16 00:33 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-24 20:24 . 2010-04-24 20:24 -------- d-----w- c:\programme\Bonjour
2010-04-24 20:23 . 2010-04-24 20:24 -------- d-----w- c:\programme\Gemeinsame Dateien\Apple
2010-04-24 20:23 . 2010-04-24 20:23 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple
2010-04-24 20:23 . 2010-04-24 20:30 -------- d-----w- c:\dokumente und einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\Apple Computer
2010-04-24 19:56 . 2010-04-24 19:56 -------- d-----w- c:\dokumente und einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\Temp
2010-04-24 19:56 . 2010-04-24 19:56 -------- d-----w- c:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google
2010-04-24 19:52 . 2010-04-24 19:52 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\ArcSoft
2010-04-24 19:52 . 2010-04-24 19:52 -------- d-----w- c:\dokumente und einstellungen\Caro\Anwendungsdaten\ArcSoft
2010-04-24 19:51 . 2010-04-24 19:51 -------- d-----w- c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google
2010-04-24 19:51 . 2010-04-24 19:51 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-04-24 19:51 . 2010-05-04 18:26 -------- d-----w- c:\dokumente und einstellungen\Caro\Anwendungsdaten\skypePM
2010-04-24 19:51 . 2010-04-24 20:09 -------- d-----w- c:\dokumente und einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\Google
2010-04-24 19:50 . 2010-05-04 19:48 -------- d-----w- c:\dokumente und einstellungen\Caro\Anwendungsdaten\Skype
2010-04-24 19:50 . 2010-04-24 19:51 -------- d-----w- c:\programme\Google
2010-04-24 19:50 . 2010-04-24 19:50 -------- d-----w- c:\programme\Gemeinsame Dateien\Skype
2010-04-24 19:49 . 2010-04-24 19:50 -------- d-----r- c:\programme\Skype
2010-04-24 19:44 . 2010-04-30 13:37 -------- d-----w- c:\dokumente und einstellungen\LocalService\Anwendungsdaten\SACore
2010-04-24 14:37 . 2009-07-20 22:22 -------- d-----r- c:\dokumente und einstellungen\Default User\Eigene Dateien
2010-04-24 14:37 . 2009-06-18 15:17 -------- d-----w- c:\dokumente und einstellungen\Default User\Bluetooth Software
2010-04-24 14:37 . 2010-04-24 14:37 -------- d-----w- c:\programme\Programmverknüpfungen

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-05 19:32 . 2009-06-19 00:08 84722 ----a-w- c:\windows\system32\perfc007.dat
2010-05-05 19:32 . 2009-06-19 00:08 459396 ----a-w- c:\windows\system32\perfh007.dat
2010-05-05 19:25 . 2009-06-19 00:08 0 ----a-w- c:\windows\system32\drivers\NetBT.sys
2010-05-04 16:36 . 2008-04-14 00:10 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-05-04 16:29 . 2009-06-19 07:19 -------- d-----w- c:\programme\McAfee
2010-05-03 18:33 . 2009-06-18 14:22 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-29 15:14 . 2010-04-24 14:38 15672 ----a-w- c:\dokumente und einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2010-04-25 09:07 . 2009-06-18 14:48 -------- d-----w- c:\programme\Windows Media Connect 2
2010-04-24 19:53 . 2009-06-18 15:11 -------- d--h--w- c:\programme\InstallShield Installation Information
2010-04-24 19:49 . 2009-06-19 07:31 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Skype
2010-04-24 14:42 . 2009-06-19 07:19 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\McAfee
2010-04-24 14:39 . 2010-04-24 14:39 0 ---ha-r- c:\windows\system32\drivers\104D_Sony_VPCW11S1E.mrk
2010-03-25 23:48 . 2010-03-25 23:48 73000 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-03-11 12:31 . 2009-06-19 00:08 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:31 . 2009-06-19 00:08 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:31 . 2009-06-19 00:08 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2009-06-19 00:08 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-24 13:11 . 2009-06-19 00:08 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 14:52 . 2009-06-19 07:22 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-02-17 14:52 . 2009-06-19 07:22 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2010-02-17 14:52 . 2009-06-19 07:22 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-02-17 14:52 . 2009-06-19 07:22 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-02-17 14:52 . 2009-06-19 07:23 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2010-02-16 19:04 . 2008-04-14 07:30 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 19:04 . 2008-04-14 07:29 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-12 09:46 . 2010-02-12 09:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 09:46 . 2010-02-12 09:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 04:33 . 2009-06-19 00:08 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2009-06-19 00:08 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-24 39408]
"msnmsgr"="c:\programme\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-11 137752]
"AzMixerSel"="c:\programme\Realtek\Audio\Drivers\AzMixerSel.exe" [2009-05-08 53248]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2009-05-15 1512744]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-12-03 35184]
"ISBMgr.exe"="c:\programme\Sony\ISB Utility\ISBMgr.exe" [2008-05-15 315392]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-07 1176808]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-06-19 136600]
"SonyPowerCfg"="c:\programme\Sony\VAIO Power Management\SPMgr.exe" [2009-03-26 217088]
"VAIO Update 4"="c:\programme\Sony\VAIO Update 4\VAIOUpdt.exe" [2008-06-11 866144]
"Switcher.exe"="c:\programme\Sony\Wireless Switch Setting Utility\Switcher.exe" [2009-05-26 552960]
"NortonOnlineBackupReminder"="c:\programme\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-01-16 503976]
"mcagent_exe"="c:\programme\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2010-03-25 142120]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-12-25 15360]

c:\dokumente und einstellungen\All Users\Startmen�\Programme\Autostart\
BTTray.lnk - c:\programme\WIDCOMM\Bluetooth Software\BTTray.exe [2009-5-8 607584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-03-18 07:02 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Gemeinsame Dateien\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"5246:TCP"= 5246:TCP:Services
"8992:TCP"= 8992:TCP:Services
"6832:TCP"= 6832:TCP:Services
"6833:TCP"= 6833:TCP:Services

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\programme\McAfee\SiteAdvisor\McSACore.exe [19/06/2009 09:27 a.m. 198432]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [17/04/2007 08:09 p.m. 11032]
R2 uCamMonitor;CamMonitor;c:\programme\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [19/06/2009 09:18 a.m. 104960]
R2 VCFw;VAIO Content Folder Watcher;c:\programme\Gemeinsame Dateien\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [14/01/2009 01:38 p.m. 5184872]
R3 5U876UVC;Sony Visual Communication Camera;c:\windows\system32\drivers\5U876.sys [18/06/2009 05:17 p.m. 91776]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [19/06/2009 09:18 a.m. 14336]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [18/06/2009 05:18 p.m. 39424]
S2 gupdate;Servicio de actualización de Google (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [24/04/2010 09:51 p.m. 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\ambfilt.sys [18/06/2009 05:11 p.m. 1684736]
S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [18/06/2009 05:21 p.m. 16194]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [01/05/2010 07:50 p.m. 38224]
S3 SOHCImp;VAIO Media plus Content Importer;c:\programme\Gemeinsame Dateien\Sony Shared\SOHLib\SOHCImp.exe [19/06/2009 09:33 a.m. 120104]
S3 SOHDBSvr;VAIO Media plus Database Manager;c:\programme\Gemeinsame Dateien\Sony Shared\SOHLib\SOHDBSvr.exe [19/06/2009 09:33 a.m. 70952]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\programme\Gemeinsame Dateien\Sony Shared\SOHLib\SOHDms.exe [19/06/2009 09:33 a.m. 390440]
S3 SOHDs;VAIO Media plus Device Searcher;c:\programme\Gemeinsame Dateien\Sony Shared\SOHLib\SOHDs.exe [19/06/2009 09:33 a.m. 75048]
S3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\programme\Gemeinsame Dateien\Sony Shared\SOHLib\SOHPlMgr.exe [19/06/2009 09:33 a.m. 91432]
.
Inhalt des "geplante Tasks" Ordners

2010-04-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]

2010-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-04-24 19:50]

2010-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-04-24 19:50]

2009-06-19 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-19 10:22]

2009-06-19 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-19 10:22]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://home.live.com
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

SafeBoot-klmdb.sys
AddRemove-Digital Protection - c:\programme\Digital Protection\Pklkvqdii+`}`



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-05 21:46
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(808)
c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'explorer.exe'(3220)
c:\programme\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\GEMEIN~1\mcafee\mna\mcnasvc.exe
c:\progra~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe
c:\programme\McAfee\VirusScan\McShield.exe
c:\programme\McAfee\MPF\MPFSrv.exe
c:\programme\McAfee\MSK\MskSrver.exe
c:\programme\Sony\VAIO Event Service\VESMgr.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\igfxsrvc.exe
c:\programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\msiexec.exe
c:\programme\iPod\bin\iPodService.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-05-05 21:51:41 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-05-05 19:51

Vor Suchlauf: 9 Verzeichnis(se), 141.992.206.336 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 141.926.301.696 Bytes frei

WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - A64A0BDF53BD2C085E065247450AF383

OTL logfile created on: 06/05/2010 06:56:45 p.m. - Run 3
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Dokumente und Einstellungen\Caro\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000140A | Country: Costa Rica | Language: ESC | Date Format: dd/MM/yyyy

1.014,00 Mb Total Physical Memory | 799,00 Mb Available Physical Memory | 79,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 96,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 145,32 Gb Total Space | 133,20 Gb Free Space | 91,66% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 1,88 Gb Total Space | 0,98 Gb Free Space | 52,17% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CAROHERRERA
Current User Name: Caro
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Dokumente und Einstellungen\Caro\Desktop\OTL.exe (OldTimer Tools)
PRC - c:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Dokumente und Einstellungen\Caro\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (ACDaemon) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Programme\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Programme\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Programme\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (McProxy) -- c:\Programme\Gemeinsame Dateien\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\Programme\Gemeinsame Dateien\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (SOHDms) -- C:\Programme\Gemeinsame Dateien\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Programme\Gemeinsame Dateien\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (SOHPlMgr) -- C:\Programme\Gemeinsame Dateien\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Programme\Gemeinsame Dateien\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (SOHDBSvr) -- C:\Programme\Gemeinsame Dateien\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VCFw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (uCamMonitor) -- C:\Programme\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Programme\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (IviRegMgr) -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Driver Services (SafeList) ==========

DRV - (NetBT) -- C:\WINDOWS\system32\drivers\NetBT.sys ()
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (MPFP) -- C:\WINDOWS\system32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (L1c) -- C:\WINDOWS\system32\drivers\l1c51x86.sys (Atheros Communications, Inc.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\ambfilt.sys (Creative)
DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (5U876UVC) -- C:\WINDOWS\system32\drivers\5U876.sys (Ricoh co.,Ltd.)
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (risdptsk) -- C:\WINDOWS\system32\drivers\risdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (ArcSoftKsUFilter) -- C:\WINDOWS\system32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (Changer) -- C:\WINDOWS\system32\drivers\changer.sys (Microsoft Corporation)
DRV - (lbrtfdc) -- C:\WINDOWS\system32\drivers\lbrtfdc.sys (Toshiba Corp.)
DRV - (regi) -- C:\WINDOWS\system32\drivers\regi.sys (InterVideo)
DRV - (AWINDIS5) -- C:\WINDOWS\system32\AWINDIS5.SYS (AMBIT Microsystems Corporation.)
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.live.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Programme\McAfee\SiteAdvisor [2010/05/04 18:36:17 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/05/05 21:45:47 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AzMixerSel] C:\Programme\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Programme\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Programme\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Switcher.exe] C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIO Update 4] C:\Programme\Sony\VAIO Update 4\VAIOUpdt.exe (Sony Corporation)
O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\VAIO Flavored Wallpaper 1024x600.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\VAIO Flavored Wallpaper 1024x600.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/18 16:23:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/05/05 22:15:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/05/05 21:23:04 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/05/05 21:20:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/05/05 21:20:56 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/05/05 21:20:56 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/05/05 21:20:56 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/05 21:20:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/05 21:20:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/05 21:01:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/04 15:40:51 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Caro\Desktop\OTL.exe
[2010/05/02 19:00:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Desktop\tdsskiller
[2010/05/01 19:58:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Malwarebytes
[2010/05/01 19:50:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/01 19:50:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010/05/01 19:50:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/01 19:50:53 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010/05/01 19:20:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia
[2010/05/01 19:19:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe
[2010/05/01 12:39:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/04/27 21:58:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/04/27 21:58:16 | 000,000,000 | ---D | C] -- C:\Programme\MSBuild
[2010/04/27 21:58:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/04/27 21:58:04 | 000,000,000 | ---D | C] -- C:\Programme\Reference Assemblies
[2010/04/27 21:57:25 | 000,000,000 | ---D | C] -- C:\99f95159b85f4aa5ad24
[2010/04/27 21:49:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/04/27 15:15:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe
[2010/04/25 16:05:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\ArcSoft
[2010/04/25 11:24:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\Ares
[2010/04/25 11:24:41 | 000,000,000 | ---D | C] -- C:\Programme\Ares
[2010/04/25 11:01:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Eigene Dateien\Meine empfangenen Dateien
[2010/04/25 10:58:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Tracing
[2010/04/25 10:16:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/04/24 22:30:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Apple Computer
[2010/04/24 22:27:47 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010/04/24 22:27:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/24 22:27:35 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2010/04/24 22:25:52 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2010/04/24 22:25:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer
[2010/04/24 22:25:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\Apple
[2010/04/24 22:25:25 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update
[2010/04/24 22:24:17 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2010/04/24 22:23:56 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Apple
[2010/04/24 22:23:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple
[2010/04/24 22:23:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\Apple Computer
[2010/04/24 22:09:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Google
[2010/04/24 21:56:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\Temp
[2010/04/24 21:56:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google
[2010/04/24 21:52:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ArcSoft
[2010/04/24 21:52:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\ArcSoft
[2010/04/24 21:51:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google
[2010/04/24 21:51:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\skypePM
[2010/04/24 21:51:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\Google
[2010/04/24 21:50:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Skype
[2010/04/24 21:50:21 | 000,000,000 | ---D | C] -- C:\Programme\Google
[2010/04/24 21:50:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google
[2010/04/24 21:50:05 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype
[2010/04/24 21:49:57 | 000,000,000 | R--D | C] -- C:\Programme\Skype
[2010/04/24 21:45:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Macromedia
[2010/04/24 21:44:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\SACore
[2010/04/24 17:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/04/24 17:45:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Adobe
[2010/04/24 16:38:56 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Microsoft
[2010/04/24 16:38:56 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten
[2010/04/24 16:38:56 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Caro\Eigene Dateien\Eigene Musik
[2010/04/24 16:38:56 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Caro\Eigene Dateien
[2010/04/24 16:38:56 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Caro\Eigene Dateien\Eigene Bilder
[2010/04/24 16:38:56 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Caro\Cookies
[2010/04/24 16:38:56 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Caro\Druckumgebung
[2010/04/24 16:38:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Sun
[2010/04/24 16:38:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Sony Corporation
[2010/04/24 16:38:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\InstallShield
[2010/04/24 16:38:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Identities
[2010/04/24 16:38:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Desktop
[2010/04/24 16:38:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Eigene Dateien\Bluetooth-Exchange-Ordner
[2010/04/24 16:38:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Bluetooth Software
[2010/04/24 16:38:55 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Caro\Favoriten
[2010/04/24 16:38:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2010/04/24 16:38:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\ApplicationHistory
[2010/04/24 16:38:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\Adobe
[2010/04/24 16:38:54 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Caro\SendTo
[2010/04/24 16:38:54 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Caro\Recent
[2010/04/24 16:38:54 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Caro\Startmenü
[2010/04/24 16:38:54 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Caro\Vorlagen
[2010/04/24 16:38:54 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Caro\Netzwerkumgebung
[2010/04/24 16:38:54 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen
[2010/04/24 16:37:52 | 000,000,000 | ---D | C] -- C:\Programme\Programmverknüpfungen

========== Files - Modified Within 90 Days ==========

[2010/05/06 18:50:18 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/06 18:49:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/05 22:16:13 | 000,011,931 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/05/05 22:16:12 | 002,621,440 | -H-- | M] () -- C:\Dokumente und Einstellungen\Caro\NTUSER.DAT
[2010/05/05 22:16:12 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Caro\ntuser.ini
[2010/05/05 22:16:10 | 003,712,656 | -H-- | M] () -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010/05/05 22:03:51 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/05 22:03:50 | 000,008,212 | ---- | M] () -- C:\WINDOWS\mfebcdata
[2010/05/05 22:01:07 | 000,001,012 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/05 22:01:01 | 000,001,008 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/05 21:46:21 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/05 21:45:47 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/05/05 21:32:26 | 001,069,904 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/05 21:32:26 | 000,459,396 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010/05/05 21:32:26 | 000,441,458 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/05 21:32:26 | 000,084,722 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010/05/05 21:32:26 | 000,071,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/05 21:25:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\NetBT.sys
[2010/05/05 21:23:10 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/05/05 20:52:37 | 003,946,612 | R--- | M] () -- C:\Dokumente und Einstellungen\Caro\Desktop\ComboFix.exe
[2010/05/04 21:25:55 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/04 15:41:09 | 000,284,915 | ---- | M] () -- C:\Dokumente und Einstellungen\Caro\Desktop\gmer.zip
[2010/05/04 15:40:54 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Caro\Desktop\OTL.exe
[2010/05/04 15:29:23 | 000,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2010/05/01 19:50:58 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/29 19:57:28 | 000,003,584 | ---- | M] () -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/29 17:14:55 | 000,015,672 | ---- | M] () -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 20:28:00 | 000,106,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/27 15:14:07 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/25 14:53:40 | 000,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/25 14:53:35 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/04/25 14:53:34 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/04/25 11:24:45 | 000,000,598 | ---- | M] () -- C:\Dokumente und Einstellungen\Caro\Desktop\Ares.lnk
[2010/04/25 11:14:53 | 000,000,104 | ---- | M] () -- C:\Dokumente und Einstellungen\Caro\Desktop\Internet.lnk
[2010/04/24 22:26:39 | 000,001,584 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk
[2010/04/24 22:25:31 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/24 21:51:15 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/04/24 16:39:11 | 000,000,000 | RH-- | M] () -- C:\WINDOWS\System32\drivers\104D_Sony_VPCW11S1E.mrk
[2010/04/24 16:38:03 | 000,000,155 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/04/24 16:38:01 | 000,262,144 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\NTUSER.DAT
[2010/04/24 16:37:59 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/04/24 16:37:52 | 000,005,208 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2010/02/17 16:52:48 | 000,214,664 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2010/02/17 16:52:48 | 000,079,816 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/02/17 16:52:48 | 000,040,552 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys
[2010/02/17 16:52:48 | 000,035,272 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/02/17 16:52:10 | 000,034,248 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys

========== Files Created - No Company Name ==========

[2010/05/05 22:03:50 | 000,008,212 | ---- | C] () -- C:\WINDOWS\mfebcdata
[2010/05/05 21:23:10 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/05/05 21:23:05 | 000,262,448 | ---- | C] () -- C:\cmldr
[2010/05/05 21:20:56 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/05 21:20:56 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/05 21:20:56 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/05 21:20:56 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/05 21:20:56 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/05 20:52:30 | 003,946,612 | R--- | C] () -- C:\Dokumente und Einstellungen\Caro\Desktop\ComboFix.exe
[2010/05/04 15:41:09 | 000,284,915 | ---- | C] () -- C:\Dokumente und Einstellungen\Caro\Desktop\gmer.zip
[2010/05/02 12:55:25 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/01 19:50:58 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/29 19:57:28 | 000,003,584 | ---- | C] () -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/25 14:53:34 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/04/25 14:53:34 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/04/25 11:24:45 | 000,000,598 | ---- | C] () -- C:\Dokumente und Einstellungen\Caro\Desktop\Ares.lnk
[2010/04/25 11:14:53 | 000,000,104 | ---- | C] () -- C:\Dokumente und Einstellungen\Caro\Desktop\Internet.lnk
[2010/04/24 22:29:37 | 000,002,121 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2010/04/24 22:26:39 | 000,001,584 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk
[2010/04/24 22:25:31 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/24 21:51:15 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/04/24 21:51:14 | 000,001,012 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/24 21:51:14 | 000,001,008 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/24 16:39:11 | 000,000,000 | RH-- | C] () -- C:\WINDOWS\System32\drivers\104D_Sony_VPCW11S1E.mrk
[2010/04/24 16:38:58 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010/04/24 16:38:54 | 000,507,904 | -H-- | C] () -- C:\Dokumente und Einstellungen\Caro\ntuser.dat.LOG
[2010/04/24 16:38:54 | 000,000,190 | -HS- | C] () -- C:\Dokumente und Einstellungen\Caro\ntuser.ini
[2010/04/24 16:38:53 | 002,621,440 | -H-- | C] () -- C:\Dokumente und Einstellungen\Caro\NTUSER.DAT
[2010/04/24 16:38:00 | 000,262,144 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\NTUSER.DAT
[2010/04/24 16:38:00 | 000,001,024 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\NTUSER.DAT.LOG
[2009/06/19 10:30:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/06/19 09:34:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2009/06/19 02:09:08 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/06/19 02:08:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\NetBT.sys
[2009/06/18 17:21:19 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\WLanDLL.dll
[2009/06/18 17:08:51 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/05/08 15:08:42 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2005/02/17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2009/06/19 09:30:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Uninstall
[2010/04/24 22:29:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/06/19 09:20:56 | 000,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2009/06/19 09:20:54 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: ATAPI.SYS >
[2008/12/25 05:33:32 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/12/25 05:33:32 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:atapi.sys
[2010/05/04 18:36:12 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2010/05/04 18:36:12 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/12/25 05:33:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
< End of report >

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\jhaf897ifhdifhsd9fdiujhndd deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\asrkn_pfu.exe deleted successfully.
C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Temp\asrkn_pfu.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\M5T8QL3YW3 deleted successfully.
C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Temp\Mph.exe moved successfully.
C:\WINDOWS\mfebcdata moved successfully.
C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job moved successfully.
C:\WINDOWS\Mhizua.exe moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\\3389:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\3389:TCP deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 98979 bytes

User: All Users

User: Caro
->Temp folder emptied: 159621446 bytes
->Temporary Internet Files folder emptied: 78374214 bytes
->Java cache emptied: 25127 bytes
->Flash cache emptied: 11988 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: HelpAssistant
->Temp folder emptied: 2944764 bytes
->Temporary Internet Files folder emptied: 9901543 bytes
->Java cache emptied: 25127 bytes
->Flash cache emptied: 11988 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32969 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 453860 bytes
->Flash cache emptied: 1760 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2951 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 23553948 bytes
RecycleBin emptied: 12379468 bytes

Total Files Cleaned = 274,00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Caro
->Flash cache emptied: 0 bytes

User: Default User

User: HelpAssistant
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.4.1 log created on 05052010_210101

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\$$$dq3e not found!
File\Folder C:\WINDOWS\temp\$67we.$ not found!
File\Folder C:\WINDOWS\temp\mcmsc_8eODfjGHrvfavHG not found!

Registry entries deleted on Reboot...


18:34:28:187 4996 TDSS rootkit removing tool 2.2.8.1 Mar 22 2010 10:43:04
18:34:28:187 4996 ================================================================================
18:34:28:187 4996 SystemInfo:

18:34:28:187 4996 OS Version: 5.1.2600 ServicePack: 3.0
18:34:28:187 4996 Product type: Workstation
18:34:28:187 4996 ComputerName: CAROHERRERA
18:34:28:187 4996 UserName: Caro
18:34:28:187 4996 Windows directory: C:\WINDOWS
18:34:28:187 4996 Processor architecture: Intel x86
18:34:28:187 4996 Number of processors: 2
18:34:28:187 4996 Page size: 0x1000
18:34:28:281 4996 Boot type: Normal boot
18:34:28:281 4996 ================================================================================
18:34:28:296 4996 UnloadDriverW: NtUnloadDriver error 2
18:34:28:296 4996 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
18:34:28:734 4996 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
18:34:28:734 4996 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
18:34:28:734 4996 wfopen_ex: Trying to KLMD file open
18:34:28:734 4996 wfopen_ex: File opened ok (Flags 2)
18:34:28:734 4996 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
18:34:28:734 4996 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
18:34:28:734 4996 wfopen_ex: Trying to KLMD file open
18:34:28:734 4996 wfopen_ex: File opened ok (Flags 2)
18:34:28:734 4996 Initialize success
18:34:28:734 4996
18:34:28:734 4996 Scanning Services ...
18:34:29:250 4996 Raw services enum returned 356 services
18:34:29:343 4996
18:34:29:375 4996 Scanning Kernel memory ...
18:34:29:375 4996 Devices to scan: 7
18:34:29:375 4996
18:34:29:375 4996 Driver Name: Disk
18:34:29:375 4996 IRP_MJ_CREATE : F7603BB0
18:34:29:375 4996 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
18:34:29:375 4996 IRP_MJ_CLOSE : F7603BB0
18:34:29:375 4996 IRP_MJ_READ : F75FDD1F
18:34:29:375 4996 IRP_MJ_WRITE : F75FDD1F
18:34:29:375 4996 IRP_MJ_QUERY_INFORMATION : 804F4562
18:34:29:375 4996 IRP_MJ_SET_INFORMATION : 804F4562
18:34:29:375 4996 IRP_MJ_QUERY_EA : 804F4562
18:34:29:375 4996 IRP_MJ_SET_EA : 804F4562
18:34:29:375 4996 IRP_MJ_FLUSH_BUFFERS : F75FE2E2
18:34:29:375 4996 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
18:34:29:375 4996 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
18:34:29:375 4996 IRP_MJ_DIRECTORY_CONTROL : 804F4562
18:34:29:375 4996 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
18:34:29:375 4996 IRP_MJ_DEVICE_CONTROL : F75FE3BB
18:34:29:375 4996 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7601F28
18:34:29:375 4996 IRP_MJ_SHUTDOWN : F75FE2E2
18:34:29:375 4996 IRP_MJ_LOCK_CONTROL : 804F4562
18:34:29:375 4996 IRP_MJ_CLEANUP : 804F4562
18:34:29:375 4996 IRP_MJ_CREATE_MAILSLOT : 804F4562
18:34:29:375 4996 IRP_MJ_QUERY_SECURITY : 804F4562
18:34:29:375 4996 IRP_MJ_SET_SECURITY : 804F4562
18:34:29:375 4996 IRP_MJ_POWER : F75FFC82
18:34:29:375 4996 IRP_MJ_SYSTEM_CONTROL : F760499E
18:34:29:375 4996 IRP_MJ_DEVICE_CHANGE : 804F4562
18:34:29:375 4996 IRP_MJ_QUERY_QUOTA : 804F4562
18:34:29:375 4996 IRP_MJ_SET_QUOTA : 804F4562
18:34:29:421 4996 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
18:34:29:421 4996
18:34:29:421 4996 Driver Name: risdptsk
18:34:29:421 4996 IRP_MJ_CREATE : F6B71006
18:34:29:421 4996 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
18:34:29:421 4996 IRP_MJ_CLOSE : F6B71006
18:34:29:421 4996 IRP_MJ_READ : F6B66076
18:34:29:421 4996 IRP_MJ_WRITE : F6B66076
18:34:29:421 4996 IRP_MJ_QUERY_INFORMATION : 804F4562
18:34:29:421 4996 IRP_MJ_SET_INFORMATION : 804F4562
18:34:29:421 4996 IRP_MJ_QUERY_EA : 804F4562
18:34:29:421 4996 IRP_MJ_SET_EA : 804F4562
18:34:29:421 4996 IRP_MJ_FLUSH_BUFFERS : 804F4562
18:34:29:421 4996 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
18:34:29:421 4996 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
18:34:29:421 4996 IRP_MJ_DIRECTORY_CONTROL : 804F4562
18:34:29:421 4996 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
18:34:29:421 4996 IRP_MJ_DEVICE_CONTROL : F6B66270
18:34:29:421 4996 IRP_MJ_INTERNAL_DEVICE_CONTROL : F6B6CC38
18:34:29:421 4996 IRP_MJ_SHUTDOWN : 804F4562
18:34:29:421 4996 IRP_MJ_LOCK_CONTROL : 804F4562
18:34:29:421 4996 IRP_MJ_CLEANUP : 804F4562
18:34:29:421 4996 IRP_MJ_CREATE_MAILSLOT : 804F4562
18:34:29:421 4996 IRP_MJ_QUERY_SECURITY : 804F4562
18:34:29:421 4996 IRP_MJ_SET_SECURITY : 804F4562
18:34:29:421 4996 IRP_MJ_POWER : F6B6690E
18:34:29:421 4996 IRP_MJ_SYSTEM_CONTROL : F6B664E6
18:34:29:421 4996 IRP_MJ_DEVICE_CHANGE : 804F4562
18:34:29:421 4996 IRP_MJ_QUERY_QUOTA : 804F4562
18:34:29:421 4996 IRP_MJ_SET_QUOTA : 804F4562
18:34:29:453 4996 C:\WINDOWS\system32\DRIVERS\risdptsk.sys - Verdict: 1
18:34:29:453 4996
18:34:29:453 4996 Driver Name: Disk
18:34:29:453 4996 IRP_MJ_CREATE : F7603BB0
18:34:29:453 4996 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
18:34:29:453 4996 IRP_MJ_CLOSE : F7603BB0
18:34:29:453 4996 IRP_MJ_READ : F75FDD1F
18:34:29:453 4996 IRP_MJ_WRITE : F75FDD1F
18:34:29:453 4996 IRP_MJ_QUERY_INFORMATION : 804F4562
18:34:29:453 4996 IRP_MJ_SET_INFORMATION : 804F4562
18:34:29:453 4996 IRP_MJ_QUERY_EA : 804F4562
18:34:29:453 4996 IRP_MJ_SET_EA : 804F4562
18:34:29:453 4996 IRP_MJ_FLUSH_BUFFERS : F75FE2E2
18:34:29:453 4996 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
18:34:29:453 4996 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
18:34:29:453 4996 IRP_MJ_DIRECTORY_CONTROL : 804F4562
18:34:29:453 4996 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
18:34:29:453 4996 IRP_MJ_DEVICE_CONTROL : F75FE3BB
18:34:29:453 4996 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7601F28
18:34:29:453 4996 IRP_MJ_SHUTDOWN : F75FE2E2
18:34:29:453 4996 IRP_MJ_LOCK_CONTROL : 804F4562
18:34:29:453 4996 IRP_MJ_CLEANUP : 804F4562
18:34:29:453 4996 IRP_MJ_CREATE_MAILSLOT : 804F4562
18:34:29:453 4996 IRP_MJ_QUERY_SECURITY : 804F4562
18:34:29:453 4996 IRP_MJ_SET_SECURITY : 804F4562
18:34:29:453 4996 IRP_MJ_POWER : F75FFC82
18:34:29:453 4996 IRP_MJ_SYSTEM_CONTROL : F760499E
18:34:29:453 4996 IRP_MJ_DEVICE_CHANGE : 804F4562
18:34:29:453 4996 IRP_MJ_QUERY_QUOTA : 804F4562
18:34:29:453 4996 IRP_MJ_SET_QUOTA : 804F4562
18:34:29:500 4996 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
18:34:29:500 4996
18:34:29:500 4996 Driver Name: rimsptsk
18:34:29:500 4996 IRP_MJ_CREATE : F6B60006
18:34:29:500 4996 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
18:34:29:500 4996 IRP_MJ_CLOSE : F6B60006
18:34:29:500 4996 IRP_MJ_READ : F6B4C14A
18:34:29:500 4996 IRP_MJ_WRITE : F6B4C14A
18:34:29:500 4996 IRP_MJ_QUERY_INFORMATION : 804F4562
18:34:29:500 4996 IRP_MJ_SET_INFORMATION : 804F4562
18:34:29:500 4996 IRP_MJ_QUERY_EA : 804F4562
18:34:29:500 4996 IRP_MJ_SET_EA : 804F4562
18:34:29:500 4996 IRP_MJ_FLUSH_BUFFERS : 804F4562
18:34:29:500 4996 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
18:34:29:500 4996 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
18:34:29:500 4996 IRP_MJ_DIRECTORY_CONTROL : 804F4562
18:34:29:500 4996 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
18:34:29:500 4996 IRP_MJ_DEVICE_CONTROL : F6B4C2CA
18:34:29:500 4996 IRP_MJ_INTERNAL_DEVICE_CONTROL : F6B58908
18:34:29:500 4996 IRP_MJ_SHUTDOWN : 804F4562
18:34:29:500 4996 IRP_MJ_LOCK_CONTROL : 804F4562
18:34:29:500 4996 IRP_MJ_CLEANUP : 804F4562
18:34:29:500 4996 IRP_MJ_CREATE_MAILSLOT : 804F4562
18:34:29:500 4996 IRP_MJ_QUERY_SECURITY : 804F4562
18:34:29:500 4996 IRP_MJ_SET_SECURITY : 804F4562
18:34:29:500 4996 IRP_MJ_POWER : F6B4CB28
18:34:29:500 4996 IRP_MJ_SYSTEM_CONTROL : F6B4C6B0
18:34:29:500 4996 IRP_MJ_DEVICE_CHANGE : 804F4562
18:34:29:500 4996 IRP_MJ_QUERY_QUOTA : 804F4562
18:34:29:500 4996 IRP_MJ_SET_QUOTA : 804F4562
18:34:29:531 4996 C:\WINDOWS\system32\DRIVERS\rimsptsk.sys - Verdict: 1
18:34:29:531 4996
18:34:29:531 4996 Driver Name: Disk
18:34:29:531 4996 IRP_MJ_CREATE : F7603BB0
18:34:29:531 4996 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
18:34:29:531 4996 IRP_MJ_CLOSE : F7603BB0
18:34:29:531 4996 IRP_MJ_READ : F75FDD1F
18:34:29:531 4996 IRP_MJ_WRITE : F75FDD1F
18:34:29:531 4996 IRP_MJ_QUERY_INFORMATION : 804F4562
18:34:29:531 4996 IRP_MJ_SET_INFORMATION : 804F4562
18:34:29:531 4996 IRP_MJ_QUERY_EA : 804F4562
18:34:29:531 4996 IRP_MJ_SET_EA : 804F4562
18:34:29:531 4996 IRP_MJ_FLUSH_BUFFERS : F75FE2E2
18:34:29:531 4996 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
18:34:29:531 4996 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
18:34:29:531 4996 IRP_MJ_DIRECTORY_CONTROL : 804F4562
18:34:29:531 4996 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
18:34:29:531 4996 IRP_MJ_DEVICE_CONTROL : F75FE3BB
18:34:29:531 4996 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7601F28
18:34:29:531 4996 IRP_MJ_SHUTDOWN : F75FE2E2
18:34:29:531 4996 IRP_MJ_LOCK_CONTROL : 804F4562
18:34:29:531 4996 IRP_MJ_CLEANUP : 804F4562
18:34:29:531 4996 IRP_MJ_CREATE_MAILSLOT : 804F4562
18:34:29:531 4996 IRP_MJ_QUERY_SECURITY : 804F4562
18:34:29:531 4996 IRP_MJ_SET_SECURITY : 804F4562
18:34:29:531 4996 IRP_MJ_POWER : F75FFC82
18:34:29:531 4996 IRP_MJ_SYSTEM_CONTROL : F760499E
18:34:29:531 4996 IRP_MJ_DEVICE_CHANGE : 804F4562
18:34:29:531 4996 IRP_MJ_QUERY_QUOTA : 804F4562
18:34:29:531 4996 IRP_MJ_SET_QUOTA : 804F4562
18:34:29:562 4996 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
18:34:29:562 4996
18:34:29:562 4996 Driver Name: Disk
18:34:29:562 4996 IRP_MJ_CREATE : F7603BB0
18:34:29:562 4996 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
18:34:29:562 4996 IRP_MJ_CLOSE : F7603BB0
18:34:29:562 4996 IRP_MJ_READ : F75FDD1F
18:34:29:562 4996 IRP_MJ_WRITE : F75FDD1F
18:34:29:562 4996 IRP_MJ_QUERY_INFORMATION : 804F4562
18:34:29:562 4996 IRP_MJ_SET_INFORMATION : 804F4562
18:34:29:562 4996 IRP_MJ_QUERY_EA : 804F4562
18:34:29:562 4996 IRP_MJ_SET_EA : 804F4562
18:34:29:562 4996 IRP_MJ_FLUSH_BUFFERS : F75FE2E2
18:34:29:562 4996 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
18:34:29:562 4996 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
18:34:29:562 4996 IRP_MJ_DIRECTORY_CONTROL : 804F4562
18:34:29:562 4996 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
18:34:29:562 4996 IRP_MJ_DEVICE_CONTROL : F75FE3BB
18:34:29:562 4996 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7601F28
18:34:29:562 4996 IRP_MJ_SHUTDOWN : F75FE2E2
18:34:29:578 4996 IRP_MJ_LOCK_CONTROL : 804F4562
18:34:29:578 4996 IRP_MJ_CLEANUP : 804F4562
18:34:29:578 4996 IRP_MJ_CREATE_MAILSLOT : 804F4562
18:34:29:578 4996 IRP_MJ_QUERY_SECURITY : 804F4562
18:34:29:578 4996 IRP_MJ_SET_SECURITY : 804F4562
18:34:29:578 4996 IRP_MJ_POWER : F75FFC82
18:34:29:578 4996 IRP_MJ_SYSTEM_CONTROL : F760499E
18:34:29:578 4996 IRP_MJ_DEVICE_CHANGE : 804F4562
18:34:29:578 4996 IRP_MJ_QUERY_QUOTA : 804F4562
18:34:29:578 4996 IRP_MJ_SET_QUOTA : 804F4562
18:34:29:578 4996 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
18:34:29:578 4996
18:34:29:578 4996 Driver Name: atapi
18:34:29:578 4996 IRP_MJ_CREATE : 850D6EE4
18:34:29:578 4996 IRP_MJ_CREATE_NAMED_PIPE : 850D6EE4
18:34:29:578 4996 IRP_MJ_CLOSE : 850D6EE4
18:34:29:578 4996 IRP_MJ_READ : 850D6EE4
18:34:29:578 4996 IRP_MJ_WRITE : 850D6EE4
18:34:29:578 4996 IRP_MJ_QUERY_INFORMATION : 850D6EE4
18:34:29:578 4996 IRP_MJ_SET_INFORMATION : 850D6EE4
18:34:29:578 4996 IRP_MJ_QUERY_EA : 850D6EE4
18:34:29:578 4996 IRP_MJ_SET_EA : 850D6EE4
18:34:29:578 4996 IRP_MJ_FLUSH_BUFFERS : 850D6EE4
18:34:29:578 4996 IRP_MJ_QUERY_VOLUME_INFORMATION : 850D6EE4
18:34:29:578 4996 IRP_MJ_SET_VOLUME_INFORMATION : 850D6EE4
18:34:29:578 4996 IRP_MJ_DIRECTORY_CONTROL : 850D6EE4
18:34:29:578 4996 IRP_MJ_FILE_SYSTEM_CONTROL : 850D6EE4
18:34:29:578 4996 IRP_MJ_DEVICE_CONTROL : 850D6EE4
18:34:29:578 4996 IRP_MJ_INTERNAL_DEVICE_CONTROL : 850D6EE4
18:34:29:578 4996 IRP_MJ_SHUTDOWN : 850D6EE4
18:34:29:578 4996 IRP_MJ_LOCK_CONTROL : 850D6EE4
18:34:29:578 4996 IRP_MJ_CLEANUP : 850D6EE4
18:34:29:578 4996 IRP_MJ_CREATE_MAILSLOT : 850D6EE4
18:34:29:578 4996 IRP_MJ_QUERY_SECURITY : 850D6EE4
18:34:29:578 4996 IRP_MJ_SET_SECURITY : 850D6EE4
18:34:29:578 4996 IRP_MJ_POWER : 850D6EE4
18:34:29:578 4996 IRP_MJ_SYSTEM_CONTROL : 850D6EE4
18:34:29:578 4996 IRP_MJ_DEVICE_CHANGE : 850D6EE4
18:34:29:578 4996 IRP_MJ_QUERY_QUOTA : 850D6EE4
18:34:29:578 4996 IRP_MJ_SET_QUOTA : 850D6EE4
18:34:29:578 4996 Driver "atapi" infected by TDSS rootkit!
18:34:29:609 4996 C:\WINDOWS\system32\drivers\atapi.sys - Verdict: 1
18:34:29:609 4996 File "C:\WINDOWS\system32\drivers\atapi.sys" infected by TDSS rootkit ... 18:34:29:609 4996 Processing driver file: C:\WINDOWS\system32\drivers\atapi.sys
18:34:29:609 4996 ProcessDirEnumEx: FindFirstFile(C:\WINDOWS\system32\DriverStore\FileRepository\*) error 3
18:34:30:500 4996 vfvi6
18:34:30:703 4996 !dsvbh1
18:34:32:437 4996 dsvbh2
18:34:32:437 4996 fdfb2
18:34:32:437 4996 Backup copy found, using it..
18:34:32:453 4996 will be cured on next reboot
18:34:32:453 4996 Reboot required for cure complete..
18:34:32:843 4996 Cure on reboot scheduled successfully
18:34:32:843 4996
18:34:32:843 4996 Completed
18:34:32:843 4996
18:34:32:843 4996 Results:
18:34:32:843 4996 Memory objects infected / cured / cured on reboot: 1 / 0 / 0
18:34:32:843 4996 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
18:34:32:843 4996 File objects infected / cured / cured on reboot: 1 / 0 / 1
18:34:32:843 4996
18:34:32:843 4996 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
18:34:32:843 4996 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
18:34:32:843 4996 UnloadDriverW: NtUnloadDriver error 1
18:34:32:843 4996 KLMD(ARK) unloaded successfully

sorry i answered so late, my internet is blocked now...

thanks for the help

[cahele]

OTL logfile created on: 05/05/2010 01:30:02 p.m. - Run 2
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Dokumente und Einstellungen\Caro\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000140A | Country: Costa Rica | Language: ESC | Date Format: dd/MM/yyyy

1.014,00 Mb Total Physical Memory | 757,00 Mb Available Physical Memory | 75,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 94,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 145,32 Gb Total Space | 133,00 Gb Free Space | 91,52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CAROHERRERA
Current User Name: Caro
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Dokumente und Einstellungen\Caro\Desktop\OTL.exe (OldTimer Tools)
PRC - c:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Dokumente und Einstellungen\Caro\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (ACDaemon) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Programme\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Programme\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Programme\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (McProxy) -- c:\Programme\Gemeinsame Dateien\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\Programme\Gemeinsame Dateien\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (SOHDms) -- C:\Programme\Gemeinsame Dateien\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Programme\Gemeinsame Dateien\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (SOHPlMgr) -- C:\Programme\Gemeinsame Dateien\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Programme\Gemeinsame Dateien\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (SOHDBSvr) -- C:\Programme\Gemeinsame Dateien\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VCFw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (uCamMonitor) -- C:\Programme\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Programme\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (IviRegMgr) -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Driver Services (SafeList) ==========

DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (MPFP) -- C:\WINDOWS\system32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (L1c) -- C:\WINDOWS\system32\drivers\l1c51x86.sys (Atheros Communications, Inc.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\ambfilt.sys (Creative)
DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (5U876UVC) -- C:\WINDOWS\system32\drivers\5U876.sys (Ricoh co.,Ltd.)
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (risdptsk) -- C:\WINDOWS\system32\drivers\risdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (ArcSoftKsUFilter) -- C:\WINDOWS\system32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (Changer) -- C:\WINDOWS\system32\drivers\changer.sys (Microsoft Corporation)
DRV - (lbrtfdc) -- C:\WINDOWS\system32\drivers\lbrtfdc.sys (Toshiba Corp.)
DRV - (regi) -- C:\WINDOWS\system32\drivers\regi.sys (InterVideo)
DRV - (AWINDIS5) -- C:\WINDOWS\system32\AWINDIS5.SYS (AMBIT Microsystems Corporation.)
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.live.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.live.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Programme\McAfee\SiteAdvisor [2010/05/04 18:36:17 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2008/12/25 05:31:46 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AzMixerSel] C:\Programme\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [jhaf897ifhdifhsd9fdiujhndd] C:\WINDOWS\System32\svvchost.exe File not found
O4 - HKLM..\Run: [mcagent_exe] C:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Programme\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Programme\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Switcher.exe] C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIO Update 4] C:\Programme\Sony\VAIO Update 4\VAIOUpdt.exe (Sony Corporation)
O4 - HKCU..\Run: [asrkn_pfu.exe] C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Temp\asrkn_pfu.exe (Microsoft Corporation)
O4 - HKCU..\Run: [M5T8QL3YW3] C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Temp\Mph.exe ()
O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\VAIO Flavored Wallpaper 1024x600.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\VAIO Flavored Wallpaper 1024x600.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/18 16:23:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/04 21:23:46 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys
[2010/05/04 18:33:53 | 000,000,000 | ---D | C] -- C:\Programme\Digital Protection
[2010/05/04 18:29:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/05/04 15:40:51 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Caro\Desktop\OTL.exe
[2010/05/02 19:00:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Desktop\tdsskiller
[2010/05/01 19:58:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Malwarebytes
[2010/05/01 19:50:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/01 19:50:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010/05/01 19:50:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/01 19:50:53 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010/05/01 19:20:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia
[2010/05/01 19:19:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe
[2010/05/01 17:30:52 | 000,000,000 | ---D | C] -- C:\Programme\AxBx
[2010/05/01 12:49:40 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys
[2010/05/01 12:49:40 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2010/05/01 12:49:36 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\changer.sys
[2010/05/01 12:49:36 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2010/05/01 12:49:31 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys
[2010/05/01 12:47:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\9056589C0AB5F79B5F8A8DB3FCF89729
[2010/05/01 12:39:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/04/27 21:58:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/04/27 21:58:16 | 000,000,000 | ---D | C] -- C:\Programme\MSBuild
[2010/04/27 21:58:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/04/27 21:58:04 | 000,000,000 | ---D | C] -- C:\Programme\Reference Assemblies
[2010/04/27 21:57:27 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2010/04/27 21:57:27 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2010/04/27 21:57:27 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2010/04/27 21:57:26 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2010/04/27 21:57:26 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2010/04/27 21:57:26 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2010/04/27 21:57:25 | 000,000,000 | ---D | C] -- C:\99f95159b85f4aa5ad24
[2010/04/27 21:49:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/04/27 15:15:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe
[2010/04/26 17:29:07 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010/04/25 16:05:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\ArcSoft
[2010/04/25 11:24:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\Ares
[2010/04/25 11:24:41 | 000,000,000 | ---D | C] -- C:\Programme\Ares
[2010/04/25 11:01:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Eigene Dateien\Meine empfangenen Dateien
[2010/04/25 10:58:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Tracing
[2010/04/25 10:46:05 | 000,273,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2010/04/25 10:45:51 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2010/04/25 10:45:47 | 002,148,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/04/25 10:45:46 | 002,027,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/04/25 10:45:45 | 002,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2010/04/25 10:45:28 | 000,455,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010/04/25 10:45:23 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/04/25 10:40:29 | 000,765,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2010/04/25 10:40:14 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2010/04/25 10:40:13 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2010/04/25 10:39:34 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/04/25 10:38:35 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2010/04/25 10:36:06 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll
[2010/04/25 10:16:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/04/24 22:30:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Apple Computer
[2010/04/24 22:29:33 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2010/04/24 22:27:47 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010/04/24 22:27:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/24 22:27:35 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2010/04/24 22:25:52 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2010/04/24 22:25:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer
[2010/04/24 22:25:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\Apple
[2010/04/24 22:25:25 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update
[2010/04/24 22:25:12 | 003,003,680 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2010/04/24 22:24:17 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2010/04/24 22:23:56 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Apple
[2010/04/24 22:23:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple
[2010/04/24 22:23:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\Apple Computer
[2010/04/24 22:09:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Google
[2010/04/24 21:56:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\Temp
[2010/04/24 21:56:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google
[2010/04/24 21:52:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ArcSoft
[2010/04/24 21:52:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\ArcSoft
[2010/04/24 21:51:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google
[2010/04/24 21:51:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\skypePM
[2010/04/24 21:51:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\Google
[2010/04/24 21:50:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Skype
[2010/04/24 21:50:21 | 000,000,000 | ---D | C] -- C:\Programme\Google
[2010/04/24 21:50:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google
[2010/04/24 21:50:05 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype
[2010/04/24 21:49:57 | 000,000,000 | R--D | C] -- C:\Programme\Skype
[2010/04/24 21:45:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Macromedia
[2010/04/24 21:44:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\SACore
[2010/04/24 17:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/04/24 17:45:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Adobe
[2010/04/24 16:38:56 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Microsoft
[2010/04/24 16:38:56 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten
[2010/04/24 16:38:56 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Caro\Eigene Dateien\Eigene Musik
[2010/04/24 16:38:56 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Caro\Eigene Dateien
[2010/04/24 16:38:56 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Caro\Eigene Dateien\Eigene Bilder
[2010/04/24 16:38:56 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Caro\Cookies
[2010/04/24 16:38:56 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Caro\Druckumgebung
[2010/04/24 16:38:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Sun
[2010/04/24 16:38:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Sony Corporation
[2010/04/24 16:38:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\InstallShield
[2010/04/24 16:38:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Identities
[2010/04/24 16:38:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Desktop
[2010/04/24 16:38:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Eigene Dateien\Bluetooth-Exchange-Ordner
[2010/04/24 16:38:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Bluetooth Software
[2010/04/24 16:38:55 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Caro\Favoriten
[2010/04/24 16:38:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2010/04/24 16:38:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\ApplicationHistory
[2010/04/24 16:38:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\Adobe
[2010/04/24 16:38:54 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Caro\SendTo
[2010/04/24 16:38:54 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Caro\Recent
[2010/04/24 16:38:54 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Caro\Startmenü
[2010/04/24 16:38:54 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Caro\Vorlagen
[2010/04/24 16:38:54 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Caro\Netzwerkumgebung
[2010/04/24 16:38:54 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen
[2010/04/24 16:37:52 | 000,000,000 | ---D | C] -- C:\Programme\Programmverknüpfungen
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/05 13:18:41 | 000,011,541 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/05/05 13:18:31 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/05 13:18:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/04 21:25:55 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/04 18:35:53 | 002,621,440 | -H-- | M] () -- C:\Dokumente und Einstellungen\Caro\NTUSER.DAT
[2010/05/04 18:35:44 | 000,008,212 | ---- | M] () -- C:\WINDOWS\mfebcdata
[2010/05/04 18:35:44 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/04 18:35:39 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Caro\ntuser.ini
[2010/05/04 18:35:32 | 003,228,748 | -H-- | M] () -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010/05/04 18:35:30 | 000,000,278 | -H-- | M] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/05/04 18:23:04 | 000,001,008 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/04 15:41:09 | 000,284,915 | ---- | M] () -- C:\Dokumente und Einstellungen\Caro\Desktop\gmer.zip
[2010/05/04 15:40:54 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Caro\Desktop\OTL.exe
[2010/05/04 15:29:23 | 000,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2010/05/02 22:01:04 | 000,001,012 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/01 19:50:58 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/01 12:47:05 | 000,165,376 | ---- | M] () -- C:\WINDOWS\Mhizua.exe
[2010/04/30 22:31:51 | 000,458,822 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010/04/30 22:31:51 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/30 22:31:51 | 000,084,326 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010/04/30 22:31:51 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/30 22:31:49 | 001,069,904 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/29 19:57:28 | 000,003,584 | ---- | M] () -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/29 17:14:55 | 000,015,672 | ---- | M] () -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 20:28:00 | 000,106,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/27 15:14:07 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/25 14:53:40 | 000,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/25 14:53:35 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/04/25 14:53:34 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/04/25 11:24:45 | 000,000,598 | ---- | M] () -- C:\Dokumente und Einstellungen\Caro\Desktop\Ares.lnk
[2010/04/25 11:14:53 | 000,000,104 | ---- | M] () -- C:\Dokumente und Einstellungen\Caro\Desktop\Internet.lnk
[2010/04/24 22:26:39 | 000,001,584 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk
[2010/04/24 22:25:31 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/24 21:51:15 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/04/24 16:39:11 | 000,000,000 | RH-- | M] () -- C:\WINDOWS\System32\drivers\104D_Sony_VPCW11S1E.mrk
[2010/04/24 16:38:03 | 000,000,155 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/04/24 16:38:01 | 000,262,144 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\NTUSER.DAT
[2010/04/24 16:37:59 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/04/24 16:37:52 | 000,005,208 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2010/04/24 16:32:02 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/04 18:35:44 | 000,008,212 | ---- | C] () -- C:\WINDOWS\mfebcdata
[2010/05/04 15:41:09 | 000,284,915 | ---- | C] () -- C:\Dokumente und Einstellungen\Caro\Desktop\gmer.zip
[2010/05/02 12:55:25 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/01 19:50:58 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/01 13:08:54 | 000,000,278 | -H-- | C] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/05/01 12:48:03 | 000,165,376 | ---- | C] () -- C:\WINDOWS\Mhizua.exe
[2010/04/29 19:57:28 | 000,003,584 | ---- | C] () -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/25 14:53:34 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/04/25 14:53:34 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/04/25 11:24:45 | 000,000,598 | ---- | C] () -- C:\Dokumente und Einstellungen\Caro\Desktop\Ares.lnk
[2010/04/25 11:14:53 | 000,000,104 | ---- | C] () -- C:\Dokumente und Einstellungen\Caro\Desktop\Internet.lnk
[2010/04/24 22:29:37 | 000,002,121 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2010/04/24 22:26:39 | 000,001,584 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk
[2010/04/24 22:25:31 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/24 21:51:15 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/04/24 21:51:14 | 000,001,012 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/24 21:51:14 | 000,001,008 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/24 16:39:11 | 000,000,000 | RH-- | C] () -- C:\WINDOWS\System32\drivers\104D_Sony_VPCW11S1E.mrk
[2010/04/24 16:38:58 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010/04/24 16:38:54 | 000,421,888 | -H-- | C] () -- C:\Dokumente und Einstellungen\Caro\ntuser.dat.LOG
[2010/04/24 16:38:54 | 000,000,190 | -HS- | C] () -- C:\Dokumente und Einstellungen\Caro\ntuser.ini
[2010/04/24 16:38:53 | 002,621,440 | -H-- | C] () -- C:\Dokumente und Einstellungen\Caro\NTUSER.DAT
[2010/04/24 16:38:00 | 000,262,144 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\NTUSER.DAT
[2010/04/24 16:38:00 | 000,001,024 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\NTUSER.DAT.LOG
[2009/06/19 10:30:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/06/19 09:34:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2009/06/19 02:09:08 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/06/18 17:21:19 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\WLanDLL.dll
[2009/06/18 17:08:51 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/05/08 15:08:42 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2005/02/17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/06/18 16:23:21 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/04/24 16:37:59 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2008/12/25 05:30:59 | 000,004,952 | RHS- | M] () -- C:\bootfont.bin
[2009/06/18 16:23:21 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/06/18 16:23:21 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/06/18 16:23:21 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/12/25 05:32:58 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/12/25 05:32:59 | 000,251,712 | RHS- | M] () -- C:\ntldr
[2010/05/05 13:17:55 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2010/05/02 19:17:37 | 000,000,603 | ---- | M] () -- C:\rkill.log
[2010/05/02 19:00:34 | 000,032,200 | ---- | M] () -- C:\TDSSKiller.2.2.8.1_02.05.2010_19.00.30_log.txt
[2010/05/02 19:15:25 | 000,032,200 | ---- | M] () -- C:\TDSSKiller.2.2.8.1_02.05.2010_19.15.20_log.txt
[2010/05/02 19:20:45 | 000,031,120 | ---- | M] () -- C:\TDSSKiller.2.2.8.1_02.05.2010_19.20.44_log.txt
[2010/05/02 19:21:02 | 000,031,120 | ---- | M] () -- C:\TDSSKiller.2.2.8.1_02.05.2010_19.21.01_log.txt
[2010/05/02 21:36:42 | 000,032,200 | ---- | M] () -- C:\TDSSKiller.2.2.8.1_02.05.2010_21.36.39_log.txt
[2010/05/03 21:40:37 | 000,032,222 | ---- | M] () -- C:\TDSSKiller.2.2.8.1_03.05.2010_21.40.35_log.txt
[2010/05/04 18:34:32 | 000,032,200 | ---- | M] () -- C:\TDSSKiller.2.2.8.1_04.05.2010_18.34.28_log.txt

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/06/18 18:15:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/06/18 18:15:02 | 001,069,056 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/06/18 18:15:01 | 000,442,368 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/05/04 18:36:12 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atapi.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/17 16:52:48 | 000,079,816 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys
[2010/02/17 16:52:48 | 000,035,272 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys
[2010/02/17 16:52:48 | 000,214,664 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys
[2010/02/17 16:52:10 | 000,034,248 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys
[2010/02/17 16:52:48 | 000,040,552 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys
[2010/02/24 15:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/02/11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
< End of report >

ComboFix 10-05-05.02 - Caro 05/05/2010 21:29:13.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1014.567 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Caro\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Im Speicher befindliches AV aktiv.

.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\dokumente und einstellungen\Caro\Anwendungsdaten\9056589C0AB5F79B5F8A8DB3FCF89729
c:\dokumente und einstellungen\Caro\Anwendungsdaten\9056589C0AB5F79B5F8A8DB3FCF89729\enemies-names.txt
c:\dokumente und einstellungen\Caro\Anwendungsdaten\9056589C0AB5F79B5F8A8DB3FCF89729\lsrslt.ini
c:\dokumente und einstellungen\Caro\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Digital Protection.lnk
c:\programme\Digital Protection
c:\programme\Digital Protection\about.ico
c:\programme\Digital Protection\activate.ico
c:\programme\Digital Protection\buy.ico
c:\programme\Digital Protection\dig.db
c:\programme\Digital Protection\digext.dll
c:\programme\Digital Protection\dighook.dll
c:\programme\Digital Protection\help.ico
c:\programme\Digital Protection\scan.ico
c:\programme\Digital Protection\settings.ico
c:\programme\Digital Protection\Uninstall.exe
c:\programme\Digital Protection\update.ico
c:\programme\WindowsUpdate
c:\recycler\S-1-5-21-1349688397-2566318103-2350713343-1003

Infizierte Kopie von c:\windows\system32\drivers\netbt.sys wurde gefunden und desinfiziert
Kopie von - Kitty had a snack wurde wiederhergestellt
.
original MBR restored successfully !
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PRAGMAxrenemnbdm
-------\Legacy_SSHNAS
-------\Service_PRAGMAxrenemnbdm


((((((((((((((((((((((( Dateien erstellt von 2010-04-05 bis 2010-05-05 ))))))))))))))))))))))))))))))
.

2010-05-05 19:01 . 2010-05-05 19:01 -------- d-----w- C:\_OTL
2010-05-04 19:23 . 2008-04-13 22:15 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-05-02 10:55 . 2010-05-04 19:25 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-01 17:58 . 2010-05-01 17:58 -------- d-----w- c:\dokumente und einstellungen\Caro\Anwendungsdaten\Malwarebytes
2010-05-01 17:50 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-01 17:50 . 2010-05-01 17:50 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-05-01 17:50 . 2010-05-01 17:50 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2010-05-01 17:50 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-01 10:49 . 2008-04-13 22:10 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-05-01 10:49 . 2008-04-13 22:10 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-05-01 10:49 . 2008-04-13 22:11 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-05-01 10:49 . 2008-04-13 22:11 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-05-01 10:49 . 2008-04-13 22:11 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-05-01 10:49 . 2008-04-13 22:11 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-05-01 10:39 . 2010-05-01 10:39 -------- d-----w- c:\windows\Sun
2010-04-27 19:58 . 2010-04-27 19:58 -------- d-----w- c:\windows\system32\XPSViewer
2010-04-27 19:58 . 2010-04-27 19:58 -------- d-----w- c:\programme\MSBuild
2010-04-27 19:58 . 2010-04-27 19:58 -------- d-----w- c:\programme\Reference Assemblies
2010-04-27 19:57 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-04-27 19:57 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-04-27 19:57 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-04-27 19:57 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-04-27 19:57 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-04-27 19:57 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-04-27 19:57 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-04-27 19:57 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-04-27 19:57 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-04-27 19:57 . 2010-04-27 19:57 -------- d-----w- C:\99f95159b85f4aa5ad24
2010-04-26 15:29 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-25 14:05 . 2010-04-25 14:05 -------- d-----w- c:\dokumente und einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\ArcSoft
2010-04-25 09:24 . 2010-04-25 09:24 -------- d-----w- c:\dokumente und einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\Ares
2010-04-25 09:24 . 2010-04-25 09:24 -------- d-----w- c:\programme\Ares
2010-04-25 08:58 . 2010-05-04 16:26 -------- d-----w- c:\dokumente und einstellungen\Caro\Tracing
2010-04-25 08:46 . 2008-06-14 17:32 273024 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-04-25 08:45 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-04-25 08:45 . 2010-02-16 19:04 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-04-25 08:45 . 2010-02-16 19:04 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-04-25 08:45 . 2010-02-16 19:04 2069120 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-04-25 08:45 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-04-25 08:45 . 2009-11-21 15:54 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-04-25 08:40 . 2008-05-27 17:23 765952 -c----w- c:\windows\system32\dllcache\vgx.dll
2010-04-25 08:40 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-04-25 08:40 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-04-25 08:39 . 2009-06-21 21:45 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-04-25 08:39 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-04-25 08:38 . 2009-07-31 04:32 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2010-04-25 08:38 . 2009-07-10 13:26 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-04-25 08:36 . 2009-08-13 15:15 512000 -c----w- c:\windows\system32\dllcache\jscript.dll
2010-04-24 20:30 . 2010-04-25 08:35 -------- d-----w- c:\dokumente und einstellungen\Caro\Anwendungsdaten\Apple Computer
2010-04-24 20:29 . 2009-05-18 11:17 26600 ----a-w- c:\windows\system32\drivers\gearaspiwdm.sys
2010-04-24 20:29 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-04-24 20:27 . 2010-04-24 20:27 -------- d-----w- c:\programme\iPod
2010-04-24 20:27 . 2010-04-24 20:29 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-24 20:27 . 2010-04-24 20:29 -------- d-----w- c:\programme\iTunes
2010-04-24 20:25 . 2010-04-24 20:26 -------- d-----w- c:\programme\QuickTime
2010-04-24 20:25 . 2010-04-24 20:27 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple Computer
2010-04-24 20:25 . 2010-04-24 20:25 -------- d-----w- c:\dokumente und einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\Apple
2010-04-24 20:25 . 2010-04-24 20:25 -------- d-----w- c:\programme\Apple Software Update
2010-04-24 20:25 . 2009-10-16 00:33 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-24 20:25 . 2009-10-16 00:33 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-24 20:24 . 2010-04-24 20:24 -------- d-----w- c:\programme\Bonjour
2010-04-24 20:23 . 2010-04-24 20:24 -------- d-----w- c:\programme\Gemeinsame Dateien\Apple
2010-04-24 20:23 . 2010-04-24 20:23 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple
2010-04-24 20:23 . 2010-04-24 20:30 -------- d-----w- c:\dokumente und einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\Apple Computer
2010-04-24 19:56 . 2010-04-24 19:56 -------- d-----w- c:\dokumente und einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\Temp
2010-04-24 19:56 . 2010-04-24 19:56 -------- d-----w- c:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google
2010-04-24 19:52 . 2010-04-24 19:52 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\ArcSoft
2010-04-24 19:52 . 2010-04-24 19:52 -------- d-----w- c:\dokumente und einstellungen\Caro\Anwendungsdaten\ArcSoft
2010-04-24 19:51 . 2010-04-24 19:51 -------- d-----w- c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google
2010-04-24 19:51 . 2010-04-24 19:51 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-04-24 19:51 . 2010-05-04 18:26 -------- d-----w- c:\dokumente und einstellungen\Caro\Anwendungsdaten\skypePM
2010-04-24 19:51 . 2010-04-24 20:09 -------- d-----w- c:\dokumente und einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\Google
2010-04-24 19:50 . 2010-05-04 19:48 -------- d-----w- c:\dokumente und einstellungen\Caro\Anwendungsdaten\Skype
2010-04-24 19:50 . 2010-04-24 19:51 -------- d-----w- c:\programme\Google
2010-04-24 19:50 . 2010-04-24 19:50 -------- d-----w- c:\programme\Gemeinsame Dateien\Skype
2010-04-24 19:49 . 2010-04-24 19:50 -------- d-----r- c:\programme\Skype
2010-04-24 19:44 . 2010-04-30 13:37 -------- d-----w- c:\dokumente und einstellungen\LocalService\Anwendungsdaten\SACore
2010-04-24 14:37 . 2009-07-20 22:22 -------- d-----r- c:\dokumente und einstellungen\Default User\Eigene Dateien
2010-04-24 14:37 . 2009-06-18 15:17 -------- d-----w- c:\dokumente und einstellungen\Default User\Bluetooth Software
2010-04-24 14:37 . 2010-04-24 14:37 -------- d-----w- c:\programme\Programmverknüpfungen

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-05 19:32 . 2009-06-19 00:08 84722 ----a-w- c:\windows\system32\perfc007.dat
2010-05-05 19:32 . 2009-06-19 00:08 459396 ----a-w- c:\windows\system32\perfh007.dat
2010-05-05 19:25 . 2009-06-19 00:08 0 ----a-w- c:\windows\system32\drivers\NetBT.sys
2010-05-04 16:36 . 2008-04-14 00:10 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-05-04 16:29 . 2009-06-19 07:19 -------- d-----w- c:\programme\McAfee
2010-05-03 18:33 . 2009-06-18 14:22 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-29 15:14 . 2010-04-24 14:38 15672 ----a-w- c:\dokumente und einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2010-04-25 09:07 . 2009-06-18 14:48 -------- d-----w- c:\programme\Windows Media Connect 2
2010-04-24 19:53 . 2009-06-18 15:11 -------- d--h--w- c:\programme\InstallShield Installation Information
2010-04-24 19:49 . 2009-06-19 07:31 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Skype
2010-04-24 14:42 . 2009-06-19 07:19 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\McAfee
2010-04-24 14:39 . 2010-04-24 14:39 0 ---ha-r- c:\windows\system32\drivers\104D_Sony_VPCW11S1E.mrk
2010-03-25 23:48 . 2010-03-25 23:48 73000 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-03-11 12:31 . 2009-06-19 00:08 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:31 . 2009-06-19 00:08 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:31 . 2009-06-19 00:08 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2009-06-19 00:08 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-24 13:11 . 2009-06-19 00:08 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 14:52 . 2009-06-19 07:22 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-02-17 14:52 . 2009-06-19 07:22 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2010-02-17 14:52 . 2009-06-19 07:22 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-02-17 14:52 . 2009-06-19 07:22 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-02-17 14:52 . 2009-06-19 07:23 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2010-02-16 19:04 . 2008-04-14 07:30 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 19:04 . 2008-04-14 07:29 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-12 09:46 . 2010-02-12 09:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 09:46 . 2010-02-12 09:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 04:33 . 2009-06-19 00:08 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2009-06-19 00:08 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-24 39408]
"msnmsgr"="c:\programme\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-11 137752]
"AzMixerSel"="c:\programme\Realtek\Audio\Drivers\AzMixerSel.exe" [2009-05-08 53248]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2009-05-15 1512744]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-12-03 35184]
"ISBMgr.exe"="c:\programme\Sony\ISB Utility\ISBMgr.exe" [2008-05-15 315392]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-07 1176808]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-06-19 136600]
"SonyPowerCfg"="c:\programme\Sony\VAIO Power Management\SPMgr.exe" [2009-03-26 217088]
"VAIO Update 4"="c:\programme\Sony\VAIO Update 4\VAIOUpdt.exe" [2008-06-11 866144]
"Switcher.exe"="c:\programme\Sony\Wireless Switch Setting Utility\Switcher.exe" [2009-05-26 552960]
"NortonOnlineBackupReminder"="c:\programme\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-01-16 503976]
"mcagent_exe"="c:\programme\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2010-03-25 142120]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-12-25 15360]

c:\dokumente und einstellungen\All Users\Startmen�\Programme\Autostart\
BTTray.lnk - c:\programme\WIDCOMM\Bluetooth Software\BTTray.exe [2009-5-8 607584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-03-18 07:02 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Gemeinsame Dateien\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"5246:TCP"= 5246:TCP:Services
"8992:TCP"= 8992:TCP:Services
"6832:TCP"= 6832:TCP:Services
"6833:TCP"= 6833:TCP:Services

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\programme\McAfee\SiteAdvisor\McSACore.exe [19/06/2009 09:27 a.m. 198432]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [17/04/2007 08:09 p.m. 11032]
R2 uCamMonitor;CamMonitor;c:\programme\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [19/06/2009 09:18 a.m. 104960]
R2 VCFw;VAIO Content Folder Watcher;c:\programme\Gemeinsame Dateien\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [14/01/2009 01:38 p.m. 5184872]
R3 5U876UVC;Sony Visual Communication Camera;c:\windows\system32\drivers\5U876.sys [18/06/2009 05:17 p.m. 91776]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [19/06/2009 09:18 a.m. 14336]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [18/06/2009 05:18 p.m. 39424]
S2 gupdate;Servicio de actualización de Google (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [24/04/2010 09:51 p.m. 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\ambfilt.sys [18/06/2009 05:11 p.m. 1684736]
S3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [18/06/2009 05:21 p.m. 16194]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [01/05/2010 07:50 p.m. 38224]
S3 SOHCImp;VAIO Media plus Content Importer;c:\programme\Gemeinsame Dateien\Sony Shared\SOHLib\SOHCImp.exe [19/06/2009 09:33 a.m. 120104]
S3 SOHDBSvr;VAIO Media plus Database Manager;c:\programme\Gemeinsame Dateien\Sony Shared\SOHLib\SOHDBSvr.exe [19/06/2009 09:33 a.m. 70952]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\programme\Gemeinsame Dateien\Sony Shared\SOHLib\SOHDms.exe [19/06/2009 09:33 a.m. 390440]
S3 SOHDs;VAIO Media plus Device Searcher;c:\programme\Gemeinsame Dateien\Sony Shared\SOHLib\SOHDs.exe [19/06/2009 09:33 a.m. 75048]
S3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\programme\Gemeinsame Dateien\Sony Shared\SOHLib\SOHPlMgr.exe [19/06/2009 09:33 a.m. 91432]
.
Inhalt des "geplante Tasks" Ordners

2010-04-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]

2010-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-04-24 19:50]

2010-05-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-04-24 19:50]

2009-06-19 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-19 10:22]

2009-06-19 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-19 10:22]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://home.live.com
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

SafeBoot-klmdb.sys
AddRemove-Digital Protection - c:\programme\Digital Protection\Pklkvqdii+`}`



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-05 21:46
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(808)
c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'explorer.exe'(3220)
c:\programme\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe
c:\programme\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\GEMEIN~1\mcafee\mna\mcnasvc.exe
c:\progra~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe
c:\programme\McAfee\VirusScan\McShield.exe
c:\programme\McAfee\MPF\MPFSrv.exe
c:\programme\McAfee\MSK\MskSrver.exe
c:\programme\Sony\VAIO Event Service\VESMgr.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\programme\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\igfxsrvc.exe
c:\programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\system32\msiexec.exe
c:\programme\iPod\bin\iPodService.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-05-05 21:51:41 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-05-05 19:51

Vor Suchlauf: 9 Verzeichnis(se), 141.992.206.336 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 141.926.301.696 Bytes frei

WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - A64A0BDF53BD2C085E065247450AF383

OTL logfile created on: 06/05/2010 06:56:45 p.m. - Run 3
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Dokumente und Einstellungen\Caro\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000140A | Country: Costa Rica | Language: ESC | Date Format: dd/MM/yyyy

1.014,00 Mb Total Physical Memory | 799,00 Mb Available Physical Memory | 79,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 96,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 145,32 Gb Total Space | 133,20 Gb Free Space | 91,66% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 1,88 Gb Total Space | 0,98 Gb Free Space | 52,17% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CAROHERRERA
Current User Name: Caro
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Dokumente und Einstellungen\Caro\Desktop\OTL.exe (OldTimer Tools)
PRC - c:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Dokumente und Einstellungen\Caro\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (ACDaemon) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Programme\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Programme\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Programme\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (McProxy) -- c:\Programme\Gemeinsame Dateien\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\Programme\Gemeinsame Dateien\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (SOHDms) -- C:\Programme\Gemeinsame Dateien\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Programme\Gemeinsame Dateien\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (SOHPlMgr) -- C:\Programme\Gemeinsame Dateien\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Programme\Gemeinsame Dateien\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (SOHDBSvr) -- C:\Programme\Gemeinsame Dateien\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VCFw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (uCamMonitor) -- C:\Programme\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Programme\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (IviRegMgr) -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Driver Services (SafeList) ==========

DRV - (NetBT) -- C:\WINDOWS\system32\drivers\NetBT.sys ()
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (MPFP) -- C:\WINDOWS\system32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (L1c) -- C:\WINDOWS\system32\drivers\l1c51x86.sys (Atheros Communications, Inc.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\ambfilt.sys (Creative)
DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (5U876UVC) -- C:\WINDOWS\system32\drivers\5U876.sys (Ricoh co.,Ltd.)
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (risdptsk) -- C:\WINDOWS\system32\drivers\risdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (ArcSoftKsUFilter) -- C:\WINDOWS\system32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (Changer) -- C:\WINDOWS\system32\drivers\changer.sys (Microsoft Corporation)
DRV - (lbrtfdc) -- C:\WINDOWS\system32\drivers\lbrtfdc.sys (Toshiba Corp.)
DRV - (regi) -- C:\WINDOWS\system32\drivers\regi.sys (InterVideo)
DRV - (AWINDIS5) -- C:\WINDOWS\system32\AWINDIS5.SYS (AMBIT Microsystems Corporation.)
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.live.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Programme\McAfee\SiteAdvisor [2010/05/04 18:36:17 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/05/05 21:45:47 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AzMixerSel] C:\Programme\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Programme\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Programme\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Switcher.exe] C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIO Update 4] C:\Programme\Sony\VAIO Update 4\VAIOUpdt.exe (Sony Corporation)
O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\VAIO Flavored Wallpaper 1024x600.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\VAIO Flavored Wallpaper 1024x600.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/18 16:23:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/05/05 22:15:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/05/05 21:23:04 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/05/05 21:20:56 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/05/05 21:20:56 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/05/05 21:20:56 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/05/05 21:20:56 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/05/05 21:20:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/05/05 21:20:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/05/05 21:01:01 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/05/04 15:40:51 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Caro\Desktop\OTL.exe
[2010/05/02 19:00:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Desktop\tdsskiller
[2010/05/01 19:58:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Malwarebytes
[2010/05/01 19:50:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/01 19:50:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010/05/01 19:50:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/01 19:50:53 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010/05/01 19:20:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia
[2010/05/01 19:19:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe
[2010/05/01 12:39:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/04/27 21:58:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/04/27 21:58:16 | 000,000,000 | ---D | C] -- C:\Programme\MSBuild
[2010/04/27 21:58:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/04/27 21:58:04 | 000,000,000 | ---D | C] -- C:\Programme\Reference Assemblies
[2010/04/27 21:57:25 | 000,000,000 | ---D | C] -- C:\99f95159b85f4aa5ad24
[2010/04/27 21:49:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/04/27 15:15:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe
[2010/04/25 16:05:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\ArcSoft
[2010/04/25 11:24:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\Ares
[2010/04/25 11:24:41 | 000,000,000 | ---D | C] -- C:\Programme\Ares
[2010/04/25 11:01:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Eigene Dateien\Meine empfangenen Dateien
[2010/04/25 10:58:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Tracing
[2010/04/25 10:16:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/04/24 22:30:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Apple Computer
[2010/04/24 22:27:47 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010/04/24 22:27:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/24 22:27:35 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2010/04/24 22:25:52 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2010/04/24 22:25:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer
[2010/04/24 22:25:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\Apple
[2010/04/24 22:25:25 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update
[2010/04/24 22:24:17 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2010/04/24 22:23:56 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Apple
[2010/04/24 22:23:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple
[2010/04/24 22:23:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\Apple Computer
[2010/04/24 22:09:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Google
[2010/04/24 21:56:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\Temp
[2010/04/24 21:56:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google
[2010/04/24 21:52:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ArcSoft
[2010/04/24 21:52:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\ArcSoft
[2010/04/24 21:51:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google
[2010/04/24 21:51:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\skypePM
[2010/04/24 21:51:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\Google
[2010/04/24 21:50:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Skype
[2010/04/24 21:50:21 | 000,000,000 | ---D | C] -- C:\Programme\Google
[2010/04/24 21:50:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google
[2010/04/24 21:50:05 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype
[2010/04/24 21:49:57 | 000,000,000 | R--D | C] -- C:\Programme\Skype
[2010/04/24 21:45:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Macromedia
[2010/04/24 21:44:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\SACore
[2010/04/24 17:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/04/24 17:45:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Adobe
[2010/04/24 16:38:56 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Microsoft
[2010/04/24 16:38:56 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten
[2010/04/24 16:38:56 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Caro\Eigene Dateien\Eigene Musik
[2010/04/24 16:38:56 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Caro\Eigene Dateien
[2010/04/24 16:38:56 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Caro\Eigene Dateien\Eigene Bilder
[2010/04/24 16:38:56 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Caro\Cookies
[2010/04/24 16:38:56 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Caro\Druckumgebung
[2010/04/24 16:38:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Sun
[2010/04/24 16:38:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Sony Corporation
[2010/04/24 16:38:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\InstallShield
[2010/04/24 16:38:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Identities
[2010/04/24 16:38:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Desktop
[2010/04/24 16:38:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Eigene Dateien\Bluetooth-Exchange-Ordner
[2010/04/24 16:38:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Bluetooth Software
[2010/04/24 16:38:55 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Caro\Favoriten
[2010/04/24 16:38:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2010/04/24 16:38:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\ApplicationHistory
[2010/04/24 16:38:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\Adobe
[2010/04/24 16:38:54 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Caro\SendTo
[2010/04/24 16:38:54 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Caro\Recent
[2010/04/24 16:38:54 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Caro\Startmenü
[2010/04/24 16:38:54 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Caro\Vorlagen
[2010/04/24 16:38:54 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Caro\Netzwerkumgebung
[2010/04/24 16:38:54 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen
[2010/04/24 16:37:52 | 000,000,000 | ---D | C] -- C:\Programme\Programmverknüpfungen

========== Files - Modified Within 90 Days ==========

[2010/05/06 18:50:18 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/06 18:49:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/05 22:16:13 | 000,011,931 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/05/05 22:16:12 | 002,621,440 | -H-- | M] () -- C:\Dokumente und Einstellungen\Caro\NTUSER.DAT
[2010/05/05 22:16:12 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Caro\ntuser.ini
[2010/05/05 22:16:10 | 003,712,656 | -H-- | M] () -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010/05/05 22:03:51 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/05 22:03:50 | 000,008,212 | ---- | M] () -- C:\WINDOWS\mfebcdata
[2010/05/05 22:01:07 | 000,001,012 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/05 22:01:01 | 000,001,008 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/05 21:46:21 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/05/05 21:45:47 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/05/05 21:32:26 | 001,069,904 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/05/05 21:32:26 | 000,459,396 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010/05/05 21:32:26 | 000,441,458 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/05/05 21:32:26 | 000,084,722 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010/05/05 21:32:26 | 000,071,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/05/05 21:25:31 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\NetBT.sys
[2010/05/05 21:23:10 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/05/05 20:52:37 | 003,946,612 | R--- | M] () -- C:\Dokumente und Einstellungen\Caro\Desktop\ComboFix.exe
[2010/05/04 21:25:55 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/04 15:41:09 | 000,284,915 | ---- | M] () -- C:\Dokumente und Einstellungen\Caro\Desktop\gmer.zip
[2010/05/04 15:40:54 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Caro\Desktop\OTL.exe
[2010/05/04 15:29:23 | 000,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2010/05/01 19:50:58 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/29 19:57:28 | 000,003,584 | ---- | M] () -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/29 17:14:55 | 000,015,672 | ---- | M] () -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 20:28:00 | 000,106,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/27 15:14:07 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/26 15:58:12 | 000,256,512 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2010/04/25 14:53:40 | 000,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/25 14:53:35 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/04/25 14:53:34 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/04/25 11:24:45 | 000,000,598 | ---- | M] () -- C:\Dokumente und Einstellungen\Caro\Desktop\Ares.lnk
[2010/04/25 11:14:53 | 000,000,104 | ---- | M] () -- C:\Dokumente und Einstellungen\Caro\Desktop\Internet.lnk
[2010/04/24 22:26:39 | 000,001,584 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk
[2010/04/24 22:25:31 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/24 21:51:15 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/04/24 16:39:11 | 000,000,000 | RH-- | M] () -- C:\WINDOWS\System32\drivers\104D_Sony_VPCW11S1E.mrk
[2010/04/24 16:38:03 | 000,000,155 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/04/24 16:38:01 | 000,262,144 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\NTUSER.DAT
[2010/04/24 16:37:59 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2010/04/24 16:37:52 | 000,005,208 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2010/02/17 16:52:48 | 000,214,664 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2010/02/17 16:52:48 | 000,079,816 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/02/17 16:52:48 | 000,040,552 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfesmfk.sys
[2010/02/17 16:52:48 | 000,035,272 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/02/17 16:52:10 | 000,034,248 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdk.sys

========== Files Created - No Company Name ==========

[2010/05/05 22:03:50 | 000,008,212 | ---- | C] () -- C:\WINDOWS\mfebcdata
[2010/05/05 21:23:10 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/05/05 21:23:05 | 000,262,448 | ---- | C] () -- C:\cmldr
[2010/05/05 21:20:56 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/05/05 21:20:56 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/05/05 21:20:56 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/05/05 21:20:56 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/05/05 21:20:56 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/05/05 20:52:30 | 003,946,612 | R--- | C] () -- C:\Dokumente und Einstellungen\Caro\Desktop\ComboFix.exe
[2010/05/04 15:41:09 | 000,284,915 | ---- | C] () -- C:\Dokumente und Einstellungen\Caro\Desktop\gmer.zip
[2010/05/02 12:55:25 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/01 19:50:58 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/04/29 19:57:28 | 000,003,584 | ---- | C] () -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/25 14:53:34 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/04/25 14:53:34 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/04/25 11:24:45 | 000,000,598 | ---- | C] () -- C:\Dokumente und Einstellungen\Caro\Desktop\Ares.lnk
[2010/04/25 11:14:53 | 000,000,104 | ---- | C] () -- C:\Dokumente und Einstellungen\Caro\Desktop\Internet.lnk
[2010/04/24 22:29:37 | 000,002,121 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2010/04/24 22:26:39 | 000,001,584 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk
[2010/04/24 22:25:31 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/24 21:51:15 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/04/24 21:51:14 | 000,001,012 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/24 21:51:14 | 000,001,008 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/24 16:39:11 | 000,000,000 | RH-- | C] () -- C:\WINDOWS\System32\drivers\104D_Sony_VPCW11S1E.mrk
[2010/04/24 16:38:58 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010/04/24 16:38:54 | 000,507,904 | -H-- | C] () -- C:\Dokumente und Einstellungen\Caro\ntuser.dat.LOG
[2010/04/24 16:38:54 | 000,000,190 | -HS- | C] () -- C:\Dokumente und Einstellungen\Caro\ntuser.ini
[2010/04/24 16:38:53 | 002,621,440 | -H-- | C] () -- C:\Dokumente und Einstellungen\Caro\NTUSER.DAT
[2010/04/24 16:38:00 | 000,262,144 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\NTUSER.DAT
[2010/04/24 16:38:00 | 000,001,024 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\NTUSER.DAT.LOG
[2009/06/19 10:30:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/06/19 09:34:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2009/06/19 02:09:08 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/06/19 02:08:41 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\drivers\NetBT.sys
[2009/06/18 17:21:19 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\WLanDLL.dll
[2009/06/18 17:08:51 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/05/08 15:08:42 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2005/02/17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2009/06/19 09:30:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Uninstall
[2010/04/24 22:29:31 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/06/19 09:20:56 | 000,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\McDefragTask.job
[2009/06/19 09:20:54 | 000,000,338 | ---- | M] () -- C:\WINDOWS\Tasks\McQcTask.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: ATAPI.SYS >
[2008/12/25 05:33:32 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/12/25 05:33:32 | 020,108,202 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp3.cab:atapi.sys
[2010/05/04 18:36:12 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2010/05/04 18:36:12 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2008/12/25 05:33:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
< End of report >

All processes killed

[cahele]

OTL logfile created on: 05/05/2010 01:30:02 p.m. - Run 2
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Dokumente und Einstellungen\Caro\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 0000140A | Country: Costa Rica | Language: ESC | Date Format: dd/MM/yyyy

1.014,00 Mb Total Physical Memory | 757,00 Mb Available Physical Memory | 75,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 94,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 145,32 Gb Total Space | 133,00 Gb Free Space | 91,52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: CAROHERRERA
Current User Name: Caro
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Dokumente und Einstellungen\Caro\Desktop\OTL.exe (OldTimer Tools)
PRC - c:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Dokumente und Einstellungen\Caro\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (ACDaemon) -- C:\Programme\Gemeinsame Dateien\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Programme\McAfee\VirusScan\Mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\Programme\McAfee\VirusScan\mcsysmon.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Programme\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Programme\McAfee\MPF\MpfSrv.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Programme\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (McProxy) -- c:\Programme\Gemeinsame Dateien\McAfee\McProxy\McProxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\Programme\Gemeinsame Dateien\McAfee\MNA\McNASvc.exe (McAfee, Inc.)
SRV - (SOHDms) -- C:\Programme\Gemeinsame Dateien\Sony Shared\SOHLib\SOHDms.exe (Sony Corporation)
SRV - (SOHCImp) -- C:\Programme\Gemeinsame Dateien\Sony Shared\SOHLib\SOHCImp.exe (Sony Corporation)
SRV - (SOHPlMgr) -- C:\Programme\Gemeinsame Dateien\Sony Shared\SOHLib\SOHPlMgr.exe (Sony Corporation)
SRV - (SOHDs) -- C:\Programme\Gemeinsame Dateien\Sony Shared\SOHLib\SOHDs.exe (Sony Corporation)
SRV - (SOHDBSvr) -- C:\Programme\Gemeinsame Dateien\Sony Shared\SOHLib\SOHDBSvr.exe (Sony Corporation)
SRV - (VAIO Event Service) -- C:\Programme\Sony\VAIO Event Service\VESMgr.exe (Sony Corporation)
SRV - (VAIO Entertainment TV Device Arbitration Service) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe (Sony Corporation)
SRV - (Vcsw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe (Sony Corporation)
SRV - (VzCdbSvc) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe (Sony Corporation)
SRV - (VCFw) -- C:\Programme\Gemeinsame Dateien\Sony Shared\VAIO Content Folder Watcher\VCFw.exe (Sony Corporation)
SRV - (uCamMonitor) -- C:\Programme\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe (ArcSoft, Inc.)
SRV - (McAfee SiteAdvisor Service) -- C:\Programme\McAfee\SiteAdvisor\McSACore.exe ()
SRV - (IviRegMgr) -- C:\Programme\Gemeinsame Dateien\InterVideo\RegMgr\iviRegMgr.exe (InterVideo)


========== Driver Services (SafeList) ==========

DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (mfehidk) -- C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\WINDOWS\system32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\WINDOWS\system32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\WINDOWS\system32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\WINDOWS\system32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (MPFP) -- C:\WINDOWS\system32\drivers\Mpfp.sys (McAfee, Inc.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (L1c) -- C:\WINDOWS\system32\drivers\l1c51x86.sys (Atheros Communications, Inc.)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\monfilt.sys (Creative Technology Ltd.)
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\ambfilt.sys (Creative)
DRV - (Iviaspi) -- C:\WINDOWS\system32\drivers\iviaspi.sys (InterVideo, Inc.)
DRV - (5U876UVC) -- C:\WINDOWS\system32\drivers\5U876.sys (Ricoh co.,Ltd.)
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (SNC) -- C:\WINDOWS\system32\drivers\SonyNC.sys (Sony Corporation)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (risdptsk) -- C:\WINDOWS\system32\drivers\risdptsk.sys (REDC)
DRV - (rimsptsk) -- C:\WINDOWS\system32\drivers\rimsptsk.sys (REDC)
DRV - (ArcSoftKsUFilter) -- C:\WINDOWS\system32\drivers\ArcSoftKsUFilter.sys (ArcSoft, Inc.)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (Changer) -- C:\WINDOWS\system32\drivers\changer.sys (Microsoft Corporation)
DRV - (lbrtfdc) -- C:\WINDOWS\system32\drivers\lbrtfdc.sys (Toshiba Corp.)
DRV - (regi) -- C:\WINDOWS\system32\drivers\regi.sys (InterVideo)
DRV - (AWINDIS5) -- C:\WINDOWS\system32\AWINDIS5.SYS (AMBIT Microsystems Corporation.)
DRV - (DMICall) -- C:\WINDOWS\system32\drivers\DMICall.sys (Sony Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://home.live.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.live.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Programme\McAfee\SiteAdvisor [2010/05/04 18:36:17 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2008/12/25 05:31:46 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AzMixerSel] C:\Programme\Realtek\Audio\Drivers\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Programme\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [jhaf897ifhdifhsd9fdiujhndd] C:\WINDOWS\System32\svvchost.exe File not found
O4 - HKLM..\Run: [mcagent_exe] C:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McENUI] C:\Programme\McAfee\MHN\McENUI.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Programme\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [SonyPowerCfg] C:\Programme\Sony\VAIO Power Management\SPMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [Switcher.exe] C:\Programme\Sony\Wireless Switch Setting Utility\Switcher.exe (Sony Corporation)
O4 - HKLM..\Run: [VAIO Update 4] C:\Programme\Sony\VAIO Update 4\VAIOUpdt.exe (Sony Corporation)
O4 - HKCU..\Run: [asrkn_pfu.exe] C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Temp\asrkn_pfu.exe (Microsoft Corporation)
O4 - HKCU..\Run: [M5T8QL3YW3] C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Temp\Mph.exe ()
O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\BTTray.lnk = C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - VESWinlogon.dll - C:\WINDOWS\System32\VESWinlogon.dll (Sony Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\VAIO Flavored Wallpaper 1024x600.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\VAIO Flavored Wallpaper 1024x600.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/18 16:23:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/05/04 21:23:46 | 000,060,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\USBAUDIO.sys
[2010/05/04 18:33:53 | 000,000,000 | ---D | C] -- C:\Programme\Digital Protection
[2010/05/04 18:29:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/05/04 15:40:51 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Caro\Desktop\OTL.exe
[2010/05/02 19:00:07 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Desktop\tdsskiller
[2010/05/01 19:58:09 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Malwarebytes
[2010/05/01 19:50:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/05/01 19:50:54 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010/05/01 19:50:53 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/05/01 19:50:53 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010/05/01 19:20:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia
[2010/05/01 19:19:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe
[2010/05/01 17:30:52 | 000,000,000 | ---D | C] -- C:\Programme\AxBx
[2010/05/01 12:49:40 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys
[2010/05/01 12:49:40 | 000,034,688 | ---- | C] (Toshiba Corp.) -- C:\WINDOWS\System32\dllcache\lbrtfdc.sys
[2010/05/01 12:49:36 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\changer.sys
[2010/05/01 12:49:36 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\changer.sys
[2010/05/01 12:49:31 | 000,008,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\i2omgmt.sys
[2010/05/01 12:47:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\9056589C0AB5F79B5F8A8DB3FCF89729
[2010/05/01 12:39:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2010/04/27 21:58:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2010/04/27 21:58:16 | 000,000,000 | ---D | C] -- C:\Programme\MSBuild
[2010/04/27 21:58:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en-US
[2010/04/27 21:58:04 | 000,000,000 | ---D | C] -- C:\Programme\Reference Assemblies
[2010/04/27 21:57:27 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\printfilterpipelinesvc.exe
[2010/04/27 21:57:27 | 000,117,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\prntvpt.dll
[2010/04/27 21:57:27 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\filterpipelineprintproc.dll
[2010/04/27 21:57:26 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpssvcs.dll
[2010/04/27 21:57:26 | 001,676,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpssvcs.dll
[2010/04/27 21:57:26 | 000,575,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\xpsshhdr.dll
[2010/04/27 21:57:25 | 000,000,000 | ---D | C] -- C:\99f95159b85f4aa5ad24
[2010/04/27 21:49:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2010/04/27 15:15:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe
[2010/04/26 17:29:07 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\browserchoice.exe
[2010/04/25 16:05:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\ArcSoft
[2010/04/25 11:24:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\Ares
[2010/04/25 11:24:41 | 000,000,000 | ---D | C] -- C:\Programme\Ares
[2010/04/25 11:01:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Eigene Dateien\Meine empfangenen Dateien
[2010/04/25 10:58:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Tracing
[2010/04/25 10:46:05 | 000,273,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\bthport.sys
[2010/04/25 10:45:51 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srv.sys
[2010/04/25 10:45:47 | 002,148,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlmp.exe
[2010/04/25 10:45:46 | 002,027,008 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrpamp.exe
[2010/04/25 10:45:45 | 002,069,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntkrnlpa.exe
[2010/04/25 10:45:28 | 000,455,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2010/04/25 10:45:23 | 000,471,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\aclayers.dll
[2010/04/25 10:40:29 | 000,765,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\vgx.dll
[2010/04/25 10:40:14 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fontsub.dll
[2010/04/25 10:40:13 | 000,119,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\t2embed.dll
[2010/04/25 10:39:34 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/04/25 10:38:35 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml3.dll
[2010/04/25 10:36:06 | 000,512,000 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jscript.dll
[2010/04/25 10:16:52 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\PreInstall
[2010/04/24 22:30:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Apple Computer
[2010/04/24 22:29:33 | 000,107,368 | ---- | C] (GEAR Software Inc.) -- C:\WINDOWS\System32\GEARAspi.dll
[2010/04/24 22:27:47 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2010/04/24 22:27:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/04/24 22:27:35 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2010/04/24 22:25:52 | 000,000,000 | ---D | C] -- C:\Programme\QuickTime
[2010/04/24 22:25:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple Computer
[2010/04/24 22:25:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\Apple
[2010/04/24 22:25:25 | 000,000,000 | ---D | C] -- C:\Programme\Apple Software Update
[2010/04/24 22:25:12 | 003,003,680 | ---- | C] (Apple, Inc.) -- C:\WINDOWS\System32\usbaaplrc.dll
[2010/04/24 22:24:17 | 000,000,000 | ---D | C] -- C:\Programme\Bonjour
[2010/04/24 22:23:56 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Apple
[2010/04/24 22:23:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Apple
[2010/04/24 22:23:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\Apple Computer
[2010/04/24 22:09:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Google
[2010/04/24 21:56:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\Temp
[2010/04/24 21:56:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google
[2010/04/24 21:52:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ArcSoft
[2010/04/24 21:52:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\ArcSoft
[2010/04/24 21:51:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google
[2010/04/24 21:51:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\skypePM
[2010/04/24 21:51:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\Google
[2010/04/24 21:50:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Skype
[2010/04/24 21:50:21 | 000,000,000 | ---D | C] -- C:\Programme\Google
[2010/04/24 21:50:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google
[2010/04/24 21:50:05 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype
[2010/04/24 21:49:57 | 000,000,000 | R--D | C] -- C:\Programme\Skype
[2010/04/24 21:45:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Macromedia
[2010/04/24 21:44:37 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\SACore
[2010/04/24 17:45:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2010/04/24 17:45:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Adobe
[2010/04/24 16:38:56 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Microsoft
[2010/04/24 16:38:56 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten
[2010/04/24 16:38:56 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Caro\Eigene Dateien\Eigene Musik
[2010/04/24 16:38:56 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Caro\Eigene Dateien
[2010/04/24 16:38:56 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Caro\Eigene Dateien\Eigene Bilder
[2010/04/24 16:38:56 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Caro\Cookies
[2010/04/24 16:38:56 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Caro\Druckumgebung
[2010/04/24 16:38:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Sun
[2010/04/24 16:38:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Sony Corporation
[2010/04/24 16:38:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\InstallShield
[2010/04/24 16:38:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Anwendungsdaten\Identities
[2010/04/24 16:38:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Desktop
[2010/04/24 16:38:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Eigene Dateien\Bluetooth-Exchange-Ordner
[2010/04/24 16:38:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Bluetooth Software
[2010/04/24 16:38:55 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Caro\Favoriten
[2010/04/24 16:38:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\Microsoft
[2010/04/24 16:38:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\ApplicationHistory
[2010/04/24 16:38:55 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\Adobe
[2010/04/24 16:38:54 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Caro\SendTo
[2010/04/24 16:38:54 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Caro\Recent
[2010/04/24 16:38:54 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Caro\Startmenü
[2010/04/24 16:38:54 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Caro\Vorlagen
[2010/04/24 16:38:54 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Caro\Netzwerkumgebung
[2010/04/24 16:38:54 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen
[2010/04/24 16:37:52 | 000,000,000 | ---D | C] -- C:\Programme\Programmverknüpfungen
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/05 13:18:41 | 000,011,541 | ---- | M] () -- C:\WINDOWS\System32\Config.MPF
[2010/05/05 13:18:31 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/05 13:18:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/04 21:25:55 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/04 18:35:53 | 002,621,440 | -H-- | M] () -- C:\Dokumente und Einstellungen\Caro\NTUSER.DAT
[2010/05/04 18:35:44 | 000,008,212 | ---- | M] () -- C:\WINDOWS\mfebcdata
[2010/05/04 18:35:44 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/04 18:35:39 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Caro\ntuser.ini
[2010/05/04 18:35:32 | 003,228,748 | -H-- | M] () -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010/05/04 18:35:30 | 000,000,278 | -H-- | M] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/05/04 18:23:04 | 000,001,008 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/05/04 15:41:09 | 000,284,915 | ---- | M] () -- C:\Dokumente und Einstellungen\Caro\Desktop\gmer.zip
[2010/05/04 15:40:54 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Caro\Desktop\OTL.exe
[2010/05/04 15:29:23 | 000,002,121 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2010/05/02 22:01:04 | 000,001,012 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/05/01 19:50:58 | 000,000,676 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/01 12:47:05 | 000,165,376 | ---- | M] () -- C:\WINDOWS\Mhizua.exe
[2010/04/30 22:31:51 | 000,458,822 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2010/04/30 22:31:51 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/30 22:31:51 | 000,084,326 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2010/04/30 22:31:51 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/30 22:31:49 | 001,069,904 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/04/29 19:57:28 | 000,003,584 | ---- | M] () -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/29 17:14:55 | 000,015,672 | ---- | M] () -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/28 20:28:00 | 000,106,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/04/27 15:14:07 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/04/25 14:53:40 | 000,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/04/25 14:53:35 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/04/25 14:53:34 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/04/25 11:24:45 | 000,000,598 | ---- | M] () -- C:\Dokumente und Einstellungen\Caro\Desktop\Ares.lnk
[2010/04/25 11:14:53 | 000,000,104 | ---- | M] () -- C:\Dokumente und Einstellungen\Caro\Desktop\Internet.lnk
[2010/04/24 22:26:39 | 000,001,584 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk
[2010/04/24 22:25:31 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/24 21:51:15 | 000,000,056 | -H-- | M] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/04/24 16:39:11 | 000,000,000 | RH-- | M] () -- C:\WINDOWS\System32\drivers\104D_Sony_VPCW11S1E.mrk
[2010/04/24 16:38:03 | 000,000,155 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/04/24 16:38:01 | 000,262,144 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\NTUSER.DAT
[2010/04/24 16:37:59 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2010/04/24 16:37:52 | 000,005,208 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2010/04/24 16:32:02 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/04 18:35:44 | 000,008,212 | ---- | C] () -- C:\WINDOWS\mfebcdata
[2010/05/04 15:41:09 | 000,284,915 | ---- | C] () -- C:\Dokumente und Einstellungen\Caro\Desktop\gmer.zip
[2010/05/02 12:55:25 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/05/01 19:50:58 | 000,000,676 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/05/01 13:08:54 | 000,000,278 | -H-- | C] () -- C:\WINDOWS\tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job
[2010/05/01 12:48:03 | 000,165,376 | ---- | C] () -- C:\WINDOWS\Mhizua.exe
[2010/04/29 19:57:28 | 000,003,584 | ---- | C] () -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/25 14:53:34 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/04/25 14:53:34 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/04/25 11:24:45 | 000,000,598 | ---- | C] () -- C:\Dokumente und Einstellungen\Caro\Desktop\Ares.lnk
[2010/04/25 11:14:53 | 000,000,104 | ---- | C] () -- C:\Dokumente und Einstellungen\Caro\Desktop\Internet.lnk
[2010/04/24 22:29:37 | 000,002,121 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2010/04/24 22:26:39 | 000,001,584 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\QuickTime Player.lnk
[2010/04/24 22:25:31 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/04/24 21:51:15 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/04/24 21:51:14 | 000,001,012 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/24 21:51:14 | 000,001,008 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/24 16:39:11 | 000,000,000 | RH-- | C] () -- C:\WINDOWS\System32\drivers\104D_Sony_VPCW11S1E.mrk
[2010/04/24 16:38:58 | 000,000,141 | ---- | C] () -- C:\Dokumente und Einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010/04/24 16:38:54 | 000,421,888 | -H-- | C] () -- C:\Dokumente und Einstellungen\Caro\ntuser.dat.LOG
[2010/04/24 16:38:54 | 000,000,190 | -HS- | C] () -- C:\Dokumente und Einstellungen\Caro\ntuser.ini
[2010/04/24 16:38:53 | 002,621,440 | -H-- | C] () -- C:\Dokumente und Einstellungen\Caro\NTUSER.DAT
[2010/04/24 16:38:00 | 000,262,144 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\NTUSER.DAT
[2010/04/24 16:38:00 | 000,001,024 | -H-- | C] () -- C:\Dokumente und Einstellungen\All Users\NTUSER.DAT.LOG
[2009/06/19 10:30:51 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/06/19 09:34:57 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VAIOUpdt.INI
[2009/06/19 02:09:08 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/06/18 17:21:19 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\WLanDLL.dll
[2009/06/18 17:08:51 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2009/05/08 15:08:42 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2005/02/17 12:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest
[2005/02/17 12:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/06/18 16:23:21 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/04/24 16:37:59 | 000,000,211 | RHS- | M] () -- C:\boot.ini
[2008/12/25 05:30:59 | 000,004,952 | RHS- | M] () -- C:\bootfont.bin
[2009/06/18 16:23:21 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2009/06/18 16:23:21 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/06/18 16:23:21 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2008/12/25 05:32:58 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/12/25 05:32:59 | 000,251,712 | RHS- | M] () -- C:\ntldr
[2010/05/05 13:17:55 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
[2010/05/02 19:17:37 | 000,000,603 | ---- | M] () -- C:\rkill.log
[2010/05/02 19:00:34 | 000,032,200 | ---- | M] () -- C:\TDSSKiller.2.2.8.1_02.05.2010_19.00.30_log.txt
[2010/05/02 19:15:25 | 000,032,200 | ---- | M] () -- C:\TDSSKiller.2.2.8.1_02.05.2010_19.15.20_log.txt
[2010/05/02 19:20:45 | 000,031,120 | ---- | M] () -- C:\TDSSKiller.2.2.8.1_02.05.2010_19.20.44_log.txt
[2010/05/02 19:21:02 | 000,031,120 | ---- | M] () -- C:\TDSSKiller.2.2.8.1_02.05.2010_19.21.01_log.txt
[2010/05/02 21:36:42 | 000,032,200 | ---- | M] () -- C:\TDSSKiller.2.2.8.1_02.05.2010_21.36.39_log.txt
[2010/05/03 21:40:37 | 000,032,222 | ---- | M] () -- C:\TDSSKiller.2.2.8.1_03.05.2010_21.40.35_log.txt
[2010/05/04 18:34:32 | 000,032,200 | ---- | M] () -- C:\TDSSKiller.2.2.8.1_04.05.2010_18.34.28_log.txt

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/06/18 18:15:02 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/06/18 18:15:02 | 001,069,056 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/06/18 18:15:01 | 000,442,368 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/05/04 18:36:12 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atapi.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2010/02/17 16:52:48 | 000,079,816 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfeavfk.sys
[2010/02/17 16:52:48 | 000,035,272 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfebopk.sys
[2010/02/17 16:52:48 | 000,214,664 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfehidk.sys
[2010/02/17 16:52:10 | 000,034,248 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mferkdk.sys
[2010/02/17 16:52:48 | 000,040,552 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\drivers\mfesmfk.sys
[2010/02/24 15:11:07 | 000,455,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2010/02/11 14:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
< End of report >

ComboFix 10-05-05.02 - Caro 05/05/2010 21:29:13.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1014.567 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Caro\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Im Speicher befindliches AV aktiv.

.

(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\dokumente und einstellungen\Caro\Anwendungsdaten\9056589C0AB5F79B5F8A8DB3FCF89729
c:\dokumente und einstellungen\Caro\Anwendungsdaten\9056589C0AB5F79B5F8A8DB3FCF89729\enemies-names.txt
c:\dokumente und einstellungen\Caro\Anwendungsdaten\9056589C0AB5F79B5F8A8DB3FCF89729\lsrslt.ini
c:\dokumente und einstellungen\Caro\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Digital Protection.lnk
c:\programme\Digital Protection
c:\programme\Digital Protection\about.ico
c:\programme\Digital Protection\activate.ico
c:\programme\Digital Protection\buy.ico
c:\programme\Digital Protection\dig.db
c:\programme\Digital Protection\digext.dll
c:\programme\Digital Protection\dighook.dll
c:\programme\Digital Protection\help.ico
c:\programme\Digital Protection\scan.ico
c:\programme\Digital Protection\settings.ico
c:\programme\Digital Protection\Uninstall.exe
c:\programme\Digital Protection\update.ico
c:\programme\WindowsUpdate
c:\recycler\S-1-5-21-1349688397-2566318103-2350713343-1003

Infizierte Kopie von c:\windows\system32\drivers\netbt.sys wurde gefunden und desinfiziert
Kopie von - Kitty had a snack wurde wiederhergestellt
.
original MBR restored successfully !
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

[cahele]

i cant ad the post here ill try attaching...

Attached Files

•  documents.txt   112.73KB   185 downloads

[hammerman]

Hi,

Can you give me an update on how your computer's running. Do you have an internet connection problem? Why did you run the OTL scans in Safe mode?

[cahele]

I have been running all the process in Safe Mode because in the normal mode the virus wasnt letting me do anything and it kept instaling the Digital Protection so it was better on safe mode...

The computer seems to be clean, but now Im not been able to connect to internet...

Do you have any idea what could it be or how I can fix it??

thanks for everything

[hammerman]

Hi,

Please run a Combofix scan and post the log.

[cahele]

I've been trying to run ComboFix but it tells me that McAfee is ON and I don't know why its not deactivated

[hammerman]

Hi,

The last Combofix scan showed you disabled McAfee correctly so ignore the message and let Combofix continue.

[cahele]

Hi! here is the ComboFix log, thanks for the help

ComboFix 10-05-05.02 - Caro 09/05/2010 14:25:34.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1014.570 [GMT 2:00]
ausgeführt von:: c:\dokumente und einstellungen\Caro\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.

((((((((((((((((((((((( Dateien erstellt von 2010-04-09 bis 2010-05-09 ))))))))))))))))))))))))))))))
.

2010-05-05 19:01 . 2010-05-05 19:01 -------- d-----w- C:\_OTL
2010-05-04 19:23 . 2008-04-13 22:15 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2010-05-02 10:55 . 2010-05-04 19:25 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-05-01 17:58 . 2010-05-01 17:58 -------- d-----w- c:\dokumente und einstellungen\Caro\Anwendungsdaten\Malwarebytes
2010-05-01 17:50 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-01 17:50 . 2010-05-01 17:50 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2010-05-01 17:50 . 2010-05-01 17:50 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2010-05-01 17:50 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-01 10:49 . 2008-04-13 22:10 34688 -c--a-w- c:\windows\system32\dllcache\lbrtfdc.sys
2010-05-01 10:49 . 2008-04-13 22:10 34688 ----a-w- c:\windows\system32\drivers\lbrtfdc.sys
2010-05-01 10:49 . 2008-04-13 22:11 8192 -c--a-w- c:\windows\system32\dllcache\changer.sys
2010-05-01 10:49 . 2008-04-13 22:11 8192 ----a-w- c:\windows\system32\drivers\changer.sys
2010-05-01 10:49 . 2008-04-13 22:11 8576 -c--a-w- c:\windows\system32\dllcache\i2omgmt.sys
2010-05-01 10:49 . 2008-04-13 22:11 8576 ----a-w- c:\windows\system32\drivers\i2omgmt.sys
2010-05-01 10:39 . 2010-05-01 10:39 -------- d-----w- c:\windows\Sun
2010-04-27 19:58 . 2010-04-27 19:58 -------- d-----w- c:\windows\system32\XPSViewer
2010-04-27 19:58 . 2010-04-27 19:58 -------- d-----w- c:\programme\MSBuild
2010-04-27 19:58 . 2010-04-27 19:58 -------- d-----w- c:\programme\Reference Assemblies
2010-04-27 19:57 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2010-04-27 19:57 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-04-27 19:57 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2010-04-27 19:57 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-04-27 19:57 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2010-04-27 19:57 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-04-27 19:57 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-04-27 19:57 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-04-27 19:57 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-04-27 19:57 . 2010-04-27 19:57 -------- d-----w- C:\99f95159b85f4aa5ad24
2010-04-26 15:29 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-04-25 14:05 . 2010-04-25 14:05 -------- d-----w- c:\dokumente und einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\ArcSoft
2010-04-25 09:24 . 2010-04-25 09:24 -------- d-----w- c:\dokumente und einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\Ares
2010-04-25 09:24 . 2010-04-25 09:24 -------- d-----w- c:\programme\Ares
2010-04-25 08:58 . 2010-05-09 11:59 -------- d-----w- c:\dokumente und einstellungen\Caro\Tracing
2010-04-25 08:46 . 2008-06-14 17:32 273024 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-04-25 08:45 . 2009-12-31 16:50 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-04-25 08:45 . 2010-02-16 19:04 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-04-25 08:45 . 2010-02-16 19:04 2027008 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-04-25 08:45 . 2010-02-16 19:04 2069120 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2010-04-25 08:45 . 2010-02-24 13:11 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-04-25 08:45 . 2009-11-21 15:54 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-04-25 08:40 . 2008-05-27 17:23 765952 -c----w- c:\windows\system32\dllcache\vgx.dll
2010-04-25 08:40 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-04-25 08:40 . 2009-10-15 16:28 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-04-25 08:39 . 2009-06-21 21:45 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-04-25 08:39 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-04-25 08:38 . 2009-07-31 04:32 1172480 -c----w- c:\windows\system32\dllcache\msxml3.dll
2010-04-25 08:38 . 2009-07-10 13:26 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2010-04-25 08:36 . 2009-08-13 15:15 512000 -c----w- c:\windows\system32\dllcache\jscript.dll
2010-04-24 20:30 . 2010-04-25 08:35 -------- d-----w- c:\dokumente und einstellungen\Caro\Anwendungsdaten\Apple Computer
2010-04-24 20:29 . 2009-05-18 11:17 26600 ----a-w- c:\windows\system32\drivers\gearaspiwdm.sys
2010-04-24 20:29 . 2008-04-17 10:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-04-24 20:27 . 2010-04-24 20:27 -------- d-----w- c:\programme\iPod
2010-04-24 20:27 . 2010-04-24 20:29 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-24 20:27 . 2010-04-24 20:29 -------- d-----w- c:\programme\iTunes
2010-04-24 20:25 . 2010-04-24 20:26 -------- d-----w- c:\programme\QuickTime
2010-04-24 20:25 . 2010-04-24 20:27 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple Computer
2010-04-24 20:25 . 2010-04-24 20:25 -------- d-----w- c:\dokumente und einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\Apple
2010-04-24 20:25 . 2010-04-24 20:25 -------- d-----w- c:\programme\Apple Software Update
2010-04-24 20:25 . 2009-10-16 00:33 41472 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2010-04-24 20:25 . 2009-10-16 00:33 3003680 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-24 20:24 . 2010-04-24 20:24 -------- d-----w- c:\programme\Bonjour
2010-04-24 20:23 . 2010-04-24 20:24 -------- d-----w- c:\programme\Gemeinsame Dateien\Apple
2010-04-24 20:23 . 2010-04-24 20:23 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple
2010-04-24 20:23 . 2010-04-24 20:30 -------- d-----w- c:\dokumente und einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\Apple Computer
2010-04-24 19:56 . 2010-04-24 19:56 -------- d-----w- c:\dokumente und einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\Temp
2010-04-24 19:56 . 2010-04-24 19:56 -------- d-----w- c:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\Google
2010-04-24 19:52 . 2010-04-24 19:52 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\ArcSoft
2010-04-24 19:52 . 2010-04-24 19:52 -------- d-----w- c:\dokumente und einstellungen\Caro\Anwendungsdaten\ArcSoft
2010-04-24 19:51 . 2010-04-24 19:51 -------- d-----w- c:\dokumente und einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\Google
2010-04-24 19:51 . 2010-04-24 19:51 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2010-04-24 19:51 . 2010-05-04 18:26 -------- d-----w- c:\dokumente und einstellungen\Caro\Anwendungsdaten\skypePM
2010-04-24 19:51 . 2010-04-24 20:09 -------- d-----w- c:\dokumente und einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\Google
2010-04-24 19:50 . 2010-05-04 19:48 -------- d-----w- c:\dokumente und einstellungen\Caro\Anwendungsdaten\Skype
2010-04-24 19:50 . 2010-04-24 19:51 -------- d-----w- c:\programme\Google
2010-04-24 19:50 . 2010-04-24 19:50 -------- d-----w- c:\programme\Gemeinsame Dateien\Skype
2010-04-24 19:49 . 2010-04-24 19:50 -------- d-----r- c:\programme\Skype
2010-04-24 19:44 . 2010-04-30 13:37 -------- d-----w- c:\dokumente und einstellungen\LocalService\Anwendungsdaten\SACore
2010-04-24 14:37 . 2009-07-20 22:22 -------- d-----r- c:\dokumente und einstellungen\Default User\Eigene Dateien
2010-04-24 14:37 . 2009-06-18 15:17 -------- d-----w- c:\dokumente und einstellungen\Default User\Bluetooth Software
2010-04-24 14:37 . 2010-04-24 14:37 -------- d-----w- c:\programme\Programmverknüpfungen

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-08 15:08 . 2010-04-24 14:38 16448 ----a-w- c:\dokumente und einstellungen\Caro\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2010-05-05 19:32 . 2009-06-19 00:08 84722 ----a-w- c:\windows\system32\perfc007.dat
2010-05-05 19:32 . 2009-06-19 00:08 459396 ----a-w- c:\windows\system32\perfh007.dat
2010-05-05 19:25 . 2009-06-19 00:08 0 ----a-w- c:\windows\system32\drivers\NetBT.sys
2010-05-04 16:36 . 2008-04-14 00:10 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-05-04 16:29 . 2009-06-19 07:19 -------- d-----w- c:\programme\McAfee
2010-05-03 18:33 . 2009-06-18 14:22 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-04-25 09:07 . 2009-06-18 14:48 -------- d-----w- c:\programme\Windows Media Connect 2
2010-04-24 19:53 . 2009-06-18 15:11 -------- d--h--w- c:\programme\InstallShield Installation Information
2010-04-24 19:49 . 2009-06-19 07:31 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Skype
2010-04-24 14:42 . 2009-06-19 07:19 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\McAfee
2010-04-24 14:39 . 2010-04-24 14:39 0 ---ha-r- c:\windows\system32\drivers\104D_Sony_VPCW11S1E.mrk
2010-03-25 23:48 . 2010-03-25 23:48 73000 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-03-11 12:31 . 2009-06-19 00:08 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:31 . 2009-06-19 00:08 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:31 . 2009-06-19 00:08 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09 . 2009-06-19 00:08 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-24 13:11 . 2009-06-19 00:08 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-17 14:52 . 2009-06-19 07:22 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-02-17 14:52 . 2009-06-19 07:22 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2010-02-17 14:52 . 2009-06-19 07:22 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-02-17 14:52 . 2009-06-19 07:22 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-02-17 14:52 . 2009-06-19 07:23 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2010-02-16 19:04 . 2008-04-14 07:30 2027008 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-16 19:04 . 2008-04-14 07:29 2148864 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-12 09:46 . 2010-02-12 09:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 09:46 . 2010-02-12 09:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-12 04:33 . 2009-06-19 00:08 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2009-06-19 00:08 226880 ----a-w- c:\windows\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-05-05_19.46.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-09 11:58 . 2010-05-09 11:58 16384 c:\windows\Temp\Perflib_Perfdata_598.dat
+ 2009-06-18 15:13 . 2009-06-10 20:05 37032 c:\windows\system32\drivers\btwmodem.sys
- 2009-06-18 14:25 . 2010-05-04 16:31 32768 c:\windows\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\index.dat
+ 2009-06-18 14:25 . 2010-05-09 11:06 32768 c:\windows\system32\config\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\index.dat
- 2009-06-18 14:25 . 2010-05-04 16:31 32768 c:\windows\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat
+ 2009-06-18 14:25 . 2010-05-09 11:06 32768 c:\windows\system32\config\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat
+ 2010-05-06 18:49 . 2010-05-09 11:06 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-05-09 11:59 . 2010-05-09 11:59 80395 c:\windows\Installer\{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}\MsblIco.Exe
- 2010-05-05 19:47 . 2010-05-05 19:47 80395 c:\windows\Installer\{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}\MsblIco.Exe
+ 2009-06-18 15:15 . 2010-05-08 14:28 107808 c:\windows\system32\FNTCACHE.DAT
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-24 39408]
"msnmsgr"="c:\programme\Windows Live\Messenger\msnmsgr.exe" [2008-12-02 3882312]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-11 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-11 137752]
"AzMixerSel"="c:\programme\Realtek\Audio\Drivers\AzMixerSel.exe" [2009-05-08 53248]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2009-05-15 1512744]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-12-03 35184]
"ISBMgr.exe"="c:\programme\Sony\ISB Utility\ISBMgr.exe" [2008-05-15 315392]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-07 1176808]
"SunJavaUpdateSched"="c:\programme\Java\jre6\bin\jusched.exe" [2009-06-19 136600]
"SonyPowerCfg"="c:\programme\Sony\VAIO Power Management\SPMgr.exe" [2009-03-26 217088]
"VAIO Update 4"="c:\programme\Sony\VAIO Update 4\VAIOUpdt.exe" [2008-06-11 866144]
"Switcher.exe"="c:\programme\Sony\Wireless Switch Setting Utility\Switcher.exe" [2009-05-26 552960]
"NortonOnlineBackupReminder"="c:\programme\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-01-16 503976]
"mcagent_exe"="c:\programme\McAfee.com\Agent\mcagent.exe" [2010-02-11 1218008]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2010-03-17 421888]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2010-03-25 142120]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-12-25 15360]

c:\dokumente und einstellungen\All Users\Startmen�\Programme\Autostart\
BTTray.lnk - c:\programme\WIDCOMM\Bluetooth Software\BTTray.exe [2009-5-8 607584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2009-03-18 07:02 73728 ----a-w- c:\windows\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Gemeinsame Dateien\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"5246:TCP"= 5246:TCP:Services
"8992:TCP"= 8992:TCP:Services
"6832:TCP"= 6832:TCP:Services
"6833:TCP"= 6833:TCP:Services

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\programme\McAfee\SiteAdvisor\McSACore.exe [19/06/2009 09:27 a.m. 198432]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [17/04/2007 08:09 p.m. 11032]
R2 uCamMonitor;CamMonitor;c:\programme\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [19/06/2009 09:18 a.m. 104960]
R2 VCFw;VAIO Content Folder Watcher;c:\programme\Gemeinsame Dateien\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [14/01/2009 01:38 p.m. 5184872]
R3 5U876UVC;Sony Visual Communication Camera;c:\windows\system32\drivers\5U876.sys [18/06/2009 05:17 p.m. 91776]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [19/06/2009 09:18 a.m. 14336]
R3 AWINDIS5;AWINDIS5 Protocol Driver;c:\windows\system32\AWINDIS5.SYS [18/06/2009 05:21 p.m. 16194]
S2 gupdate;Servicio de actualización de Google (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [24/04/2010 09:51 p.m. 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\ambfilt.sys [18/06/2009 05:11 p.m. 1684736]
S3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [18/06/2009 05:18 p.m. 39424]
S3 SOHCImp;VAIO Media plus Content Importer;c:\programme\Gemeinsame Dateien\Sony Shared\SOHLib\SOHCImp.exe [19/06/2009 09:33 a.m. 120104]
S3 SOHDBSvr;VAIO Media plus Database Manager;c:\programme\Gemeinsame Dateien\Sony Shared\SOHLib\SOHDBSvr.exe [19/06/2009 09:33 a.m. 70952]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\programme\Gemeinsame Dateien\Sony Shared\SOHLib\SOHDms.exe [19/06/2009 09:33 a.m. 390440]
S3 SOHDs;VAIO Media plus Device Searcher;c:\programme\Gemeinsame Dateien\Sony Shared\SOHLib\SOHDs.exe [19/06/2009 09:33 a.m. 75048]
S3 SOHPlMgr;VAIO Media plus Playlist Manager;c:\programme\Gemeinsame Dateien\Sony Shared\SOHLib\SOHPlMgr.exe [19/06/2009 09:33 a.m. 91432]
.
Inhalt des "geplante Tasks" Ordners

2010-04-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2009-10-22 09:50]

2010-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-04-24 19:50]

2010-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-04-24 19:50]

2009-06-19 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-19 10:22]

2009-06-19 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-06-19 10:22]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://home.live.com
uInternet Settings,ProxyOverride = *.local
IE: Google Sidewiki... - c:\programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-09 14:30
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostarteinträge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(580)
c:\windows\system32\VESWinlogon.dll

- - - - - - - > 'explorer.exe'(2888)
c:\programme\McAfee\SiteAdvisor\saHook.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Zeit der Fertigstellung: 2010-05-09 14:32:53
ComboFix-quarantined-files.txt 2010-05-09 12:32
ComboFix2.txt 2010-05-05 19:51

Vor Suchlauf: 9 Verzeichnis(se), 142.227.714.048 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 142.219.644.928 Bytes frei

- - End Of File - - 653625DF7C8DC0CFC9EA4F4BE332A396

Don't know why the internet doesn't connects, where I am there are several computers and all of them connect except mine... Before this virus or during I was able to log into internet...

[hammerman]

Hi,

Go to the Control Panel, Network Connections
Right-click on the network connection and select Repair.

Alternatively, if the network icon appears in the notification area in the lower right corner of Desktop, right-click it, and then click Repair from the shortcut menu.

Please also run a GMER scan and post the log.