Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Win32.Agent.bb

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 07.01.2012, 14:16   #1
IhrBlog
 
Win32.Agent.bb - Standard

Win32.Agent.bb



Hallo Trojaner-Board Community,

Skybot hat folgendes Problem gemeldet:
"
--- Search result list ---
Win32.Agent.bb: [SBI $E6716A09] Programm-Verzeichnis (Verzeichnis, nothing done)
C:\Dokumente und Einstellungen\Jan\Anwendungsdaten\SogouExplorer\
"

Leider konnte weder Skybot den Trojaner entfernen, noch erkennt Avira Antivirus den Eindringling. Über google habe ich Euer Forum gefunden und wende mich nun vertrauensvoll an Euch. Der Trojaner Win32.Agent.bb scheint bekannt zu sein, jedoch sind mir die Anleitungen im Internet nicht ganz geheuer.

Das ist mein erster Post. Verzeiht bitte, wenn ich nicht alles gleich richtig mache. Ich habe versucht die Anweisung für Hilfesuchende so gut wie möglich zu befolgen.

Schritt I: Defogger erledigt
Schritt II: OTL LOG

Code:
ATTFilter
OTL logfile created on: 1/7/2012 2:00:29 AM - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Dokumente und Einstellungen\***\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: Vereinigte Staaten von Amerika | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.77% Memory free
3.85 Gb Paging File | 3.33 Gb Available in Paging File | 86.57% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 69.65 Gb Total Space | 4.96 Gb Free Space | 7.12% Space Free | Partition Type: NTFS
 
Computer Name: LENOVO-B00D28A3 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/01/07 01:59:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
PRC - [2011/10/24 21:32:00 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2011/10/19 16:56:50 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/10/19 16:56:36 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/19 16:56:24 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/10/19 16:56:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/10/09 10:54:58 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\SyncServer.exe
PRC - [2011/09/27 06:22:34 | 000,013,672 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\distnoted.exe
PRC - [2010/04/23 00:16:46 | 000,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe
PRC - [2010/02/22 09:44:14 | 000,045,312 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
PRC - [2008/04/14 03:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/04/17 12:12:26 | 000,040,960 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2005/12/21 17:34:58 | 000,077,824 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
PRC - [2005/12/21 17:27:00 | 000,032,768 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Common\Logger\logmon.exe
PRC - [2005/12/21 17:20:56 | 001,384,448 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
PRC - [2005/12/21 16:17:54 | 000,722,480 | ---- | M] (IBM) -- C:\Programme\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
PRC - [2005/12/02 02:03:00 | 000,229,376 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.exe
PRC - [2005/12/01 00:09:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2005/06/06 20:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/10/19 16:56:38 | 000,398,288 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll
MOD - [2011/05/22 18:21:36 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2010/03/15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2008/09/29 16:37:44 | 000,460,199 | ---- | M] () -- C:\Programme\NewTech Infosystems\Backup Now EZ\sqlite3.dll
MOD - [2006/04/17 12:12:32 | 000,114,688 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcLocMigrator.dll
MOD - [2006/04/17 12:12:26 | 000,040,960 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
MOD - [2006/04/17 12:12:22 | 000,077,824 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll
MOD - [2006/04/17 12:12:18 | 000,532,480 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ACon.dll
MOD - [2006/04/17 11:47:38 | 000,094,208 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ThinQCon.dll
MOD - [2006/04/17 11:47:18 | 000,090,112 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcSvcStub.dll
MOD - [2006/04/17 11:44:32 | 000,007,680 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ACTurinSupport.dll
MOD - [2006/04/17 11:44:28 | 000,143,360 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgr.dll
MOD - [2006/04/17 11:44:22 | 000,151,552 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcLocSettings.dll
MOD - [2006/04/17 11:43:44 | 000,077,824 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
MOD - [2006/04/17 11:43:38 | 000,077,824 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ACHelper.dll
MOD - [2006/02/17 15:15:46 | 000,876,544 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\Libeay32.dll
MOD - [2006/02/17 15:15:46 | 000,208,965 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/02/17 15:15:46 | 000,053,322 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\IntStngs.dll
MOD - [2005/12/21 17:34:58 | 000,077,824 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
MOD - [2005/12/21 17:27:00 | 000,032,768 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Common\Logger\logmon.exe
MOD - [2005/12/21 17:23:06 | 000,139,264 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\CDRecord.dll
MOD - [2005/12/21 17:20:56 | 001,384,448 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
MOD - [2005/12/21 17:19:10 | 000,155,648 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\ui.dll
MOD - [2005/12/21 17:19:02 | 000,069,632 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\zlib.dll
MOD - [2005/12/21 17:15:14 | 000,671,744 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\rr_res.dll
MOD - [2005/11/30 19:16:02 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\tphklock.dll
MOD - [2005/10/19 09:17:58 | 000,073,728 | ---- | M] () -- C:\Programme\ATI Technologies\ATI.ACE\atiacmxx.dll
MOD - [2005/06/06 20:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
MOD - [2001/10/28 16:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2011/10/24 21:32:00 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011/10/19 16:56:36 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/19 16:56:24 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/07/20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011/06/07 20:29:16 | 000,630,272 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- C:\Programme\FileZilla Server\FileZilla Server.exe -- (FileZilla Server)
SRV - [2010/10/03 17:03:11 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/02/22 09:44:14 | 000,045,312 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Programme\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe -- (NTI BackupNowEZSvr)
SRV - [2008/04/14 03:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/14 03:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/14 03:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/04/17 12:12:28 | 000,151,552 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2006/04/17 12:12:26 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2005/12/21 17:34:58 | 000,077,824 | ---- | M] () [Auto | Running] -- C:\Programme\IBM ThinkVantage\Common\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2005/12/21 17:20:56 | 001,384,448 | ---- | M] () [Auto | Running] -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2005/12/21 16:17:54 | 000,722,480 | ---- | M] (IBM) [Auto | Running] -- C:\Programme\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe -- (TSSCoreService)
SRV - [2005/12/01 00:09:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2005/11/01 14:04:02 | 000,258,103 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2005/08/01 16:32:40 | 000,040,960 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\ThinkVantage\SystemUpdate\UCLauncherService.exe -- (UCLauncherService)
SRV - [2005/06/06 20:26:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2004/10/22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011/12/08 23:09:11 | 000,134,856 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/10/19 16:56:50 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/10/19 16:56:50 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010/09/29 19:38:44 | 000,016,256 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/04/28 06:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/05/08 15:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/13 19:39:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2006/12/21 11:56:44 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/12/21 11:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/12/21 11:55:56 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/09/13 18:49:52 | 001,724,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/02/17 15:41:50 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/01/12 23:33:22 | 000,006,016 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2005/12/21 22:39:46 | 000,006,912 | ---- | M] (IBM Corp.) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\ANCSQ.sys -- (ANCSQ)
DRV - [2005/12/21 16:14:58 | 000,012,544 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ibmfilter.sys -- (ibmfilter)
DRV - [2005/12/07 00:12:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2005/12/04 23:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2005/12/01 00:09:00 | 000,005,120 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2005/11/30 00:51:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2005/11/30 00:51:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2005/11/21 01:41:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2005/11/15 12:11:28 | 000,046,142 | R--- | M] (Utimaco Safeware AG) [Kernel | Auto | Running] -- C:\Programme\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys -- (PrivateDisk)
DRV - [2005/11/08 08:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005/11/01 13:53:14 | 001,342,122 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2005/11/01 13:51:06 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://www.lenovo.com/de/de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Winamp Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Game Master 1.1 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2856449&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.startnow.com/?src=startpage&provider=Bing&provider_code=Z057&partner_id=333&product_id=519&affiliate_id=&channel=DPGL15&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110529&user_guid=670230B35AF54A8C94B2CBCABA1CF55A&machine_id=6fc368cecf994cfb74d4ab4711c21dc9&browser=FF&os=win&os_version=5.1-x86-SP3"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.1
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=782682b00000000000000018de73780d&tlver=1.4.31.2&instlRef=sst&affID=19950&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.93\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.93\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\superfish@superfish.com: C:\Dokumente und Einstellungen\All Users\AnwendungsdatenMozilla\Extensions\superfish@superfish.com [2011/05/30 15:32:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011/12/04 12:03:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011/12/03 21:07:56 | 000,000,000 | ---D | M]
 
[2010/09/30 20:34:43 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions
[2011/08/21 17:11:49 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\extensions
[2011/05/29 20:38:40 | 000,002,265 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\searchplugins\bing-zugo.xml
[2010/12/30 17:26:30 | 000,000,933 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\searchplugins\conduit.xml
[2011/01/04 18:20:25 | 000,002,523 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\searchplugins\google-ssl.xml
[2010/10/19 23:10:08 | 000,001,196 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\searchplugins\winamp-search.xml
[2011/12/04 12:03:41 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011/12/04 12:03:27 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll
[2011/08/03 14:24:07 | 000,002,287 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
[2011/09/29 01:26:50 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011/12/04 12:03:27 | 000,002,040 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\twitter.xml
 
O1 HOSTS File: ([2012/01/01 11:13:26 | 000,440,006 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 15128 more lines...
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Vertrauenswürdige Sites)
O16 - DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} https://cas.sc.loc/auth/taweb.cab (Cisco NAC Web Agent Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1285791548781 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6102BDB8-B1E7-41FC-BCA3-774C86A6C452}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\Userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\tpfnf2: DllName - (notifyf2.dll) - C:\WINDOWS\System32\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - (tphklock.dll) - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/29 19:51:53 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{362661aa-fd14-11df-b24d-0018de73780d}\Shell - "" = AutoRun
O33 - MountPoints2\{362661aa-fd14-11df-b24d-0018de73780d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{362661aa-fd14-11df-b24d-0018de73780d}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{bc75be86-07d6-11e0-b257-0018de73780d}\Shell\AutoRun\command - "" = E:\Setup_FlipShare.exe
O33 - MountPoints2\{bc75be86-07d6-11e0-b257-0018de73780d}\Shell\Setup FlipShare\command - "" = E:\Setup_FlipShare.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/01/07 01:59:29 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2012/01/06 22:14:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes
[2012/01/06 22:12:57 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2012/01/06 22:12:42 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2011/12/31 17:44:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes
[2011/12/31 17:44:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011/12/31 17:42:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\WinPatrol
[2011/12/31 17:41:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\HiJackThis
[2011/12/31 17:41:39 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2011/12/31 17:25:35 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2011/12/31 15:27:49 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***\Recent
[33 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\***\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\***\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/01/07 01:59:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\OTL.exe
[2012/01/06 22:44:48 | 001,562,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/06 22:43:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/06 22:43:10 | 2145,832,960 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/06 22:20:41 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\***\defogger_reenable
[2012/01/06 22:14:35 | 000,001,533 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2012/01/06 21:52:27 | 041,658,027 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_5538.MOV
[2012/01/05 14:26:16 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cccbad9a56400a.job
[2012/01/02 16:35:25 | 000,000,020 | ---- | M] () -- C:\WINDOWS\tpcsd
[2012/01/02 16:20:50 | 000,605,906 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012/01/02 16:20:50 | 000,546,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/02 16:20:50 | 000,130,460 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012/01/02 16:20:50 | 000,102,714 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/01 11:20:52 | 001,466,761 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_5472.JPG
[2012/01/01 11:20:26 | 001,423,115 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_5462.JPG
[2012/01/01 11:13:26 | 000,440,006 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120101-111406.backup
[2012/01/01 11:13:26 | 000,440,006 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/31 22:52:00 | 000,000,872 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/31 20:13:05 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[2011/12/31 17:41:40 | 000,001,980 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\HiJackThis.lnk
[2011/12/26 16:51:52 | 000,831,582 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_5476.jpg
[2011/12/26 03:13:46 | 001,080,601 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_0196.jpg
[2011/12/24 19:46:16 | 001,397,424 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_0194.jpg
[2011/12/24 19:46:05 | 001,420,122 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_0192.jpg
[2011/12/24 19:45:42 | 001,454,532 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_0191.jpg
[2011/12/24 19:45:40 | 001,428,690 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_0190.jpg
[2011/12/24 19:45:29 | 018,553,866 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_0189.MOV
[2011/12/22 17:02:10 | 001,136,092 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\Bild 070.jpg
[2011/12/22 16:58:26 | 001,520,087 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_2564.JPG
[2011/12/14 23:12:08 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/11 16:21:04 | 001,406,262 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_5481.JPG
[2011/12/11 16:20:56 | 001,438,864 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_5480.JPG
[2011/12/11 15:44:26 | 001,302,399 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_5475.JPG
[2011/12/08 23:09:11 | 000,134,856 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[33 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Dokumente und Einstellungen\***\Desktop\*.tmp files -> C:\Dokumente und Einstellungen\***\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/01/06 22:20:41 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\defogger_reenable
[2012/01/06 22:14:35 | 000,001,533 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2012/01/06 21:49:41 | 041,658,027 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_5538.MOV
[2012/01/05 14:26:16 | 000,000,874 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cccbad9a56400a.job
[2012/01/04 19:49:49 | 001,596,813 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_4737.JPG
[2012/01/04 19:49:48 | 002,400,987 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_4683.JPG
[2012/01/04 19:49:48 | 002,278,860 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_2591.JPG
[2012/01/04 19:49:48 | 002,206,123 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_2548.JPG
[2012/01/04 19:49:48 | 002,028,563 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_2533.JPG
[2012/01/04 19:49:48 | 001,833,308 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_2561.JPG
[2012/01/04 19:49:48 | 001,667,983 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_4713.JPG
[2012/01/04 19:49:48 | 001,520,087 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_2564.JPG
[2012/01/04 19:49:48 | 001,427,929 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_4510.JPG
[2012/01/04 19:49:48 | 001,317,122 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_2726.JPG
[2012/01/04 19:49:48 | 000,769,650 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_2527.JPG
[2012/01/04 19:49:47 | 005,965,566 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_2466.jpg
[2012/01/04 19:49:47 | 001,466,761 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_5472.JPG
[2012/01/04 19:49:47 | 001,438,864 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_5480.JPG
[2012/01/04 19:49:47 | 001,423,115 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_5462.JPG
[2012/01/04 19:49:47 | 001,406,262 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_5481.JPG
[2012/01/04 19:49:47 | 001,302,399 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_5475.JPG
[2012/01/04 19:49:47 | 001,236,624 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\DSCF1886.JPG
[2012/01/04 19:49:47 | 001,136,092 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Bild 070.jpg
[2012/01/04 19:49:47 | 000,808,348 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Bild 046.jpg
[2012/01/04 19:49:47 | 000,423,878 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\Bild 568.jpg
[2012/01/04 19:49:45 | 002,437,141 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_4743.JPG
[2012/01/04 19:49:45 | 001,825,082 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_5014.JPG
[2012/01/04 19:49:45 | 001,731,226 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_5011.JPG
[2012/01/04 19:49:45 | 001,629,555 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_5010.JPG
[2012/01/04 19:49:45 | 001,620,756 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_4744.jpg
[2012/01/04 19:48:31 | 002,209,581 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_2589.JPG
[2012/01/04 19:48:11 | 000,831,582 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_5476.jpg
[2012/01/04 19:47:20 | 001,964,273 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_5017.jpg
[2012/01/02 16:35:25 | 000,000,020 | ---- | C] () -- C:\WINDOWS\tpcsd
[2011/12/31 17:41:40 | 000,001,980 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\HiJackThis.lnk
[2011/12/26 03:13:46 | 001,080,601 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_0196.jpg
[2011/12/24 19:46:16 | 001,397,424 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_0194.jpg
[2011/12/24 19:46:05 | 001,420,122 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_0192.jpg
[2011/12/24 19:45:42 | 001,454,532 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_0191.jpg
[2011/12/24 19:45:40 | 001,428,690 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_0190.jpg
[2011/12/24 19:45:29 | 018,553,866 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Desktop\IMG_0189.MOV
[2011/07/22 08:53:28 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011/07/12 17:16:39 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2011/06/03 15:38:59 | 000,000,041 | ---- | C] () -- C:\WINDOWS\mapedit2.ini
[2011/05/29 20:44:51 | 000,133,583 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/12/15 00:06:50 | 000,059,392 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/29 15:29:44 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/10/16 11:00:23 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/09 20:15:36 | 000,051,892 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/03 17:24:52 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2010/10/02 19:10:18 | 000,024,222 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2010/10/02 19:10:18 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2010/10/02 19:09:39 | 000,061,950 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2010/10/02 19:09:38 | 000,016,173 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2010/10/02 19:09:37 | 000,017,590 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2010/10/02 19:09:36 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2010/10/01 18:32:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2010/09/30 20:34:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/09/29 19:51:47 | 000,000,136 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010/09/29 19:41:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/09/29 19:40:56 | 000,016,384 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
[2010/09/29 19:40:56 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2010/09/29 19:40:39 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2010/09/29 19:38:44 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\psasrv.exe
[2010/09/29 19:34:07 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\profile.dat
[2010/09/29 19:30:51 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2010/09/29 19:30:32 | 000,001,310 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/09/29 19:19:07 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2010/09/29 19:18:38 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2010/09/29 19:17:07 | 000,147,520 | ---- | C] () -- C:\WINDOWS\_tpiu000.exe
[2010/09/29 19:16:45 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TpKmpSvc.exe
[2010/09/29 19:02:38 | 000,002,458 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2010/09/29 18:56:37 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[2010/09/29 18:56:36 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll
[2010/09/29 18:54:24 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/05/26 21:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008/05/26 21:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008/05/26 21:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2005/11/01 13:59:16 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/10/17 14:22:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
[2005/07/08 00:06:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2005/05/23 07:22:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2005/05/23 07:22:24 | 000,004,547 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2004/08/10 12:48:32 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:33:43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 12:23:42 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 12:18:03 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 12:17:14 | 001,562,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2001/11/14 11:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1979/12/31 23:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[1979/12/31 23:00:00 | 000,605,906 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[1979/12/31 23:00:00 | 000,546,356 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[1979/12/31 23:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[1979/12/31 23:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[1979/12/31 23:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[1979/12/31 23:00:00 | 000,130,460 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[1979/12/31 23:00:00 | 000,102,714 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[1979/12/31 23:00:00 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[1979/12/31 23:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[1979/12/31 23:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[1979/12/31 23:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[1979/12/31 23:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[1979/12/31 23:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[1979/12/31 23:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
 
========== LOP Check ==========
 
[2010/09/29 21:17:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Cisco
[2011/07/28 21:50:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Easybits GO
[2010/09/29 19:29:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lenovo
[2010/10/02 19:17:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NTIReg
[2011/05/30 01:07:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2011/07/22 08:50:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip
[2011/05/30 01:04:38 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2010/10/02 22:53:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/01/29 03:53:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Amazon
[2011/07/22 09:22:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\CheckPoint
[2010/09/29 19:28:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\IBM
[2011/12/03 20:45:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQ
[2010/10/26 22:19:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\InterVideo
[2010/10/05 14:40:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Lenovo
[2010/12/05 21:44:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MSNInstaller
[2010/11/12 21:40:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\OpenOffice.org
[2011/10/13 05:29:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\pdfforge
[2010/11/04 02:27:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Search Settings
[2010/10/09 20:23:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SE_logs
[2011/01/19 04:36:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SGPPLog
[2011/07/26 12:46:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SogouExplorer
[2011/06/01 18:13:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SogouPY
[2010/10/09 20:16:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SogouPY.users
[2010/09/29 19:51:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ThinkVantage
[2011/05/30 06:29:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TuneUp Software
[2011/01/14 19:21:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2011/10/11 21:35:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Windows Desktop Search
[2011/10/11 23:23:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Windows Search
[2011/12/31 17:42:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\WinPatrol
[2011/12/31 20:13:05 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
(C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\???????) -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\搜狗拼音输入法

< End of report >
         
Schritt III: Logfiles im Anhang

Malwarebytes Log:

Code:
ATTFilter
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2011.12.31.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Jan :: LENOVO-B00D28A3 [Administrator]

12/31/2011 5:50:23 PM
mbam-log-2011-12-31 (17-50-23).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 237853
Laufzeit: 20 Minute(n), 49 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKCR\SogouExplorer.AssocFile.HTM (Adware.Sogou) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Clients\StartMenuInternet\SogouExplorer.exe (Adware.Sogou) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 1
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Vielen Dank im Voraus für Eure Unterstützung!

Alt 07.01.2012, 16:55   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win32.Agent.bb - Standard

Win32.Agent.bb



Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 10.01.2012, 20:55   #3
IhrBlog
 
Win32.Agent.bb - Standard

Win32.Agent.bb



Hallo cosinus,

Danke für Deine Antwort. Der Vollscan von Anti-Malware hat keine weiteren Ergebnisse erbracht.

Code:
ATTFilter
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.07.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
***:: LENOVO-B00D28A3 [Administrator]

1/8/2012 12:05:29 PM
mbam-log-2012-01-08 (12-05-29).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 423943
Laufzeit: 6 Stunde(n), 37 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Hier das Ergebnis des ESET Scanners:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7aafad8a82e3f54a95fa0f02b1c7d26a
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-12-31 09:11:43
# local_time=2011-12-31 10:11:43 (+0100, Westeuropäische Normalzeit)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1792 16777191 100 0 2412364 2412364 0 0
# compatibility_mode=8192 67108863 100 0 3803 3803 0 0
# scanned=195573
# found=16
# cleaned=16
# scan_time=16964
C:\Programme\Application Updater\ApplicationUpdater.exe	probably a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe	Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Programme\Gemeinsame Dateien\Spigot\wtxpcom\components\WidgiToolbarFF.dll	a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Programme\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe	Win32/Adware.Toolbar.Dealio application (deleted - quarantined)	00000000000000000000000000000000	C
C:\Programme\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll	a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Programme\StartNow Toolbar\Toolbar32.dll	a variant of Win32/Toolbar.Zugo application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\Programme\StartNow Toolbar\ToolbarUpdaterService.exe	a variant of Win32/Toolbar.Zugo application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\System Volume Information\_restore{017226FB-C5FE-4999-80EB-E41B3BDA380B}\RP21\A0009080.exe	multiple threats (deleted - quarantined)	00000000000000000000000000000000	C
C:\System Volume Information\_restore{017226FB-C5FE-4999-80EB-E41B3BDA380B}\RP21\A0009113.exe	a variant of Win32/Toolbar.Babylon application (deleted - quarantined)	00000000000000000000000000000000	C
C:\System Volume Information\_restore{017226FB-C5FE-4999-80EB-E41B3BDA380B}\RP30\A0010675.exe	probably a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\System Volume Information\_restore{017226FB-C5FE-4999-80EB-E41B3BDA380B}\RP30\A0010676.exe	Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\System Volume Information\_restore{017226FB-C5FE-4999-80EB-E41B3BDA380B}\RP30\A0010677.dll	a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\System Volume Information\_restore{017226FB-C5FE-4999-80EB-E41B3BDA380B}\RP30\A0010678.exe	Win32/Adware.Toolbar.Dealio application (deleted - quarantined)	00000000000000000000000000000000	C
C:\System Volume Information\_restore{017226FB-C5FE-4999-80EB-E41B3BDA380B}\RP30\A0010679.dll	a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\System Volume Information\_restore{017226FB-C5FE-4999-80EB-E41B3BDA380B}\RP30\A0010680.dll	a variant of Win32/Toolbar.Zugo application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
C:\System Volume Information\_restore{017226FB-C5FE-4999-80EB-E41B3BDA380B}\RP30\A0010681.exe	a variant of Win32/Toolbar.Zugo application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7aafad8a82e3f54a95fa0f02b1c7d26a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-01-08 11:16:35
# local_time=2012-01-09 12:16:35 (+0100, Westeuropäische Normalzeit)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 704625 704625 0 0
# compatibility_mode=5891 16776869 42 87 26852 22921594 0 0
# compatibility_mode=8192 67108863 100 0 705589 705589 0 0
# compatibility_mode=9217 16777214 75 66 105516 48324354 0 0
# scanned=199052
# found=0
# cleaned=0
# scan_time=13870
         
Was sind die nächsten Schritte?
__________________

Alt 10.01.2012, 21:43   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win32.Agent.bb - Standard

Win32.Agent.bb



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 10.01.2012, 22:44   #5
IhrBlog
 
Win32.Agent.bb - Standard

Win32.Agent.bb



So bisher habe ich die Raute-Taste # im Menü zum Posten des Logs benutzt.
Ich bin verunsichert, weil Du die Anleitung zum Log posten immer dazu schreibst/ kopierst. Hat das eine Bedeutung? Leider kann ich keinen Unterschied zwischen Deinem und meinem Log feststellen.

Hier der OTL Log:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 1/10/2012 10:23:30 PM - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Dokumente und Einstellungen\***\Desktop\Trojaner
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: Vereinigte Staaten von Amerika | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.33 Gb Available Physical Memory | 66.39% Memory free
3.85 Gb Paging File | 3.23 Gb Available in Paging File | 83.94% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 69.65 Gb Total Space | 8.10 Gb Free Space | 11.63% Space Free | Partition Type: NTFS
 
Computer Name: LENOVO-B00D28A3 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/01/07 15:22:47 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe
PRC - [2012/01/07 01:59:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\Trojaner\OTL.exe
PRC - [2011/10/24 21:32:00 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2011/09/05 14:46:50 | 000,362,200 | ---- | M] (facemoods.com) -- C:\Programme\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe
PRC - [2011/07/29 10:30:30 | 000,994,360 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psia.exe
PRC - [2011/07/29 10:30:28 | 000,399,416 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\sua.exe
PRC - [2011/07/29 10:30:28 | 000,291,896 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psi_tray.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/06/28 13:01:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2010/06/28 12:59:52 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010/06/15 16:49:54 | 000,493,048 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2010/06/15 16:49:50 | 000,738,808 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ForceField.exe
PRC - [2010/02/22 09:44:14 | 000,045,312 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
PRC - [2008/04/14 03:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/04/17 12:12:26 | 000,040,960 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2005/12/21 17:34:58 | 000,077,824 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
PRC - [2005/12/21 17:27:00 | 000,032,768 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Common\Logger\logmon.exe
PRC - [2005/12/21 17:20:56 | 001,384,448 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
PRC - [2005/12/21 16:17:54 | 000,722,480 | ---- | M] (IBM) -- C:\Programme\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
PRC - [2005/12/01 00:09:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2005/06/06 20:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll
MOD - [2010/03/15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2008/09/29 16:37:44 | 000,460,199 | ---- | M] () -- C:\Programme\NewTech Infosystems\Backup Now EZ\sqlite3.dll
MOD - [2006/04/17 12:12:32 | 000,114,688 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcLocMigrator.dll
MOD - [2006/04/17 12:12:26 | 000,040,960 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
MOD - [2006/04/17 12:12:22 | 000,077,824 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll
MOD - [2006/04/17 12:12:18 | 000,532,480 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ACon.dll
MOD - [2006/04/17 11:47:38 | 000,094,208 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ThinQCon.dll
MOD - [2006/04/17 11:47:18 | 000,090,112 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcSvcStub.dll
MOD - [2006/04/17 11:44:32 | 000,007,680 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ACTurinSupport.dll
MOD - [2006/04/17 11:44:28 | 000,143,360 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgr.dll
MOD - [2006/04/17 11:44:22 | 000,151,552 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcLocSettings.dll
MOD - [2006/04/17 11:43:44 | 000,077,824 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
MOD - [2006/04/17 11:43:38 | 000,077,824 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ACHelper.dll
MOD - [2006/02/17 15:15:46 | 000,876,544 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\Libeay32.dll
MOD - [2006/02/17 15:15:46 | 000,208,965 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/02/17 15:15:46 | 000,053,322 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\IntStngs.dll
MOD - [2005/12/21 17:34:58 | 000,077,824 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
MOD - [2005/12/21 17:27:00 | 000,032,768 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Common\Logger\logmon.exe
MOD - [2005/12/21 17:23:06 | 000,139,264 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\CDRecord.dll
MOD - [2005/12/21 17:20:56 | 001,384,448 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
MOD - [2005/12/21 17:19:10 | 000,155,648 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\ui.dll
MOD - [2005/12/21 17:19:02 | 000,069,632 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\zlib.dll
MOD - [2005/12/21 17:15:14 | 000,671,744 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\rr_res.dll
MOD - [2005/11/30 19:16:02 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\tphklock.dll
MOD - [2005/07/05 22:45:08 | 000,028,672 | ---- | M] () -- C:\WINDOWS\system32\notifyf2.dll
MOD - [2005/06/06 20:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
MOD - [2001/10/28 16:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/01/07 15:22:47 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/10/24 21:32:00 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011/07/29 10:30:30 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/07/29 10:30:28 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/07/20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011/06/07 20:29:16 | 000,630,272 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- C:\Programme\FileZilla Server\FileZilla Server.exe -- (FileZilla Server)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/10/03 17:03:11 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/06/28 13:01:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/06/15 16:49:54 | 000,493,048 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2010/02/22 09:44:14 | 000,045,312 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Programme\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe -- (NTI BackupNowEZSvr)
SRV - [2008/04/14 03:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/14 03:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/14 03:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/04/17 12:12:28 | 000,151,552 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2006/04/17 12:12:26 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2005/12/21 17:34:58 | 000,077,824 | ---- | M] () [Auto | Running] -- C:\Programme\IBM ThinkVantage\Common\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2005/12/21 17:20:56 | 001,384,448 | ---- | M] () [Auto | Running] -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2005/12/21 16:17:54 | 000,722,480 | ---- | M] (IBM) [Auto | Running] -- C:\Programme\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe -- (TSSCoreService)
SRV - [2005/12/01 00:09:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2005/11/01 14:04:02 | 000,258,103 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2005/08/01 16:32:40 | 000,040,960 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\ThinkVantage\SystemUpdate\UCLauncherService.exe -- (UCLauncherService)
SRV - [2005/06/06 20:26:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2004/10/22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012/01/10 18:29:14 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{96F99F64-AE02-4C21-BD3F-DC2E07525CE2}\MpKsl7c37a9de.sys -- (MpKsl7c37a9de)
DRV - [2012/01/07 21:36:39 | 000,239,168 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/03/18 17:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2010/09/29 19:38:44 | 000,016,256 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2010/09/01 09:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/06/15 16:49:46 | 000,026,872 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2010/04/28 06:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/05/08 15:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/13 19:39:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2006/12/21 11:56:44 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/12/21 11:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/12/21 11:55:56 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/09/13 18:49:52 | 001,724,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/02/17 15:41:50 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/01/12 23:33:22 | 000,006,016 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2005/12/21 22:39:46 | 000,006,912 | ---- | M] (IBM Corp.) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\ANCSQ.sys -- (ANCSQ)
DRV - [2005/12/21 16:14:58 | 000,012,544 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ibmfilter.sys -- (ibmfilter)
DRV - [2005/12/07 00:12:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2005/12/04 23:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2005/12/01 00:09:00 | 000,005,120 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2005/11/30 00:51:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2005/11/30 00:51:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2005/11/21 01:41:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2005/11/15 12:11:28 | 000,046,142 | R--- | M] (Utimaco Safeware AG) [Kernel | Auto | Running] -- C:\Programme\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys -- (PrivateDisk)
DRV - [2005/11/08 08:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005/11/01 13:53:14 | 001,342,122 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2005/11/01 13:51:06 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [1996/04/03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddrnw
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://www.lenovo.com/de/de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Winamp Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Game Master 1.1 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2856449&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://my.daemon-search.com/|hxxp://www.startnow.com/?src=startpage&provider=Bing&provider_code=Z057&partner_id=333&product_id=519&affiliate_id=&channel=DPGL15&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110529&user_guid=670230B35AF54A8C94B2CBCABA1CF55A&machine_id=6fc368cecf994cfb74d4ab4711c21dc9&browser=FF&os=win&os_version=5.1-x86-SP3"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.1
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=782682b00000000000000018de73780d&tlver=1.4.31.2&instlRef=sst&affID=19950&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.93\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.93\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\superfish@superfish.com: C:\Dokumente und Einstellungen\All Users\AnwendungsdatenMozilla\Extensions\superfish@superfish.com [2011/05/30 15:32:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Programme\CheckPoint\ZAForceField\TrustChecker [2012/01/08 11:54:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/01/07 15:16:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012/01/07 21:39:30 | 000,000,000 | ---D | M]
 
[2010/09/30 20:34:43 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions
[2012/01/08 14:06:18 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\extensions
[2012/01/07 21:37:31 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\extensions\DTToolbar@toolbarnet.com
[2012/01/08 12:01:20 | 000,000,000 | ---D | M] (Facemoods) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\extensions\ffxtlbr@Facemoods.com
[2011/05/29 20:38:40 | 000,002,265 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\searchplugins\bing-zugo.xml
[2010/12/30 17:26:30 | 000,000,933 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\searchplugins\conduit.xml
[2012/01/07 21:37:11 | 000,002,055 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\searchplugins\daemon-search.xml
[2011/01/04 18:20:25 | 000,002,523 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\searchplugins\google-ssl.xml
[2010/10/19 23:10:08 | 000,001,196 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\searchplugins\winamp-search.xml
[2012/01/08 14:36:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012/01/08 14:36:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/12/17 06:09:01 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011/12/09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll
[2011/12/17 02:38:42 | 000,001,538 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/08/03 14:24:07 | 000,002,287 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
[2011/12/17 02:25:53 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011/12/17 02:38:42 | 000,000,947 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/12/17 02:38:42 | 000,001,180 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/01/08 12:01:23 | 000,002,048 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\fcmdSrch.xml
[2011/12/17 02:38:42 | 000,001,135 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-en-GB.xml
 
========== Chrome  ==========
 
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Programme\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Programme\Microsoft\Office Live\npOLW.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Programme\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.93\npGoogleUpdate3.dll
CHR - plugin: npFFApi (Enabled) = C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Java(TM) Platform SE 7 U2 (Enabled) = C:\Programme\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Programme\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Picasa (Enabled) = C:\Programme\Picasa2\npPicasa3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Programme\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Facemoods = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.4.1_0\
CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2012/01/01 11:13:26 | 000,440,006 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 15128 more lines...
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (no name) - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - No CLSID value found.
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [facemoods] C:\Programme\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [ISW] C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [MSC] c:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\OneNote Table Of Contents.onetoc2 ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Secunia PSI Tray.lnk = C:\Programme\Secunia\PSI\psi_tray.exe (Secunia)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Vertrauenswürdige Sites)
O16 - DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} https://cas.sc.loc/auth/taweb.cab (Cisco NAC Web Agent Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1285791548781 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.7.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{321EE642-2C2E-4B36-AA44-BF882FCDB941}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\Userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\tpfnf2: DllName - (notifyf2.dll) - C:\WINDOWS\System32\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - (tphklock.dll) - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/29 19:51:53 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{362661aa-fd14-11df-b24d-0018de73780d}\Shell - "" = AutoRun
O33 - MountPoints2\{362661aa-fd14-11df-b24d-0018de73780d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{362661aa-fd14-11df-b24d-0018de73780d}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{bc75be86-07d6-11e0-b257-0018de73780d}\Shell\AutoRun\command - "" = E:\Setup_FlipShare.exe
O33 - MountPoints2\{bc75be86-07d6-11e0-b257-0018de73780d}\Shell\Setup FlipShare\command - "" = E:\Setup_FlipShare.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/01/10 06:02:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/01/09 23:07:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\PCHealth
[2012/01/08 20:19:09 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Verwaltung
[2012/01/08 15:03:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PHP 5
[2012/01/08 15:03:27 | 000,000,000 | ---D | C] -- C:\Programme\PHP
[2012/01/08 14:58:14 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\OpenOffice.org 3.3
[2012/01/08 14:48:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\OneNote Notebooks
[2012/01/08 14:14:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Google Chrome
[2012/01/08 12:16:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\facemoods.com
[2012/01/08 12:01:16 | 000,000,000 | ---D | C] -- C:\Programme\facemoods.com
[2012/01/08 11:59:15 | 000,000,000 | ---D | C] -- C:\Programme\JDownloader
[2012/01/07 22:35:38 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***\Recent
[2012/01/07 21:39:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\IsoBuster
[2012/01/07 21:39:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Winamp
[2012/01/07 21:39:31 | 000,000,000 | ---D | C] -- C:\Programme\Smart Projects
[2012/01/07 21:39:30 | 000,000,000 | ---D | C] -- C:\Programme\Winamp Detect
[2012/01/07 21:38:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Winamp
[2012/01/07 21:37:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\DAEMON Tools Lite
[2012/01/07 21:37:11 | 000,000,000 | ---D | C] -- C:\Programme\DAEMON Tools Toolbar
[2012/01/07 21:36:38 | 000,239,168 | ---- | C] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[2012/01/07 21:36:14 | 000,000,000 | ---D | C] -- C:\Programme\DAEMON Tools Lite
[2012/01/07 21:36:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DAEMON Tools Lite
[2012/01/07 21:36:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2012/01/07 21:35:18 | 000,000,000 | ---D | C] -- C:\Programme\SopCast
[2012/01/07 21:35:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\SopCast
[2012/01/07 21:34:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\VideoLAN
[2012/01/07 21:31:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\FFOutput
[2012/01/07 21:30:39 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2012/01/07 21:29:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\FormatFactory
[2012/01/07 21:28:26 | 000,000,000 | ---D | C] -- C:\Programme\FreeTime
[2012/01/07 21:26:10 | 000,000,000 | ---D | C] -- C:\Programme\FileZilla FTP Client
[2012/01/07 16:05:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ZoneAlarm
[2012/01/07 16:04:02 | 000,000,000 | ---D | C] -- C:\Programme\Zone Labs
[2012/01/07 16:03:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2012/01/07 16:02:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\IrfanView
[2012/01/07 16:02:43 | 000,000,000 | ---D | C] -- C:\Programme\IrfanView
[2012/01/07 15:54:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Sun
[2012/01/07 15:52:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\PCHealth
[2012/01/07 15:24:09 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java
[2012/01/07 15:19:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Notepad++
[2012/01/07 15:19:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Notepad++
[2012/01/07 15:19:07 | 000,000,000 | ---D | C] -- C:\Programme\Notepad++
[2012/01/07 15:03:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Picasa 3
[2012/01/07 15:03:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Macromedia
[2012/01/07 15:02:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe
[2012/01/07 14:54:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\Tro***er
[2012/01/07 14:40:02 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Security Client
[2012/01/07 14:32:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\SpeedFan
[2012/01/07 14:32:28 | 000,000,000 | ---D | C] -- C:\Programme\SpeedFan
[2012/01/07 14:32:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Secunia PSI
[2012/01/07 14:30:33 | 000,000,000 | ---D | C] -- C:\Programme\Secunia
[2012/01/07 14:05:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012/01/07 14:05:15 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/07 14:05:14 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012/01/07 11:55:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\7-Zip
[2012/01/07 11:55:28 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
[2012/01/06 22:14:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes
[2012/01/06 22:12:57 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2012/01/06 22:12:42 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2011/12/31 17:44:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes
[2011/12/31 17:44:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011/12/31 17:42:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\WinPatrol
[2011/12/31 17:41:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\HiJackThis
[2011/12/31 17:41:39 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2011/12/31 17:25:35 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[33 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/01/10 18:26:43 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/01/09 22:57:50 | 001,562,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/09 22:57:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/09 22:56:57 | 2145,832,960 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/08 15:26:09 | 000,608,888 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012/01/08 15:26:09 | 000,548,920 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/08 15:26:09 | 000,132,094 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012/01/08 15:26:09 | 000,104,038 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/08 15:25:00 | 000,000,674 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2012/01/08 14:50:20 | 000,003,656 | -HS- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\OneNote Table Of Contents.onetoc2
[2012/01/08 14:49:48 | 000,004,960 | -HS- | M] () -- C:\Dokumente und Einstellungen\All Users\OneNote Table Of Contents.onetoc2
[2012/01/08 14:48:14 | 000,000,938 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\OneNote 2007 Screen Clipper and Launcher.lnk
[2012/01/08 14:11:56 | 000,001,150 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1285189494-1214931641-1441595476-1005Core.job
[2012/01/08 12:25:35 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/07 21:36:39 | 000,239,168 | ---- | M] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[2012/01/07 16:06:08 | 000,427,421 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2012/01/07 16:05:06 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2012/01/07 15:20:01 | 000,002,198 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/01/07 15:16:31 | 000,000,707 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2012/01/07 14:32:28 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2012/01/07 14:30:50 | 000,000,736 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Secunia PSI Tray.lnk
[2012/01/06 22:20:41 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\***\defogger_reenable
[2012/01/05 14:26:16 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cccbad9a56400a.job
[2012/01/02 16:35:25 | 000,000,020 | ---- | M] () -- C:\WINDOWS\tpcsd
[2012/01/01 11:13:26 | 000,440,006 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120101-111406.backup
[2012/01/01 11:13:26 | 000,440,006 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/31 22:52:00 | 000,000,872 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/31 20:13:05 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[33 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/01/08 14:50:14 | 000,003,656 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\OneNote Table Of Contents.onetoc2
[2012/01/08 14:49:53 | 000,003,656 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\OneNote Table Of Contents.onetoc2
[2012/01/08 14:49:02 | 000,004,960 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\OneNote Table Of Contents.onetoc2
[2012/01/08 14:48:14 | 000,000,938 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\OneNote 2007 Screen Clipper and Launcher.lnk
[2012/01/08 14:11:56 | 000,001,150 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1285189494-1214931641-1441595476-1005Core.job
[2012/01/08 12:00:37 | 000,001,598 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\JDownloader.lnk
[2012/01/07 16:05:06 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2012/01/07 16:04:04 | 000,427,421 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2012/01/07 14:48:06 | 000,000,416 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/01/07 14:43:12 | 000,002,198 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/01/07 14:41:05 | 000,001,663 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Security Essentials.lnk
[2012/01/07 14:32:27 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo
[2012/01/07 14:30:50 | 000,000,736 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Secunia PSI Tray.lnk
[2012/01/07 14:30:50 | 000,000,699 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Secunia PSI.lnk
[2012/01/06 22:20:41 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\defogger_reenable
[2012/01/05 14:26:16 | 000,000,874 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cccbad9a56400a.job
[2012/01/02 16:35:25 | 000,000,020 | ---- | C] () -- C:\WINDOWS\tpcsd
[2011/07/22 08:53:28 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011/07/12 17:16:39 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2011/06/03 15:38:59 | 000,000,041 | ---- | C] () -- C:\WINDOWS\mapedit2.ini
[2011/05/29 20:44:51 | 000,133,583 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/12/15 00:06:50 | 000,059,392 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/29 15:29:44 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/10/16 11:00:23 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/09 20:15:36 | 000,051,892 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/03 17:24:52 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2010/10/02 19:10:18 | 000,024,222 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2010/10/02 19:10:18 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2010/10/02 19:09:39 | 000,061,950 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2010/10/02 19:09:38 | 000,016,173 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2010/10/02 19:09:37 | 000,017,590 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2010/10/01 18:32:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2010/09/30 20:34:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/09/29 19:51:47 | 000,000,136 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010/09/29 19:41:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/09/29 19:40:56 | 000,016,384 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
[2010/09/29 19:40:56 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2010/09/29 19:40:39 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2010/09/29 19:38:44 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\psasrv.exe
[2010/09/29 19:34:07 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\profile.dat
[2010/09/29 19:30:51 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2010/09/29 19:30:32 | 000,001,310 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/09/29 19:19:07 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2010/09/29 19:18:38 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2010/09/29 19:17:07 | 000,147,520 | ---- | C] () -- C:\WINDOWS\_tpiu000.exe
[2010/09/29 19:16:45 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TpKmpSvc.exe
[2010/09/29 19:02:38 | 000,002,458 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2010/09/29 18:56:37 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[2010/09/29 18:56:36 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll
[2010/09/29 18:54:24 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/05/26 21:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008/05/26 21:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008/05/26 21:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2005/11/01 13:59:16 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/10/17 14:22:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
[2005/07/08 00:06:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2005/05/23 07:22:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2005/05/23 07:22:24 | 000,004,547 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2004/08/10 12:48:32 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:33:43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 12:23:42 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 12:18:03 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 12:17:14 | 001,562,928 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2001/11/14 11:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[1979/12/31 23:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[1979/12/31 23:00:00 | 000,608,888 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[1979/12/31 23:00:00 | 000,548,920 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[1979/12/31 23:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[1979/12/31 23:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[1979/12/31 23:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[1979/12/31 23:00:00 | 000,132,094 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[1979/12/31 23:00:00 | 000,104,038 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[1979/12/31 23:00:00 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[1979/12/31 23:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[1979/12/31 23:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[1979/12/31 23:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[1979/12/31 23:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[1979/12/31 23:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[1979/12/31 23:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
 
========== LOP Check ==========
 
[2010/09/29 21:17:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Cisco
[2012/01/07 21:36:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2011/07/28 21:50:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Easybits GO
[2010/09/29 19:29:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lenovo
[2010/10/02 19:17:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NTIReg
[2011/05/30 01:07:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2011/07/22 08:50:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip
[2011/05/30 01:04:38 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2010/10/02 22:53:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/01/29 03:53:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Amazon
[2011/07/22 09:22:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\CheckPoint
[2012/01/07 21:36:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DAEMON Tools Lite
[2012/01/08 12:16:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\facemoods.com
[2010/09/29 19:28:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\IBM
[2011/12/03 20:45:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQ
[2010/10/26 22:19:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\InterVideo
[2010/10/05 14:40:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Lenovo
[2010/12/05 21:44:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MSNInstaller
[2010/11/12 21:40:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\OpenOffice.org
[2011/10/13 05:29:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\pdfforge
[2010/11/04 02:27:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Search Settings
[2010/10/09 20:23:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SE_logs
[2011/01/19 04:36:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SGPPLog
[2011/07/26 12:46:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SogouExplorer
[2011/06/01 18:13:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SogouPY
[2010/10/09 20:16:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SogouPY.users
[2010/09/29 19:51:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ThinkVantage
[2011/05/30 06:29:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TuneUp Software
[2011/01/14 19:21:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2011/10/11 21:35:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Windows Desktop Search
[2011/10/11 23:23:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Windows Search
[2011/12/31 17:42:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\WinPatrol
[2012/01/10 18:26:43 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/12/31 20:13:05 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< ESETSmartInstaller@High as downloader log: >
 
< all ok >
 
< # version=7 >
 
< # OnlineScannerApp.exe=1.0.0.1 >
 
< # OnlineScanner.ocx=1.0.0.6583 >
 
< # api_version=3.0.2 >
 
< # EOSSerial=7aafad8a82e3f54a95fa0f02b1c7d26a >
 
< # end=finished >
 
< # remove_checked=true >
 
< # archives_checked=true >
 
< # unwanted_checked=true >
 
< # unsafe_checked=true >
 
< # antistealth_checked=true >
 
< # utc_time=2011-12-31 09:11:43 >
 
< # local_time=2011-12-31 10:11:43 (+0100, Westeuropäische Normalzeit) >
 
< # country="United States" >
 
< # lang=1033 >
 
< # osver=5.1.2600 NT Service Pack 3 >
 
< # compatibility_mode=1792 16777191 100 0 2412364 2412364 0 0 >
 
< # compatibility_mode=8192 67108863 100 0 3803 3803 0 0 >
 
< # scanned=195573 >
 
< # found=16 >
 
< # cleaned=16 >
 
< # scan_time=16964 >
 
< C:\Programme\Application Updater\ApplicationUpdater.exe	probably a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C >
Invalid Switch: Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C

 
< C:\Programme\Gemeinsame Dateien\Spigot\Search Settings\SearchSettings.exe	Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C >
Invalid Switch: Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C

 
< C:\Programme\Gemeinsame Dateien\Spigot\wtxpcom\components\WidgiToolbarFF.dll	a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C >
Invalid Switch: Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C

 
< C:\Programme\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe	Win32/Adware.Toolbar.Dealio application (deleted - quarantined)	00000000000000000000000000000000	C >
Invalid Switch: Adware.Toolbar.Dealio application (deleted - quarantined)	00000000000000000000000000000000	C

 
< C:\Programme\pdfforge Toolbar\IE\4.1\pdfforgeToolbarIE.dll	a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C >
Invalid Switch: Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C

 
< C:\Programme\StartNow Toolbar\Toolbar32.dll	a variant of Win32/Toolbar.Zugo application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C >
Invalid Switch: Toolbar.Zugo application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C

 
< C:\Programme\StartNow Toolbar\ToolbarUpdaterService.exe	a variant of Win32/Toolbar.Zugo application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C >
Invalid Switch: Toolbar.Zugo application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C

 
< C:\System Volume Information\_restore{017226FB-C5FE-4999-80EB-E41B3BDA380B}\RP21\A0009080.exe	multiple threats (deleted - quarantined)	00000000000000000000000000000000	C >
 
< C:\System Volume Information\_restore{017226FB-C5FE-4999-80EB-E41B3BDA380B}\RP21\A0009113.exe	a variant of Win32/Toolbar.Babylon application (deleted - quarantined)	00000000000000000000000000000000	C >
Invalid Switch: Toolbar.Babylon application (deleted - quarantined)	00000000000000000000000000000000	C

 
< C:\System Volume Information\_restore{017226FB-C5FE-4999-80EB-E41B3BDA380B}\RP30\A0010675.exe	probably a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C >
Invalid Switch: Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C

 
< C:\System Volume Information\_restore{017226FB-C5FE-4999-80EB-E41B3BDA380B}\RP30\A0010676.exe	Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C >
Invalid Switch: Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C

 
< C:\System Volume Information\_restore{017226FB-C5FE-4999-80EB-E41B3BDA380B}\RP30\A0010677.dll	a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C >
Invalid Switch: Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C

 
< C:\System Volume Information\_restore{017226FB-C5FE-4999-80EB-E41B3BDA380B}\RP30\A0010678.exe	Win32/Adware.Toolbar.Dealio application (deleted - quarantined)	00000000000000000000000000000000	C >
Invalid Switch: Adware.Toolbar.Dealio application (deleted - quarantined)	00000000000000000000000000000000	C

 
< C:\System Volume Information\_restore{017226FB-C5FE-4999-80EB-E41B3BDA380B}\RP30\A0010679.dll	a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C >
Invalid Switch: Adware.Toolbar.Dealio application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C

 
< C:\System Volume Information\_restore{017226FB-C5FE-4999-80EB-E41B3BDA380B}\RP30\A0010680.dll	a variant of Win32/Toolbar.Zugo application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C >
Invalid Switch: Toolbar.Zugo application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C

 
< C:\System Volume Information\_restore{017226FB-C5FE-4999-80EB-E41B3BDA380B}\RP30\A0010681.exe	a variant of Win32/Toolbar.Zugo application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C >
Invalid Switch: Toolbar.Zugo application (cleaned by deleting - quarantined)	00000000000000000000000000000000	C

 
< # version=7 >
 
< # OnlineScannerApp.exe=1.0.0.1 >
 
< # OnlineScanner.ocx=1.0.0.6583 >
 
< # api_version=3.0.2 >
 
< # EOSSerial=7aafad8a82e3f54a95fa0f02b1c7d26a >
 
< # end=finished >
 
< # remove_checked=false >
 
< # archives_checked=true >
 
< # unwanted_checked=true >
 
< # unsafe_checked=true >
 
< # antistealth_checked=true >
 
< # utc_time=2012-01-08 11:16:35 >
 
< # local_time=2012-01-09 12:16:35 (+0100, Westeuropäische Normalzeit) >
 
< # country="United States" >
 
< # lang=1033 >
 
< # osver=5.1.2600 NT Service Pack 3 >
 
< # compatibility_mode=512 16777215 100 0 704625 704625 0 0 >
 
< # compatibility_mode=5891 16776869 42 87 26852 22921594 0 0 >
 
< # compatibility_mode=8192 67108863 100 0 705589 705589 0 0 >
 
< # compatibility_mode=9217 16777214 75 66 105516 48324354 0 0 >
 
< # scanned=199052 >
 
< # found=0 >
 
< # cleaned=0 >
 
< # scan_time=13870 >
 
========== Files - Unicode (All) ==========
(C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\???????) -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\搜狗拼音输入法

< End of report >
         
--- --- ---


Alt 11.01.2012, 10:17   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win32.Agent.bb - Standard

Win32.Agent.bb



Nein das ist so richtig wie du das gemacht hast. Ich poste hier mit Hilfe von vorgefertigten Updatebausteinen und lieber poste ich das mit den CODE-Tags einmal zu viel als zu wenig.

Zitat:
========== Custom Scans ==========


< ESETSmartInstaller@High as downloader log: >

< all ok >

< # version=7 >

< # OnlineScannerApp.exe=1.0.0.1 >
Das OTL-Log hast du falsch erstellt. Pass beim Kopieren und einfügen bitte besser auf was da genau kopiert wird!
__________________
--> Win32.Agent.bb

Alt 11.01.2012, 22:27   #7
IhrBlog
 
Win32.Agent.bb - Standard

Win32.Agent.bb



Das habe ich mir gedacht. Dieses Mal mit dem richtigen Custom Scan.

Code:
ATTFilter
OTL logfile created on: 1/11/2012 9:54:56 PM - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Dokumente und Einstellungen\***\Desktop\Trojaner
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: Vereinigte Staaten von Amerika | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.29 Gb Available Physical Memory | 64.54% Memory free
3.85 Gb Paging File | 3.19 Gb Available in Paging File | 82.93% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 69.65 Gb Total Space | 8.00 Gb Free Space | 11.49% Space Free | Partition Type: NTFS
 
Computer Name: LENOVO-B00D28A3 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/01/07 15:22:47 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe
PRC - [2012/01/07 01:59:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\Tro***er\OTL.exe
PRC - [2012/01/03 08:37:53 | 000,843,712 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
PRC - [2011/10/24 21:32:00 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2011/09/05 14:46:50 | 000,362,200 | ---- | M] (facemoods.com) -- C:\Programme\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe
PRC - [2011/07/29 10:30:30 | 000,994,360 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psia.exe
PRC - [2011/07/29 10:30:28 | 000,399,416 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\sua.exe
PRC - [2011/07/29 10:30:28 | 000,291,896 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psi_tray.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/06/28 13:01:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2010/06/28 12:59:52 | 001,043,968 | ---- | M] (Check Point Software Technologies LTD) -- C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2010/06/15 16:49:54 | 000,493,048 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2010/06/15 16:49:50 | 000,738,808 | ---- | M] (Check Point Software Technologies) -- C:\Programme\CheckPoint\ZAForceField\ForceField.exe
PRC - [2010/02/22 09:44:14 | 000,045,312 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
PRC - [2008/04/14 03:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/04/17 12:12:26 | 000,040,960 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2005/12/21 17:34:58 | 000,077,824 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
PRC - [2005/12/21 17:27:00 | 000,032,768 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Common\Logger\logmon.exe
PRC - [2005/12/21 17:20:56 | 001,384,448 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
PRC - [2005/12/21 16:17:54 | 000,722,480 | ---- | M] (IBM) -- C:\Programme\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
PRC - [2005/12/01 00:09:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2005/06/06 20:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/07/18 22:04:08 | 000,296,448 | ---- | M] () -- C:\Programme\Notepad++\NppShell_04.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll
MOD - [2010/03/15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2008/09/29 16:37:44 | 000,460,199 | ---- | M] () -- C:\Programme\NewTech Infosystems\Backup Now EZ\sqlite3.dll
MOD - [2006/04/17 12:12:32 | 000,114,688 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcLocMigrator.dll
MOD - [2006/04/17 12:12:26 | 000,040,960 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
MOD - [2006/04/17 12:12:22 | 000,077,824 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll
MOD - [2006/04/17 12:12:18 | 000,532,480 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ACon.dll
MOD - [2006/04/17 11:47:38 | 000,094,208 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ThinQCon.dll
MOD - [2006/04/17 11:47:18 | 000,090,112 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcSvcStub.dll
MOD - [2006/04/17 11:44:32 | 000,007,680 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ACTurinSupport.dll
MOD - [2006/04/17 11:44:28 | 000,143,360 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgr.dll
MOD - [2006/04/17 11:44:22 | 000,151,552 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcLocSettings.dll
MOD - [2006/04/17 11:43:44 | 000,077,824 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
MOD - [2006/04/17 11:43:38 | 000,077,824 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ACHelper.dll
MOD - [2006/02/17 15:15:46 | 000,876,544 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\Libeay32.dll
MOD - [2006/02/17 15:15:46 | 000,208,965 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/02/17 15:15:46 | 000,053,322 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\IntStngs.dll
MOD - [2005/12/21 17:34:58 | 000,077,824 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
MOD - [2005/12/21 17:27:00 | 000,032,768 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Common\Logger\logmon.exe
MOD - [2005/12/21 17:23:06 | 000,139,264 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\CDRecord.dll
MOD - [2005/12/21 17:20:56 | 001,384,448 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
MOD - [2005/12/21 17:19:10 | 000,155,648 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\ui.dll
MOD - [2005/12/21 17:19:02 | 000,069,632 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\zlib.dll
MOD - [2005/12/21 17:15:14 | 000,671,744 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\rr_res.dll
MOD - [2005/11/30 19:16:02 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\tphklock.dll
MOD - [2005/07/05 22:45:08 | 000,028,672 | ---- | M] () -- C:\WINDOWS\system32\notifyf2.dll
MOD - [2005/06/06 20:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
MOD - [2001/10/28 16:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/01/07 15:22:47 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/10/24 21:32:00 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011/07/29 10:30:30 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/07/29 10:30:28 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/07/20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011/06/07 20:29:16 | 000,630,272 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- C:\Programme\FileZilla Server\FileZilla Server.exe -- (FileZilla Server)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/10/03 17:03:11 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/06/28 13:01:30 | 002,435,592 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2010/06/15 16:49:54 | 000,493,048 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\IswSvc.exe -- (IswSvc)
SRV - [2010/02/22 09:44:14 | 000,045,312 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Programme\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe -- (NTI BackupNowEZSvr)
SRV - [2008/04/14 03:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/14 03:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/14 03:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/04/17 12:12:28 | 000,151,552 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2006/04/17 12:12:26 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2005/12/21 17:34:58 | 000,077,824 | ---- | M] () [Auto | Running] -- C:\Programme\IBM ThinkVantage\Common\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2005/12/21 17:20:56 | 001,384,448 | ---- | M] () [Auto | Running] -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2005/12/21 16:17:54 | 000,722,480 | ---- | M] (IBM) [Auto | Running] -- C:\Programme\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe -- (TSSCoreService)
SRV - [2005/12/01 00:09:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2005/11/01 14:04:02 | 000,258,103 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2005/08/01 16:32:40 | 000,040,960 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\ThinkVantage\SystemUpdate\UCLauncherService.exe -- (UCLauncherService)
SRV - [2005/06/06 20:26:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2004/10/22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012/01/10 18:29:14 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{96F99F64-AE02-4C21-BD3F-DC2E07525CE2}\MpKsl7c37a9de.sys -- (MpKsl7c37a9de)
DRV - [2012/01/07 21:36:39 | 000,239,168 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/03/18 17:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2010/09/29 19:38:44 | 000,016,256 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2010/09/01 09:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/06/15 16:49:46 | 000,026,872 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2010/05/13 10:02:32 | 000,532,224 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2010/04/28 06:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/05/08 15:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/13 19:39:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2006/12/21 11:56:44 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/12/21 11:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/12/21 11:55:56 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/09/13 18:49:52 | 001,724,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/02/17 15:41:50 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/01/12 23:33:22 | 000,006,016 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2005/12/21 22:39:46 | 000,006,912 | ---- | M] (IBM Corp.) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\ANCSQ.sys -- (ANCSQ)
DRV - [2005/12/21 16:14:58 | 000,012,544 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ibmfilter.sys -- (ibmfilter)
DRV - [2005/12/07 00:12:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2005/12/04 23:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2005/12/01 00:09:00 | 000,005,120 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2005/11/30 00:51:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2005/11/30 00:51:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2005/11/21 01:41:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2005/11/15 12:11:28 | 000,046,142 | R--- | M] (Utimaco Safeware AG) [Kernel | Auto | Running] -- C:\Programme\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys -- (PrivateDisk)
DRV - [2005/11/08 08:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005/11/01 13:53:14 | 001,342,122 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2005/11/01 13:51:06 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [1996/04/03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddrnw
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://www.lenovo.com/de/de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Winamp Search"
FF - prefs.js..browser.search.defaultthis.engineName: "Game Master 1.1 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2856449&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://my.daemon-search.com/|hxxp://www.startnow.com/?src=startpage&provider=Bing&provider_code=Z057&partner_id=333&product_id=519&affiliate_id=&channel=DPGL15&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110529&user_guid=670230B35AF54A8C94B2CBCABA1CF55A&machine_id=6fc368cecf994cfb74d4ab4711c21dc9&browser=FF&os=win&os_version=5.1-x86-SP3"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.1
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=782682b00000000000000018de73780d&tlver=1.4.31.2&instlRef=sst&affID=19950&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.93\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.93\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\superfish@superfish.com: C:\Dokumente und Einstellungen\All Users\AnwendungsdatenMozilla\Extensions\superfish@superfish.com [2011/05/30 15:32:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Programme\CheckPoint\ZAForceField\TrustChecker [2012/01/08 11:54:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/01/07 15:16:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012/01/10 22:41:36 | 000,000,000 | ---D | M]
 
[2010/09/30 20:34:43 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions
[2012/01/08 14:06:18 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\extensions
[2012/01/07 21:37:31 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\extensions\DTToolbar@toolbarnet.com
[2012/01/08 12:01:20 | 000,000,000 | ---D | M] (Facemoods) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\extensions\ffxtlbr@Facemoods.com
[2011/05/29 20:38:40 | 000,002,265 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\searchplugins\bing-zugo.xml
[2010/12/30 17:26:30 | 000,000,933 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\searchplugins\conduit.xml
[2012/01/07 21:37:11 | 000,002,055 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\searchplugins\daemon-search.xml
[2011/01/04 18:20:25 | 000,002,523 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\searchplugins\google-ssl.xml
[2010/10/19 23:10:08 | 000,001,196 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\searchplugins\winamp-search.xml
[2012/01/08 14:36:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012/01/08 14:36:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/12/17 06:09:01 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011/12/09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll
[2011/12/17 02:38:42 | 000,001,538 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/08/03 14:24:07 | 000,002,287 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
[2011/12/17 02:25:53 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011/12/17 02:38:42 | 000,000,947 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/12/17 02:38:42 | 000,001,180 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/01/08 12:01:23 | 000,002,048 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\fcmdSrch.xml
[2011/12/17 02:38:42 | 000,001,135 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-en-GB.xml
 
========== Chrome  ==========
 
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Programme\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Programme\Microsoft\Office Live\npOLW.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Programme\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.93\npGoogleUpdate3.dll
CHR - plugin: npFFApi (Enabled) = C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Java(TM) Platform SE 7 U2 (Enabled) = C:\Programme\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Programme\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Picasa (Enabled) = C:\Programme\Picasa2\npPicasa3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Programme\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Facemoods = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.4.1_0\
CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2012/01/01 11:13:26 | 000,440,006 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 15128 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Programme\facemoods.com\facemoods\1.4.17.11\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (no name) - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - No CLSID value found.
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Programme\facemoods.com\facemoods\1.4.17.11\facemoodsTlbr.dll (facemoods.com)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [facemoods] C:\Programme\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe (facemoods.com)
O4 - HKLM..\Run: [ISW] C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [MSC] c:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\OneNote Table Of Contents.onetoc2 ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Secunia PSI Tray.lnk = C:\Programme\Secunia\PSI\psi_tray.exe (Secunia)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Vertrauenswürdige Sites)
O16 - DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} https://cas.sc.loc/auth/taweb.cab (Cisco NAC Web Agent Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1285791548781 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.7.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{321EE642-2C2E-4B36-AA44-BF882FCDB941}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\Userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\tpfnf2: DllName - (notifyf2.dll) - C:\WINDOWS\System32\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - (tphklock.dll) - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/29 19:51:53 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{362661aa-fd14-11df-b24d-0018de73780d}\Shell - "" = AutoRun
O33 - MountPoints2\{362661aa-fd14-11df-b24d-0018de73780d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{362661aa-fd14-11df-b24d-0018de73780d}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{bc75be86-07d6-11e0-b257-0018de73780d}\Shell\AutoRun\command - "" = E:\Setup_FlipShare.exe
O33 - MountPoints2\{bc75be86-07d6-11e0-b257-0018de73780d}\Shell\Setup FlipShare\command - "" = E:\Setup_FlipShare.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Programme\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: SynTPEnh - hkey= - key= -  File not found
MsConfig - StartUpReg: SynTPLpr - hkey= - key= - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MsMpSvc - c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: MsMpSvc - c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: vsmon - C:\WINDOWS\System32\ZoneLabs\vsmon.exe (Check Point Software Technologies LTD)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Reg Error: Value error.
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package - 
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/01/10 06:02:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2012/01/09 23:07:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\PCHealth
[2012/01/08 20:19:09 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Verwaltung
[2012/01/08 15:03:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PHP 5
[2012/01/08 15:03:27 | 000,000,000 | ---D | C] -- C:\Programme\PHP
[2012/01/08 14:58:14 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\OpenOffice.org 3.3
[2012/01/08 14:48:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\OneNote Notebooks
[2012/01/08 14:14:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Google Chrome
[2012/01/08 12:16:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\facemoods.com
[2012/01/08 12:01:16 | 000,000,000 | ---D | C] -- C:\Programme\facemoods.com
[2012/01/08 11:59:15 | 000,000,000 | ---D | C] -- C:\Programme\JDownloader
[2012/01/07 22:35:38 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***\Recent
[2012/01/07 21:39:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\IsoBuster
[2012/01/07 21:39:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Winamp
[2012/01/07 21:39:31 | 000,000,000 | ---D | C] -- C:\Programme\Smart Projects
[2012/01/07 21:39:30 | 000,000,000 | ---D | C] -- C:\Programme\Winamp Detect
[2012/01/07 21:38:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Winamp
[2012/01/07 21:37:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\DAEMON Tools Lite
[2012/01/07 21:37:11 | 000,000,000 | ---D | C] -- C:\Programme\DAEMON Tools Toolbar
[2012/01/07 21:36:38 | 000,239,168 | ---- | C] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[2012/01/07 21:36:14 | 000,000,000 | ---D | C] -- C:\Programme\DAEMON Tools Lite
[2012/01/07 21:36:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DAEMON Tools Lite
[2012/01/07 21:36:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2012/01/07 21:35:18 | 000,000,000 | ---D | C] -- C:\Programme\SopCast
[2012/01/07 21:35:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\SopCast
[2012/01/07 21:34:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\VideoLAN
[2012/01/07 21:31:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\FFOutput
[2012/01/07 21:30:39 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2012/01/07 21:29:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\FormatFactory
[2012/01/07 21:28:26 | 000,000,000 | ---D | C] -- C:\Programme\FreeTime
[2012/01/07 21:26:10 | 000,000,000 | ---D | C] -- C:\Programme\FileZilla FTP Client
[2012/01/07 16:05:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ZoneAlarm
[2012/01/07 16:04:02 | 000,000,000 | ---D | C] -- C:\Programme\Zone Labs
[2012/01/07 16:03:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2012/01/07 16:02:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\IrfanView
[2012/01/07 16:02:43 | 000,000,000 | ---D | C] -- C:\Programme\IrfanView
[2012/01/07 15:54:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Sun
[2012/01/07 15:52:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\PCHealth
[2012/01/07 15:24:09 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java
[2012/01/07 15:19:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Notepad++
[2012/01/07 15:19:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Notepad++
[2012/01/07 15:19:07 | 000,000,000 | ---D | C] -- C:\Programme\Notepad++
[2012/01/07 15:03:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Picasa 3
[2012/01/07 15:03:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Macromedia
[2012/01/07 15:02:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe
[2012/01/07 14:54:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\Tro***er
[2012/01/07 14:40:02 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Security Client
[2012/01/07 14:32:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\SpeedFan
[2012/01/07 14:32:28 | 000,000,000 | ---D | C] -- C:\Programme\SpeedFan
[2012/01/07 14:32:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Secunia PSI
[2012/01/07 14:30:33 | 000,000,000 | ---D | C] -- C:\Programme\Secunia
[2012/01/07 14:05:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012/01/07 14:05:15 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/07 14:05:14 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012/01/07 11:55:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\7-Zip
[2012/01/07 11:55:28 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
[2012/01/06 22:14:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes
[2012/01/06 22:12:57 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2012/01/06 22:12:42 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2011/12/31 17:44:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes
[2011/12/31 17:44:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011/12/31 17:42:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\WinPatrol
[2011/12/31 17:41:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\HiJackThis
[2011/12/31 17:41:39 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2011/12/31 17:25:35 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[33 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/01/11 22:00:29 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/01/09 22:57:50 | 001,562,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/09 22:57:06 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/09 22:56:57 | 2145,832,960 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/08 15:26:09 | 000,608,888 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012/01/08 15:26:09 | 000,548,920 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/08 15:26:09 | 000,132,094 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012/01/08 15:26:09 | 000,104,038 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/08 15:25:00 | 000,000,674 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2012/01/08 14:50:20 | 000,003,656 | -HS- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\OneNote Table Of Contents.onetoc2
[2012/01/08 14:49:48 | 000,004,960 | -HS- | M] () -- C:\Dokumente und Einstellungen\All Users\OneNote Table Of Contents.onetoc2
[2012/01/08 14:48:14 | 000,000,938 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\OneNote 2007 Screen Clipper and Launcher.lnk
[2012/01/08 14:11:56 | 000,001,150 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1285189494-1214931641-1441595476-1005Core.job
[2012/01/08 12:25:35 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/07 21:36:39 | 000,239,168 | ---- | M] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[2012/01/07 16:06:08 | 000,427,421 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2012/01/07 16:05:06 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2012/01/07 15:20:01 | 000,002,198 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/01/07 15:16:31 | 000,000,707 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2012/01/07 14:32:28 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2012/01/07 14:30:50 | 000,000,736 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Secunia PSI Tray.lnk
[2012/01/06 22:20:41 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\***\defogger_reenable
[2012/01/05 14:26:16 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cccbad9a56400a.job
[2012/01/02 16:35:25 | 000,000,020 | ---- | M] () -- C:\WINDOWS\tpcsd
[2012/01/01 11:13:26 | 000,440,006 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120101-111406.backup
[2012/01/01 11:13:26 | 000,440,006 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/31 22:52:00 | 000,000,872 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/31 20:13:05 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[33 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/01/08 14:50:14 | 000,003,656 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\OneNote Table Of Contents.onetoc2
[2012/01/08 14:49:53 | 000,003,656 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\OneNote Table Of Contents.onetoc2
[2012/01/08 14:49:02 | 000,004,960 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\OneNote Table Of Contents.onetoc2
[2012/01/08 14:48:14 | 000,000,938 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Autostart\OneNote 2007 Screen Clipper and Launcher.lnk
[2012/01/08 14:11:56 | 000,001,150 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1285189494-1214931641-1441595476-1005Core.job
[2012/01/08 12:00:37 | 000,001,598 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\JDownloader.lnk
[2012/01/07 16:05:06 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2012/01/07 16:04:04 | 000,427,421 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2012/01/07 14:48:06 | 000,000,416 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/01/07 14:43:12 | 000,002,198 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/01/07 14:41:05 | 000,001,663 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Security Essentials.lnk
[2012/01/07 14:32:27 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo
[2012/01/07 14:30:50 | 000,000,736 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Secunia PSI Tray.lnk
[2012/01/07 14:30:50 | 000,000,699 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Secunia PSI.lnk
[2012/01/06 22:20:41 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\defogger_reenable
[2012/01/05 14:26:16 | 000,000,874 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cccbad9a56400a.job
[2012/01/02 16:35:25 | 000,000,020 | ---- | C] () -- C:\WINDOWS\tpcsd
[2011/07/22 08:53:28 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011/07/12 17:16:39 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2011/06/03 15:38:59 | 000,000,041 | ---- | C] () -- C:\WINDOWS\mapedit2.ini
[2011/05/29 20:44:51 | 000,133,583 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/12/15 00:06:50 | 000,059,392 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/29 15:29:44 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/10/16 11:00:23 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/09 20:15:36 | 000,051,892 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/03 17:24:52 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2010/10/02 19:10:18 | 000,024,222 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2010/10/02 19:10:18 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2010/10/02 19:09:39 | 000,061,950 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2010/10/02 19:09:38 | 000,016,173 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2010/10/02 19:09:37 | 000,017,590 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2010/10/01 18:32:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2010/09/30 20:34:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/09/29 19:51:47 | 000,000,136 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010/09/29 19:41:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/09/29 19:40:56 | 000,016,384 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
[2010/09/29 19:40:56 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2010/09/29 19:40:39 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2010/09/29 19:38:44 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\psasrv.exe
[2010/09/29 19:34:07 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\profile.dat
[2010/09/29 19:30:51 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2010/09/29 19:30:32 | 000,001,310 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/09/29 19:19:07 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2010/09/29 19:18:38 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2010/09/29 19:17:07 | 000,147,520 | ---- | C] () -- C:\WINDOWS\_tpiu000.exe
[2010/09/29 19:16:45 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TpKmpSvc.exe
[2010/09/29 19:02:38 | 000,002,458 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2010/09/29 18:56:37 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[2010/09/29 18:56:36 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll
[2010/09/29 18:54:24 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/05/26 21:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008/05/26 21:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008/05/26 21:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2005/11/01 13:59:16 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/10/17 14:22:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
[2005/07/08 00:06:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2005/05/23 07:22:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2005/05/23 07:22:24 | 000,004,547 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2004/08/10 12:48:32 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:33:43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 12:23:42 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 12:18:03 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 12:17:14 | 001,562,928 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2001/11/14 11:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[1979/12/31 23:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[1979/12/31 23:00:00 | 000,608,888 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[1979/12/31 23:00:00 | 000,548,920 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[1979/12/31 23:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[1979/12/31 23:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[1979/12/31 23:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[1979/12/31 23:00:00 | 000,132,094 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[1979/12/31 23:00:00 | 000,104,038 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[1979/12/31 23:00:00 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[1979/12/31 23:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[1979/12/31 23:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[1979/12/31 23:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[1979/12/31 23:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[1979/12/31 23:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[1979/12/31 23:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
 
========== LOP Check ==========
 
[2010/09/29 21:17:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Cisco
[2012/01/07 21:36:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2011/07/28 21:50:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Easybits GO
[2010/09/29 19:29:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lenovo
[2010/10/02 19:17:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NTIReg
[2011/05/30 01:07:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2011/07/22 08:50:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip
[2011/05/30 01:04:38 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2010/10/02 22:53:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/01/29 03:53:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Amazon
[2011/07/22 09:22:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\CheckPoint
[2012/01/07 21:36:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DAEMON Tools Lite
[2012/01/08 12:16:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\facemoods.com
[2010/09/29 19:28:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\IBM
[2011/12/03 20:45:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQ
[2010/10/26 22:19:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\InterVideo
[2010/10/05 14:40:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Lenovo
[2010/12/05 21:44:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MSNInstaller
[2010/11/12 21:40:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\OpenOffice.org
[2011/10/13 05:29:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\pdfforge
[2010/11/04 02:27:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Search Settings
[2010/10/09 20:23:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SE_logs
[2011/01/19 04:36:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SGPPLog
[2011/07/26 12:46:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SogouExplorer
[2011/06/01 18:13:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SogouPY
[2010/10/09 20:16:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SogouPY.users
[2010/09/29 19:51:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ThinkVantage
[2011/05/30 06:29:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TuneUp Software
[2011/01/14 19:21:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2011/10/11 21:35:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Windows Desktop Search
[2011/10/11 23:23:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Windows Search
[2011/12/31 17:42:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\WinPatrol
[2012/01/11 22:00:29 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/12/31 20:13:05 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
[2012/01/08 14:49:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Application Data\Office Genuine Advantage
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011/10/16 19:53:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Adobe
[2010/10/12 21:08:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\AdobeUM
[2011/01/29 03:53:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Amazon
[2012/01/04 19:40:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Apple Computer
[2010/09/29 19:25:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ATI
[2011/07/22 09:22:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\CheckPoint
[2012/01/07 21:36:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DAEMON Tools Lite
[2010/10/26 22:19:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DivX
[2010/11/10 08:47:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\dvdcss
[2012/01/08 12:16:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\facemoods.com
[2010/02/02 03:41:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Google
[2010/09/29 19:28:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\IBM
[2011/12/03 20:45:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQ
[2004/08/10 12:35:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Identities
[2010/10/26 22:19:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\InterVideo
[2010/10/05 14:40:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Lenovo
[2010/09/30 20:39:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Macromedia
[2011/12/31 17:44:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes
[2012/01/08 14:48:31 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft
[2010/09/30 20:34:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla
[2010/12/05 21:44:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MSNInstaller
[2010/11/12 21:40:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\OpenOffice.org
[2011/10/13 05:29:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\pdfforge
[2010/11/04 02:27:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Search Settings
[2010/10/09 20:23:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SE_logs
[2011/01/19 04:36:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SGPPLog
[2011/06/01 17:42:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Skype
[2011/06/01 17:07:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\skypePM
[2011/07/26 12:46:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SogouExplorer
[2011/06/01 18:13:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SogouPY
[2010/10/09 20:16:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SogouPY.users
[2010/10/04 18:17:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun
[2010/09/29 19:33:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Symantec
[2010/09/29 19:51:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ThinkVantage
[2011/05/30 06:29:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TuneUp Software
[2011/01/14 19:21:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2010/12/02 17:55:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\U3
[2011/01/11 07:00:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\vlc
[2012/01/07 22:36:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Winamp
[2011/10/11 21:35:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Windows Desktop Search
[2011/10/11 23:23:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Windows Search
[2011/12/31 17:42:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\WinPatrol
[2010/10/17 00:22:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\WinRAR
 
< %APPDATA%\*.exe /s >
[2011/01/14 19:43:42 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011/12/31 17:41:42 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2004/08/04 04:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/04 04:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/09/29 23:00:53 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010/09/29 23:00:53 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004/08/04 04:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 04:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/09/29 23:00:53 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010/09/29 23:00:53 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008/04/14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
 
< MD5 for: IASTOR.SYS  >
[2005/10/12 11:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\DRIVERS\OTHER\IASTOR.SYS
[2005/10/12 11:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\IBMTOOLS\drivers\IMSM\IASTOR.SYS
[2005/10/12 11:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\drivers\IASTOR.SYS
 
< MD5 for: NETLOGON.DLL  >
[2008/04/14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008/04/14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005/03/02 19:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2008/04/14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008/04/14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008/04/14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004/08/04 04:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2004/08/10 12:16:54 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004/08/10 12:16:54 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/08/10 12:16:54 | 000,417,792 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[33 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
========== Files - Unicode (All) ==========
(C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\???????) -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\搜狗拼音输入法

< End of report >
         

Alt 12.01.2012, 18:27   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win32.Agent.bb - Standard

Win32.Agent.bb



Zitat:
(Check Point Software Technologies LTD) -- C:\Programme\Zone Labs\ZoneAlarm\zlclient.exe
Eine zusätzliche bzw. andere Software-Firewall und v.a. sowas wie SecuritySuites sind Quatsch mit Sauce, in vielen Fällen kontraproduktiv und Ursache für die "lustigsten" Fehler.
Bitte umgehend deinstallieren, Windows danach neustarten und sicherstellen, dass die Windows-Firewall aktiv ist und keine gefährlichen "Löcher" (siehe Ausnahmeliste) hat.
Mach danach wieder ein neues OTL-CustomLog.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 13.01.2012, 06:37   #9
IhrBlog
 
Win32.Agent.bb - Standard

Win32.Agent.bb



Ok - und das nächste LOG:

Code:
ATTFilter
OTL logfile created on: 1/12/2012 10:59:41 PM - Run 4
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Dokumente und Einstellungen\***\Desktop\Trojaner
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: Vereinigte Staaten von Amerika | Language: ENU | Date Format: M/d/yyyy
 
2.00 Gb Total Physical Memory | 1.43 Gb Available Physical Memory | 71.65% Memory free
3.85 Gb Paging File | 3.41 Gb Available in Paging File | 88.65% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 69.65 Gb Total Space | 7.74 Gb Free Space | 11.11% Space Free | Partition Type: NTFS
 
Computer Name: LENOVO-B00D28A3 | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/01/07 15:22:47 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Programme\Java\jre7\bin\jqs.exe
PRC - [2012/01/07 01:59:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\***\Desktop\Tro***er\OTL.exe
PRC - [2011/10/24 21:32:00 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2011/07/29 10:30:30 | 000,994,360 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psia.exe
PRC - [2011/07/29 10:30:28 | 000,399,416 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\sua.exe
PRC - [2011/06/15 15:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/02/22 09:44:14 | 000,045,312 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Programme\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
PRC - [2008/04/14 03:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe
PRC - [2008/04/14 03:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/04/17 12:12:26 | 000,040,960 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
PRC - [2005/12/21 17:34:58 | 000,077,824 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
PRC - [2005/12/21 17:27:00 | 000,032,768 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Common\Logger\logmon.exe
PRC - [2005/12/21 17:20:56 | 001,384,448 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
PRC - [2005/12/21 16:17:54 | 000,722,480 | ---- | M] (IBM) -- C:\Programme\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
PRC - [2005/12/01 00:09:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) -- C:\WINDOWS\system32\IPSSVC.EXE
PRC - [2005/06/06 20:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/01/07 15:16:51 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_a45f2698\mscorlib.dll
MOD - [2012/01/07 15:16:34 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_09f67223\system.xml.dll
MOD - [2012/01/07 15:16:16 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_5e6b8e34\system.windows.forms.dll
MOD - [2012/01/07 15:15:52 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_39cd9ad1\system.dll
MOD - [2012/01/07 15:15:28 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012/01/07 15:15:23 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2011/11/08 21:46:02 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2011/07/18 22:04:08 | 000,296,448 | ---- | M] () -- C:\Programme\Notepad++\NppShell_04.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll
MOD - [2010/09/29 19:27:14 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2010/09/29 19:27:14 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2010/03/15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2008/09/29 16:37:44 | 000,460,199 | ---- | M] () -- C:\Programme\NewTech Infosystems\Backup Now EZ\sqlite3.dll
MOD - [2006/04/17 12:12:32 | 000,114,688 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcLocMigrator.dll
MOD - [2006/04/17 12:12:26 | 000,040,960 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
MOD - [2006/04/17 12:12:22 | 000,077,824 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcAdaptersInfo.dll
MOD - [2006/04/17 12:12:18 | 000,532,480 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ACon.dll
MOD - [2006/04/17 11:47:38 | 000,094,208 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ThinQCon.dll
MOD - [2006/04/17 11:47:18 | 000,090,112 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcSvcStub.dll
MOD - [2006/04/17 11:44:32 | 000,007,680 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ACTurinSupport.dll
MOD - [2006/04/17 11:44:28 | 000,143,360 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgr.dll
MOD - [2006/04/17 11:44:22 | 000,151,552 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcLocSettings.dll
MOD - [2006/04/17 11:43:44 | 000,077,824 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\AcCryptHlpr.dll
MOD - [2006/04/17 11:43:38 | 000,077,824 | ---- | M] () -- C:\Programme\ThinkPad\ConnectUtilities\ACHelper.dll
MOD - [2006/02/17 15:15:46 | 000,876,544 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\Libeay32.dll
MOD - [2006/02/17 15:15:46 | 000,208,965 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\iWMSProv.dll
MOD - [2006/02/17 15:15:46 | 000,053,322 | ---- | M] () -- C:\Programme\Intel\Wireless\Bin\IntStngs.dll
MOD - [2005/12/21 17:34:58 | 000,077,824 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
MOD - [2005/12/21 17:27:00 | 000,032,768 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Common\Logger\logmon.exe
MOD - [2005/12/21 17:23:06 | 000,139,264 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\CDRecord.dll
MOD - [2005/12/21 17:20:56 | 001,384,448 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
MOD - [2005/12/21 17:19:10 | 000,155,648 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\ui.dll
MOD - [2005/12/21 17:19:02 | 000,069,632 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\zlib.dll
MOD - [2005/12/21 17:15:14 | 000,671,744 | ---- | M] () -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\rr_res.dll
MOD - [2005/11/30 19:16:02 | 000,024,576 | ---- | M] () -- C:\WINDOWS\system32\tphklock.dll
MOD - [2005/06/06 20:26:22 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\TpKmpSvc.exe
MOD - [2001/10/28 16:42:30 | 000,116,224 | ---- | M] () -- C:\WINDOWS\system32\pdfcmnnt.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/01/07 15:22:47 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Programme\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/10/24 21:32:00 | 000,055,144 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2011/07/29 10:30:30 | 000,994,360 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011/07/29 10:30:28 | 000,399,416 | ---- | M] (Secunia) [Auto | Running] -- C:\Programme\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2011/07/20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011/06/07 20:29:16 | 000,630,272 | ---- | M] (FileZilla Project) [On_Demand | Stopped] -- C:\Programme\FileZilla Server\FileZilla Server.exe -- (FileZilla Server)
SRV - [2011/04/27 15:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/10/03 17:03:11 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/02/22 09:44:14 | 000,045,312 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Programme\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe -- (NTI BackupNowEZSvr)
SRV - [2008/04/14 03:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC)
SRV - [2008/04/14 03:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP)
SRV - [2008/04/14 03:22:49 | 000,015,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN)
SRV - [2006/10/26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/04/17 12:12:28 | 000,151,552 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Programme\ThinkPad\ConnectUtilities\AcSvc.exe -- (AcSvc)
SRV - [2006/04/17 12:12:26 | 000,040,960 | ---- | M] () [Auto | Running] -- C:\Programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)
SRV - [2005/12/21 17:34:58 | 000,077,824 | ---- | M] () [Auto | Running] -- C:\Programme\IBM ThinkVantage\Common\Scheduler\tvtsched.exe -- (TVT Scheduler)
SRV - [2005/12/21 17:20:56 | 001,384,448 | ---- | M] () [Auto | Running] -- C:\Programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe -- (TVT Backup Service)
SRV - [2005/12/21 16:17:54 | 000,722,480 | ---- | M] (IBM) [Auto | Running] -- C:\Programme\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe -- (TSSCoreService)
SRV - [2005/12/01 00:09:00 | 000,073,728 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\WINDOWS\system32\IPSSVC.EXE -- (IPSSVC)
SRV - [2005/11/01 14:04:02 | 000,258,103 | ---- | M] (Broadcom Corporation.) [Disabled | Stopped] -- C:\Programme\ThinkPad\Bluetooth Software\bin\btwdins.exe -- (btwdins)
SRV - [2005/08/01 16:32:40 | 000,040,960 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\ThinkVantage\SystemUpdate\UCLauncherService.exe -- (UCLauncherService)
SRV - [2005/06/06 20:26:22 | 000,032,768 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\TpKmpSvc.exe -- (TpKmpSVC)
SRV - [2004/10/22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012/01/12 22:44:29 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{FEE264FF-C53C-4750-9BFF-90C45F0241DC}\MpKsl06f1d0c7.sys -- (MpKsl06f1d0c7)
DRV - [2012/01/07 21:36:39 | 000,239,168 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/03/18 17:08:54 | 000,025,240 | ---- | M] (Almico Software) [Kernel | Boot | Running] -- C:\WINDOWS\system32\speedfan.sys -- (speedfan)
DRV - [2010/09/29 19:38:44 | 000,016,256 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\psadd.sys -- (psadd)
DRV - [2010/09/01 09:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\psi_mf.sys -- (PSI)
DRV - [2010/04/28 06:44:02 | 000,054,760 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys -- (fssfltr)
DRV - [2008/05/08 15:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/04/13 19:39:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2006/12/21 11:56:44 | 000,988,800 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2006/12/21 11:56:00 | 000,209,664 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2006/12/21 11:55:56 | 000,730,112 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2006/09/13 18:49:52 | 001,724,416 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2006/02/17 15:41:50 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2006/01/12 23:33:22 | 000,006,016 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\IBMBLDID.sys -- (IBMTPCHK)
DRV - [2005/12/21 22:39:46 | 000,006,912 | ---- | M] (IBM Corp.) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\ANCSQ.sys -- (ANCSQ)
DRV - [2005/12/21 16:14:58 | 000,012,544 | ---- | M] (IBM) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ibmfilter.sys -- (ibmfilter)
DRV - [2005/12/07 00:12:00 | 000,004,442 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TPPWRIF.SYS -- (TPPWRIF)
DRV - [2005/12/04 23:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2005/12/01 00:09:00 | 000,005,120 | ---- | M] (Lenovo Group Limited) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PROCDD.SYS -- (PROCDD)
DRV - [2005/11/30 00:51:00 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SMAPINT.SYS -- (Smapint)
DRV - [2005/11/30 00:51:00 | 000,009,343 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS -- (TDSMAPI)
DRV - [2005/11/21 01:41:00 | 000,007,168 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS -- (TSMAPIP)
DRV - [2005/11/15 12:11:28 | 000,046,142 | R--- | M] (Utimaco Safeware AG) [Kernel | Auto | Running] -- C:\Programme\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys -- (PrivateDisk)
DRV - [2005/11/08 08:27:20 | 000,011,520 | ---- | M] (IBM Corp.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ANC.sys -- (ANC)
DRV - [2005/11/01 13:53:14 | 001,342,122 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2005/11/01 13:51:06 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [1996/04/03 20:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.facemoods.com/?a=ddrnw
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://www.lenovo.com/de/de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "Game Master 1.1 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2856449&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://my.daemon-search.com/|hxxp://www.startnow.com/?src=startpage&provider=Bing&provider_code=Z057&partner_id=333&product_id=519&affiliate_id=&channel=DPGL15&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110529&user_guid=670230B35AF54A8C94B2CBCABA1CF55A&machine_id=6fc368cecf994cfb74d4ab4711c21dc9&browser=FF&os=win&os_version=5.1-x86-SP3"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.1
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=782682b00000000000000018de73780d&tlver=1.4.31.2&instlRef=sst&affID=19950&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Programme\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Programme\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.93\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.93\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\superfish@superfish.com: C:\Dokumente und Einstellungen\All Users\AnwendungsdatenMozilla\Extensions\superfish@superfish.com [2011/05/30 15:32:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012/01/07 15:16:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012/01/10 22:41:36 | 000,000,000 | ---D | M]
 
[2010/09/30 20:34:43 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Extensions
[2012/01/12 22:33:33 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\extensions
[2012/01/07 21:37:31 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\extensions\DTToolbar@toolbarnet.com
[2011/05/29 20:38:40 | 000,002,265 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\searchplugins\bing-zugo.xml
[2010/12/30 17:26:30 | 000,000,933 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\searchplugins\conduit.xml
[2012/01/07 21:37:11 | 000,002,055 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\searchplugins\daemon-search.xml
[2011/01/04 18:20:25 | 000,002,523 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\searchplugins\google-ssl.xml
[2010/10/19 23:10:08 | 000,001,196 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\searchplugins\winamp-search.xml
[2012/01/08 14:36:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012/01/08 14:36:34 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/12/17 06:09:01 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2011/12/09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Programme\mozilla firefox\plugins\npwachk.dll
[2011/12/17 02:38:42 | 000,001,538 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/08/03 14:24:07 | 000,002,287 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
[2011/12/17 02:25:53 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011/12/17 02:38:42 | 000,000,947 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/12/17 02:38:42 | 000,001,180 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/01/08 12:01:23 | 000,002,048 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\fcmdSrch.xml
[2011/12/17 02:38:42 | 000,001,135 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-en-GB.xml
 
========== Chrome  ==========
 
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Programme\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Programme\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Programme\Microsoft\Office Live\npOLW.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Programme\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Programme\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Programme\Google\Update\1.3.21.93\npGoogleUpdate3.dll
CHR - plugin: npFFApi (Enabled) = C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Java(TM) Platform SE 7 U2 (Enabled) = C:\Programme\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Programme\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Picasa (Enabled) = C:\Programme\Picasa2\npPicasa3.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Programme\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Programme\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google-Suche = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Facemoods = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\ihflimipbcaljfnojhhknppphnnciiif\1.4.1_0\
CHR - Extension: Google Mail = C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\
 
O1 HOSTS File: ([2012/01/01 11:13:26 | 000,440,006 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 15128 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O4 - HKLM..\Run: [MSC] c:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\OneNote Table Of Contents.onetoc2 ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Senden an &Bluetooth - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: microsoft.com ([windowsupdate] http in Vertrauenswürdige Sites)
O16 - DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} https://cas.sc.loc/auth/taweb.cab (Cisco NAC Web Agent Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1285791548781 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} hxxp://java.sun.com/products/plugin/1.4.2/jinstall-142-win.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab (Java Plug-in 1.7.0_02)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.7.0_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{321EE642-2C2E-4B36-AA44-BF882FCDB941}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\Userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ACNotify: DllName - (ACNotify.dll) - C:\Programme\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\tpfnf2: DllName - (notifyf2.dll) - C:\WINDOWS\System32\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - (tphklock.dll) - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/29 19:51:53 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{362661aa-fd14-11df-b24d-0018de73780d}\Shell - "" = AutoRun
O33 - MountPoints2\{362661aa-fd14-11df-b24d-0018de73780d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{362661aa-fd14-11df-b24d-0018de73780d}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{bc75be86-07d6-11e0-b257-0018de73780d}\Shell\AutoRun\command - "" = E:\Setup_FlipShare.exe
O33 - MountPoints2\{bc75be86-07d6-11e0-b257-0018de73780d}\Shell\Setup FlipShare\command - "" = E:\Setup_FlipShare.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Secunia PSI Tray.lnk - C:\Programme\Secunia\PSI\psi_tray.exe - (Secunia)
MsConfig - StartUpFolder: C:^Dokumente und Einstellungen^***^Startmenü^Programme^Autostart^OneNote 2007 Screen Clipper and Launcher.lnk - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE - (Microsoft Corporation)
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: ISW - hkey= - key= -  File not found
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Programme\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Programme\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: SynTPEnh - hkey= - key= -  File not found
MsConfig - StartUpReg: SynTPLpr - hkey= - key= - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 2
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: MsMpSvc - c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: MsMpSvc - c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: vsmon - Service
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.UnInstall.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - rundll32.exe C:\WINDOWS\system32\Setup\FxsOcm.dll,XP_UninstallProvider
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C314CE45-3392-3B73-B4E1-139CD41CA933} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Reg Error: Value error.
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package - 
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/01/12 22:48:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\Internet Logs
[2012/01/12 22:38:50 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\***\Recent
[2012/01/09 23:07:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\PCHealth
[2012/01/08 20:19:09 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Verwaltung
[2012/01/08 15:03:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PHP 5
[2012/01/08 15:03:27 | 000,000,000 | ---D | C] -- C:\Programme\PHP
[2012/01/08 14:58:14 | 000,000,000 | --SD | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\OpenOffice.org 3.3
[2012/01/08 14:48:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\OneNote Notebooks
[2012/01/08 14:14:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Google Chrome
[2012/01/08 11:59:15 | 000,000,000 | ---D | C] -- C:\Programme\JDownloader
[2012/01/07 21:39:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\IsoBuster
[2012/01/07 21:39:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Winamp
[2012/01/07 21:39:31 | 000,000,000 | ---D | C] -- C:\Programme\Smart Projects
[2012/01/07 21:39:30 | 000,000,000 | ---D | C] -- C:\Programme\Winamp Detect
[2012/01/07 21:38:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Winamp
[2012/01/07 21:37:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\DAEMON Tools Lite
[2012/01/07 21:37:11 | 000,000,000 | ---D | C] -- C:\Programme\DAEMON Tools Toolbar
[2012/01/07 21:36:38 | 000,239,168 | ---- | C] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[2012/01/07 21:36:14 | 000,000,000 | ---D | C] -- C:\Programme\DAEMON Tools Lite
[2012/01/07 21:36:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DAEMON Tools Lite
[2012/01/07 21:36:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2012/01/07 21:35:18 | 000,000,000 | ---D | C] -- C:\Programme\SopCast
[2012/01/07 21:35:18 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\SopCast
[2012/01/07 21:34:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\VideoLAN
[2012/01/07 21:31:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Eigene Dateien\FFOutput
[2012/01/07 21:30:39 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\WINDOWS\System32\pncrt.dll
[2012/01/07 21:29:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\FormatFactory
[2012/01/07 21:28:26 | 000,000,000 | ---D | C] -- C:\Programme\FreeTime
[2012/01/07 21:26:10 | 000,000,000 | ---D | C] -- C:\Programme\FileZilla FTP Client
[2012/01/07 16:02:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\IrfanView
[2012/01/07 16:02:43 | 000,000,000 | ---D | C] -- C:\Programme\IrfanView
[2012/01/07 15:54:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Sun
[2012/01/07 15:52:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\PCHealth
[2012/01/07 15:24:09 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java
[2012/01/07 15:19:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\Notepad++
[2012/01/07 15:19:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Notepad++
[2012/01/07 15:19:07 | 000,000,000 | ---D | C] -- C:\Programme\Notepad++
[2012/01/07 15:03:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Picasa 3
[2012/01/07 15:03:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Macromedia
[2012/01/07 15:02:59 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\Adobe
[2012/01/07 14:54:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Desktop\Tro***er
[2012/01/07 14:40:02 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Security Client
[2012/01/07 14:32:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\SpeedFan
[2012/01/07 14:32:28 | 000,000,000 | ---D | C] -- C:\Programme\SpeedFan
[2012/01/07 14:32:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Secunia PSI
[2012/01/07 14:30:33 | 000,000,000 | ---D | C] -- C:\Programme\Secunia
[2012/01/07 14:05:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes' Anti-Malware
[2012/01/07 14:05:15 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/01/07 14:05:14 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2012/01/07 11:55:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\7-Zip
[2012/01/07 11:55:28 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip
[2012/01/06 22:14:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes
[2012/01/06 22:12:57 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2012/01/06 22:12:42 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2011/12/31 17:44:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes
[2011/12/31 17:44:45 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2011/12/31 17:42:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\WinPatrol
[2011/12/31 17:41:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\***\Startmenü\Programme\HiJackThis
[2011/12/31 17:41:39 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2011/12/31 17:25:35 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[33 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/01/12 22:49:29 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/01/12 22:44:09 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/01/12 22:44:04 | 2145,832,960 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/12 22:23:49 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/01/09 22:57:50 | 001,562,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/08 15:26:09 | 000,608,888 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2012/01/08 15:26:09 | 000,548,920 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/01/08 15:26:09 | 000,132,094 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2012/01/08 15:26:09 | 000,104,038 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/01/08 15:25:00 | 000,000,674 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2012/01/08 14:50:20 | 000,003,656 | -HS- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\OneNote Table Of Contents.onetoc2
[2012/01/08 14:49:48 | 000,004,960 | -HS- | M] () -- C:\Dokumente und Einstellungen\All Users\OneNote Table Of Contents.onetoc2
[2012/01/08 14:11:56 | 000,001,150 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1285189494-1214931641-1441595476-1005Core.job
[2012/01/07 21:36:39 | 000,239,168 | ---- | M] (DT Soft Ltd) -- C:\WINDOWS\System32\drivers\dtsoftbus01.sys
[2012/01/07 16:05:06 | 000,004,212 | -H-- | M] () -- C:\WINDOWS\System32\zllictbl.dat
[2012/01/07 15:20:01 | 000,002,198 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2012/01/07 15:16:31 | 000,000,707 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Mozilla Firefox.lnk
[2012/01/07 14:32:28 | 000,000,045 | ---- | M] () -- C:\WINDOWS\System32\initdebug.nfo
[2012/01/06 22:20:41 | 000,000,000 | ---- | M] () -- C:\Dokumente und Einstellungen\***\defogger_reenable
[2012/01/05 14:26:16 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cccbad9a56400a.job
[2012/01/02 16:35:25 | 000,000,020 | ---- | M] () -- C:\WINDOWS\tpcsd
[2012/01/01 11:13:26 | 000,440,006 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20120101-111406.backup
[2012/01/01 11:13:26 | 000,440,006 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/31 22:52:00 | 000,000,872 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/31 20:13:05 | 000,000,316 | ---- | M] () -- C:\WINDOWS\tasks\PMTask.job
[33 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/01/08 14:50:14 | 000,003,656 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\OneNote Table Of Contents.onetoc2
[2012/01/08 14:49:53 | 000,003,656 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\OneNote Table Of Contents.onetoc2
[2012/01/08 14:49:02 | 000,004,960 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\OneNote Table Of Contents.onetoc2
[2012/01/08 14:11:56 | 000,001,150 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1285189494-1214931641-1441595476-1005Core.job
[2012/01/08 12:00:37 | 000,001,598 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\JDownloader.lnk
[2012/01/07 16:05:06 | 000,004,212 | -H-- | C] () -- C:\WINDOWS\System32\zllictbl.dat
[2012/01/07 14:48:06 | 000,000,416 | -H-- | C] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2012/01/07 14:43:12 | 000,002,198 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2012/01/07 14:41:05 | 000,001,663 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Security Essentials.lnk
[2012/01/07 14:32:27 | 000,000,045 | ---- | C] () -- C:\WINDOWS\System32\initdebug.nfo
[2012/01/07 14:30:50 | 000,000,699 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Secunia PSI.lnk
[2012/01/06 22:20:41 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\***\defogger_reenable
[2012/01/05 14:26:16 | 000,000,874 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cccbad9a56400a.job
[2012/01/02 16:35:25 | 000,000,020 | ---- | C] () -- C:\WINDOWS\tpcsd
[2011/07/22 08:53:28 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
[2011/07/12 17:16:39 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2011/06/03 15:38:59 | 000,000,041 | ---- | C] () -- C:\WINDOWS\mapedit2.ini
[2011/05/29 20:44:51 | 000,133,583 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2010/12/15 00:06:50 | 000,059,392 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/29 15:29:44 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/10/16 11:00:23 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/10/09 20:15:36 | 000,051,892 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/03 17:24:52 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2010/10/02 19:10:18 | 000,024,222 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2010/10/02 19:10:18 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2010/10/02 19:09:39 | 000,061,950 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini
[2010/10/02 19:09:38 | 000,016,173 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini
[2010/10/02 19:09:37 | 000,017,590 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini
[2010/10/01 18:32:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2010/09/30 20:34:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/09/29 19:51:47 | 000,000,136 | ---- | C] () -- C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010/09/29 19:41:16 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/09/29 19:40:56 | 000,016,384 | ---- | C] () -- C:\WINDOWS\PWMBTHLP.EXE
[2010/09/29 19:40:56 | 000,004,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\TPPWRIF.SYS
[2010/09/29 19:40:39 | 000,006,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2010/09/29 19:38:44 | 000,032,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\psasrv.exe
[2010/09/29 19:34:07 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\profile.dat
[2010/09/29 19:30:51 | 000,028,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBkey.sys
[2010/09/29 19:30:32 | 000,001,310 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/09/29 19:19:07 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2010/09/29 19:18:38 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2010/09/29 19:17:07 | 000,147,520 | ---- | C] () -- C:\WINDOWS\_tpiu000.exe
[2010/09/29 19:16:45 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TpKmpSvc.exe
[2010/09/29 19:02:38 | 000,002,458 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2010/09/29 18:56:37 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[2010/09/29 18:56:36 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll
[2010/09/29 18:54:24 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\IPSCtrl.INI
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/05/26 21:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008/05/26 21:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008/05/26 21:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008/05/26 20:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 20:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2005/11/01 13:59:16 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2005/10/17 14:22:24 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\DEVMAN.DLL
[2005/07/08 00:06:00 | 000,114,688 | ---- | C] () -- C:\WINDOWS\desktopset.exe
[2005/05/23 07:22:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2005/05/23 07:22:24 | 000,004,547 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2004/08/10 12:48:32 | 000,000,849 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 12:33:43 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 12:23:42 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 12:18:03 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 12:17:14 | 001,562,928 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2001/11/14 11:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1996/04/03 20:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[1979/12/31 23:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[1979/12/31 23:00:00 | 000,608,888 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[1979/12/31 23:00:00 | 000,548,920 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[1979/12/31 23:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[1979/12/31 23:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[1979/12/31 23:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[1979/12/31 23:00:00 | 000,132,094 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[1979/12/31 23:00:00 | 000,104,038 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[1979/12/31 23:00:00 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[1979/12/31 23:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[1979/12/31 23:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[1979/12/31 23:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[1979/12/31 23:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[1979/12/31 23:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[1979/12/31 23:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
 
========== LOP Check ==========
 
[2010/09/29 21:17:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Cisco
[2012/01/07 21:36:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
[2011/07/28 21:50:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Easybits GO
[2010/09/29 19:29:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Lenovo
[2010/10/02 19:17:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NTIReg
[2011/05/30 01:07:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2011/07/22 08:50:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip
[2011/05/30 01:04:38 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2010/10/02 22:53:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/01/29 03:53:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Amazon
[2011/07/22 09:22:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\CheckPoint
[2012/01/07 21:36:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DAEMON Tools Lite
[2010/09/29 19:28:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\IBM
[2011/12/03 20:45:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQ
[2010/10/26 22:19:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\InterVideo
[2010/10/05 14:40:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Lenovo
[2010/12/05 21:44:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MSNInstaller
[2010/11/12 21:40:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\OpenOffice.org
[2011/10/13 05:29:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\pdfforge
[2010/11/04 02:27:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Search Settings
[2010/10/09 20:23:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SE_logs
[2011/01/19 04:36:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SGPPLog
[2011/07/26 12:46:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SogouExplorer
[2011/06/01 18:13:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SogouPY
[2010/10/09 20:16:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SogouPY.users
[2010/09/29 19:51:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ThinkVantage
[2011/05/30 06:29:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TuneUp Software
[2011/01/14 19:21:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2011/10/11 21:35:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Windows Desktop Search
[2011/10/11 23:23:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Windows Search
[2011/12/31 17:42:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\WinPatrol
[2012/01/12 22:49:29 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/12/31 20:13:05 | 000,000,316 | ---- | M] () -- C:\WINDOWS\Tasks\PMTask.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
[2012/01/08 14:49:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Application Data\Office Genuine Advantage
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011/10/16 19:53:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Adobe
[2010/10/12 21:08:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\AdobeUM
[2011/01/29 03:53:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Amazon
[2012/01/04 19:40:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Apple Computer
[2010/09/29 19:25:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ATI
[2011/07/22 09:22:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\CheckPoint
[2012/01/07 21:36:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DAEMON Tools Lite
[2010/10/26 22:19:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\DivX
[2010/11/10 08:47:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\dvdcss
[2010/02/02 03:41:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Google
[2010/09/29 19:28:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\IBM
[2011/12/03 20:45:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ICQ
[2004/08/10 12:35:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Identities
[2010/10/26 22:19:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\InterVideo
[2010/10/05 14:40:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Lenovo
[2010/09/30 20:39:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Macromedia
[2011/12/31 17:44:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Malwarebytes
[2012/01/08 14:48:31 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft
[2010/09/30 20:34:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla
[2010/12/05 21:44:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\MSNInstaller
[2010/11/12 21:40:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\OpenOffice.org
[2011/10/13 05:29:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\pdfforge
[2010/11/04 02:27:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Search Settings
[2010/10/09 20:23:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SE_logs
[2011/01/19 04:36:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SGPPLog
[2011/06/01 17:42:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Skype
[2011/06/01 17:07:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\skypePM
[2011/07/26 12:46:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SogouExplorer
[2011/06/01 18:13:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SogouPY
[2010/10/09 20:16:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\SogouPY.users
[2010/10/04 18:17:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Sun
[2010/09/29 19:33:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Symantec
[2010/09/29 19:51:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\ThinkVantage
[2011/05/30 06:29:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TuneUp Software
[2011/01/14 19:21:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
[2010/12/02 17:55:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\U3
[2011/01/11 07:00:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\vlc
[2012/01/07 22:36:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Winamp
[2011/10/11 21:35:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Windows Desktop Search
[2011/10/11 23:23:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Windows Search
[2011/12/31 17:42:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\WinPatrol
[2010/10/17 00:22:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\WinRAR
 
< %APPDATA%\*.exe /s >
[2011/01/14 19:43:42 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2011/12/31 17:41:42 | 000,388,096 | R--- | M] (Trend Micro Inc.) -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2004/08/04 04:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004/08/04 04:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/09/29 23:00:53 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2010/09/29 23:00:53 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004/08/04 04:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004/08/04 04:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/09/29 23:00:53 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2010/09/29 23:00:53 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 19:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008/04/14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 03:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
 
< MD5 for: IASTOR.SYS  >
[2005/10/12 11:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\DRIVERS\OTHER\IASTOR.SYS
[2005/10/12 11:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\IBMTOOLS\drivers\IMSM\IASTOR.SYS
[2005/10/12 11:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\drivers\IASTOR.SYS
 
< MD5 for: NETLOGON.DLL  >
[2008/04/14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 03:22:19 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2008/04/14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 03:22:23 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005/03/02 19:19:56 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=4C90159A69A5FD3EB39C71411F28FCFF -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2008/04/14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008/04/14 03:22:31 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008/04/14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 03:23:03 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 03:23:05 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004/08/04 04:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2004/08/10 12:16:54 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004/08/10 12:16:54 | 000,663,552 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/08/10 12:16:54 | 000,417,792 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[33 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
========== Files - Unicode (All) ==========
(C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\???????) -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\搜狗拼音输入法

< End of report >
         

Alt 13.01.2012, 14:36   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win32.Agent.bb - Standard

Win32.Agent.bb



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:
ATTFilter
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.facemoods.com/?a=ddrnw
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.lenovo.com/de/de
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "Game Master 1.1 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2856449&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://my.daemon-search.com/|http://www.startnow.com/?src=startpage&provider=Bing&provider_code=Z057&partner_id=333&product_id=519&affiliate_id=&channel=DPGL15&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110529&user_guid=670230B35AF54A8C94B2CBCABA1CF55A&machine_id=6fc368cecf994cfb74d4ab4711c21dc9&browser=FF&os=win&os_version=5.1-x86-SP3"
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.1
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=SP_ss&mntrId=782682b00000000000000018de73780d&tlver=1.4.31.2&instlRef=sst&affID=19950&q="
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
[2012/01/07 21:37:31 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\extensions\DTToolbar@toolbarnet.com
[2011/05/29 20:38:40 | 000,002,265 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\searchplugins\bing-zugo.xml
[2010/12/30 17:26:30 | 000,000,933 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\searchplugins\conduit.xml
[2012/01/07 21:37:11 | 000,002,055 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\searchplugins\daemon-search.xml
[2011/01/04 18:20:25 | 000,002,523 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\searchplugins\google-ssl.xml
[2010/10/19 23:10:08 | 000,001,196 | ---- | M] () -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\searchplugins\winamp-search.xml
[2011/08/03 14:24:07 | 000,002,287 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
[2011/12/17 02:25:53 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2011/12/17 02:38:42 | 000,000,947 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\chambers-en-GB.xml
[2011/12/17 02:38:42 | 000,001,180 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/01/08 12:01:23 | 000,002,048 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\fcmdSrch.xml
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/09/29 19:51:53 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{362661aa-fd14-11df-b24d-0018de73780d}\Shell - "" = AutoRun
O33 - MountPoints2\{362661aa-fd14-11df-b24d-0018de73780d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{362661aa-fd14-11df-b24d-0018de73780d}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{bc75be86-07d6-11e0-b257-0018de73780d}\Shell\AutoRun\command - "" = E:\Setup_FlipShare.exe
O33 - MountPoints2\{bc75be86-07d6-11e0-b257-0018de73780d}\Shell\Setup FlipShare\command - "" = E:\Setup_FlipShare.exe
[2011/10/13 05:29:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\pdfforge
[2010/11/04 02:27:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\Search Settings
[2011/07/22 09:22:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\***\Anwendungsdaten\CheckPoint
:Files
C:\WINDOWS\Internet Logs
C:\Programme\DAEMON Tools Toolbar
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.01.2012, 08:43   #11
IhrBlog
 
Win32.Agent.bb - Standard

Win32.Agent.bb



So - das nächste Log:


Code:
ATTFilter
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Restore| /E : value set successfully!
Prefs.js: "Google" removed from browser.search.defaultenginename
Prefs.js: "Game Master 1.1 Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2856449&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://my.daemon-search.com/|hxxp://www.startnow.com/?src=startpage&provider=Bing&provider_code=Z057&partner_id=333&product_id=519&affiliate_id=&channel=DPGL15&toolbar_id=200&toolbar_version=2.0&install_country=US&install_date=20110529&user_guid=670230B35AF54A8C94B2CBCABA1CF55A&machine_id=6fc368cecf994cfb74d4ab4711c21dc9&browser=FF&os=win&os_version=5.1-x86-SP3" removed from browser.startup.homepage
Prefs.js: pdfforge@mybrowserbar.com:4.1 removed from extensions.enabledItems
Prefs.js: "hxxp://search.babylon.com/?babsrc=SP_ss&mntrId=782682b00000000000000018de73780d&tlver=1.4.31.2&instlRef=sst&affID=19950&q=" removed from keyword.URL
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@checkpoint.com/FFApi\ deleted successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\extensions\DTToolbar@toolbarnet.com\components\Resources folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\extensions\DTToolbar@toolbarnet.com\components folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\extensions\DTToolbar@toolbarnet.com\chrome\content folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\extensions\DTToolbar@toolbarnet.com\chrome folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\extensions\DTToolbar@toolbarnet.com folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\searchplugins\bing-zugo.xml moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\searchplugins\conduit.xml moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\searchplugins\daemon-search.xml moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\searchplugins\google-ssl.xml moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\searchplugins\winamp-search.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\bing.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\chambers-en-GB.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\eBay-en-GB.xml moved successfully.
C:\Programme\Mozilla Firefox\searchplugins\fcmdSrch.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{362661aa-fd14-11df-b24d-0018de73780d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{362661aa-fd14-11df-b24d-0018de73780d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{362661aa-fd14-11df-b24d-0018de73780d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{362661aa-fd14-11df-b24d-0018de73780d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{362661aa-fd14-11df-b24d-0018de73780d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{362661aa-fd14-11df-b24d-0018de73780d}\ not found.
File E:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bc75be86-07d6-11e0-b257-0018de73780d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bc75be86-07d6-11e0-b257-0018de73780d}\ not found.
File E:\Setup_FlipShare.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bc75be86-07d6-11e0-b257-0018de73780d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bc75be86-07d6-11e0-b257-0018de73780d}\ not found.
File E:\Setup_FlipShare.exe not found.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\pdfforge\temp folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\pdfforge\res folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\pdfforge\Images2PDF folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\pdfforge folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Search Settings\temp folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Search Settings\res folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\Search Settings folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\CheckPoint\ZoneAlarm Toolbar\TrustChecker folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\CheckPoint\ZoneAlarm Toolbar\PTPCACHE folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\CheckPoint\ZoneAlarm Toolbar folder moved successfully.
C:\Dokumente und Einstellungen\***\Anwendungsdaten\CheckPoint folder moved successfully.
========== FILES ==========
C:\WINDOWS\Internet Logs folder moved successfully.
C:\Programme\DAEMON Tools Toolbar\Resources folder moved successfully.
C:\Programme\DAEMON Tools Toolbar folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 19089584 bytes
->Temporary Internet Files folder emptied: 33567 bytes
->Flash cache emptied: 405 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 400868 bytes
->Flash cache emptied: 56468 bytes
 
User: Internet
->Temp folder emptied: 211242083 bytes
->Temporary Internet Files folder emptied: 48966398 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 616460035 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 80461 bytes
 
User: ***
->Temp folder emptied: 11499776 bytes
->Temporary Internet Files folder emptied: 1573266 bytes
->Java cache emptied: 239011 bytes
->FireFox cache emptied: 57025437 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 56994 bytes
 
User: LocalService
->Temp folder emptied: 1129624 bytes
->Temporary Internet Files folder emptied: 34210 bytes
->Flash cache emptied: 343 bytes
 
User: NetworkService
->Temp folder emptied: 2506236 bytes
->Temporary Internet Files folder emptied: 33950 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 23058720 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 124346 bytes
RecycleBin emptied: 13717787 bytes
 
Total Files Cleaned = 961.00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 01132012_181642

Files\Folders moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_be0.dat moved successfully.

Registry entries deleted on Reboot...
         

Alt 14.01.2012, 15:36   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win32.Agent.bb - Standard

Win32.Agent.bb



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!




Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 14.01.2012, 18:48   #13
IhrBlog
 
Win32.Agent.bb - Standard

Win32.Agent.bb



Also es hat 22 Objekte gefunden:

Code:
ATTFilter
17:27:24.0250 3700	TDSS rootkit removing tool 2.7.1.0 Jan 13 2012 15:24:05
17:27:24.0609 3700	============================================================
17:27:24.0609 3700	Current date / time: 2012/01/14 17:27:24.0609
17:27:24.0609 3700	SystemInfo:
17:27:24.0609 3700	
17:27:24.0609 3700	OS Version: 5.1.2600 ServicePack: 3.0
17:27:24.0609 3700	Product type: Workstation
17:27:24.0609 3700	ComputerName: LENOVO-B00D28A3
17:27:24.0609 3700	UserName: ***
17:27:24.0609 3700	Windows directory: C:\WINDOWS
17:27:24.0609 3700	System windows directory: C:\WINDOWS
17:27:24.0609 3700	Processor architecture: Intel x86
17:27:24.0609 3700	Number of processors: 2
17:27:24.0609 3700	Page size: 0x1000
17:27:24.0609 3700	Boot type: Normal boot
17:27:24.0609 3700	============================================================
17:27:27.0796 3700	Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000, SectorSize: 0x200, Cylinders: 0x2861, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K', Flags 0x00000050
17:27:27.0843 3700	Initialize success
17:28:59.0937 0752	============================================================
17:28:59.0937 0752	Scan started
17:28:59.0937 0752	Mode: Manual; SigCheck; TDLFS; 
17:28:59.0937 0752	============================================================
17:29:00.0703 0752	Abiosdsk - ok
17:29:00.0750 0752	abp480n5        (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
17:29:01.0812 0752	abp480n5 - ok
17:29:02.0000 0752	ac97intc        (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
17:29:02.0265 0752	ac97intc - ok
17:29:02.0328 0752	ACPI            (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:29:02.0562 0752	ACPI - ok
17:29:02.0593 0752	ACPIEC          (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
17:29:02.0828 0752	ACPIEC - ok
17:29:02.0890 0752	ADIHdAudAddService (b7c4f2a40b7d2289eb944fff30f385ff) C:\WINDOWS\system32\drivers\ADIHdAud.sys
17:29:02.0984 0752	ADIHdAudAddService - ok
17:29:03.0125 0752	adpu160m        (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
17:29:03.0390 0752	adpu160m - ok
17:29:03.0437 0752	AEAudioService  (c984de22ed71414abc42c1e03d412e33) C:\WINDOWS\system32\drivers\AEAudio.sys
17:29:03.0546 0752	AEAudioService - ok
17:29:03.0640 0752	aec             (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:29:03.0906 0752	aec - ok
17:29:03.0953 0752	AegisP          (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys
17:29:04.0000 0752	AegisP ( UnsignedFile.Multi.Generic ) - warning
17:29:04.0000 0752	AegisP - detected UnsignedFile.Multi.Generic (1)
17:29:04.0062 0752	AFD             (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
17:29:04.0156 0752	AFD - ok
17:29:04.0296 0752	agp440          (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
17:29:04.0546 0752	agp440 - ok
17:29:04.0593 0752	agpCPQ          (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
17:29:04.0859 0752	agpCPQ - ok
17:29:04.0875 0752	Aha154x         (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
17:29:05.0015 0752	Aha154x - ok
17:29:05.0078 0752	aic78u2         (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
17:29:05.0328 0752	aic78u2 - ok
17:29:05.0453 0752	aic78xx         (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
17:29:05.0671 0752	aic78xx - ok
17:29:05.0718 0752	AliIde          (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
17:29:05.0937 0752	AliIde - ok
17:29:06.0015 0752	alim1541        (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
17:29:06.0265 0752	alim1541 - ok
17:29:06.0312 0752	amdagp          (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
17:29:06.0562 0752	amdagp - ok
17:29:06.0609 0752	amsint          (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
17:29:06.0750 0752	amsint - ok
17:29:06.0859 0752	ANC             (11ab185a7af224800bbfb5b836974a17) C:\WINDOWS\system32\drivers\ANC.SYS
17:29:06.0921 0752	ANC ( UnsignedFile.Multi.Generic ) - warning
17:29:06.0921 0752	ANC - detected UnsignedFile.Multi.Generic (1)
17:29:06.0968 0752	ANCSQ           (684ca2e739f7c1c8be1af7236d7a28cf) C:\WINDOWS\system32\drivers\ANCSQ.sys
17:29:07.0000 0752	ANCSQ ( UnsignedFile.Multi.Generic ) - warning
17:29:07.0000 0752	ANCSQ - detected UnsignedFile.Multi.Generic (1)
17:29:07.0062 0752	asc             (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
17:29:07.0312 0752	asc - ok
17:29:07.0343 0752	asc3350p        (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
17:29:07.0484 0752	asc3350p - ok
17:29:07.0531 0752	asc3550         (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
17:29:07.0750 0752	asc3550 - ok
17:29:07.0953 0752	AsyncMac        (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:29:08.0171 0752	AsyncMac - ok
17:29:08.0203 0752	atapi           (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:29:08.0468 0752	atapi - ok
17:29:08.0468 0752	Atdisk - ok
17:29:08.0625 0752	ati2mtag        (e150424208c8a91deed8c45019a6cdd2) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
17:29:09.0250 0752	ati2mtag - ok
17:29:09.0468 0752	Atmarpc         (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:29:09.0734 0752	Atmarpc - ok
17:29:09.0796 0752	atmeltpm        (dbf0d7e2df33b469eb55406fea759350) C:\WINDOWS\system32\DRIVERS\atmeltpm.sys
17:29:09.0875 0752	atmeltpm - ok
17:29:09.0921 0752	audstub         (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:29:10.0125 0752	audstub - ok
17:29:10.0156 0752	Beep            (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:29:10.0375 0752	Beep - ok
17:29:10.0531 0752	BTKRNL          (7512c4f3f408dd9804500e275517a758) C:\WINDOWS\system32\DRIVERS\btkrnl.sys
17:29:10.0687 0752	BTKRNL ( UnsignedFile.Multi.Generic ) - warning
17:29:10.0687 0752	BTKRNL - detected UnsignedFile.Multi.Generic (1)
17:29:10.0828 0752	BTWUSB          (eb68b380da558ba4f5d54519ec734dc9) C:\WINDOWS\system32\Drivers\btwusb.sys
17:29:10.0906 0752	BTWUSB ( UnsignedFile.Multi.Generic ) - warning
17:29:10.0906 0752	BTWUSB - detected UnsignedFile.Multi.Generic (1)
17:29:10.0953 0752	cbidf           (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
17:29:11.0187 0752	cbidf - ok
17:29:11.0250 0752	cbidf2k         (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:29:11.0468 0752	cbidf2k - ok
17:29:11.0515 0752	CCDECODE        (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:29:11.0734 0752	CCDECODE - ok
17:29:11.0765 0752	cd20xrnt        (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
17:29:11.0921 0752	cd20xrnt - ok
17:29:11.0953 0752	Cdaudio         (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:29:12.0187 0752	Cdaudio - ok
17:29:12.0265 0752	Cdfs            (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:29:12.0500 0752	Cdfs - ok
17:29:12.0578 0752	Cdrom           (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:29:12.0812 0752	Cdrom - ok
17:29:12.0890 0752	Changer - ok
17:29:12.0921 0752	CmBatt          (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
17:29:13.0140 0752	CmBatt - ok
17:29:13.0187 0752	CmdIde          (c687f81290303d90099b027a6474f99f) C:\WINDOWS\system32\DRIVERS\cmdide.sys
17:29:13.0406 0752	CmdIde - ok
17:29:13.0421 0752	Compbatt        (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:29:13.0640 0752	Compbatt - ok
17:29:13.0703 0752	Cpqarray        (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
17:29:13.0921 0752	Cpqarray - ok
17:29:14.0031 0752	dac2w2k         (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
17:29:14.0281 0752	dac2w2k - ok
17:29:14.0328 0752	dac960nt        (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
17:29:14.0562 0752	dac960nt - ok
17:29:14.0671 0752	Disk            (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:29:14.0890 0752	Disk - ok
17:29:14.0953 0752	dmboot          (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
17:29:15.0250 0752	dmboot - ok
17:29:15.0312 0752	dmio            (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
17:29:15.0546 0752	dmio - ok
17:29:15.0578 0752	dmload          (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:29:15.0812 0752	dmload - ok
17:29:15.0953 0752	DMusic          (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:29:16.0218 0752	DMusic - ok
17:29:16.0562 0752	dpti2o          (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
17:29:16.0859 0752	dpti2o - ok
17:29:17.0187 0752	drmkaud         (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:29:17.0421 0752	drmkaud - ok
17:29:17.0562 0752	dtsoftbus01     (fb38473835476a6fb272215a1d972af9) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
17:29:17.0781 0752	dtsoftbus01 - ok
17:29:17.0875 0752	E100B           (a6de5342417fec3c0aa8efebb899c431) C:\WINDOWS\system32\DRIVERS\e100b325.sys
17:29:18.0171 0752	E100B - ok
17:29:18.0218 0752	e1express       (00560c3fedf8958fcdc7c68b7906f66f) C:\WINDOWS\system32\DRIVERS\e1e5132.sys
17:29:18.0453 0752	e1express - ok
17:29:18.0515 0752	EGATHDRV        (2d0fc676d159525f6cd74c3302c7a61c) C:\WINDOWS\SYSTEM32\EGATHDRV.SYS
17:29:18.0578 0752	EGATHDRV ( UnsignedFile.Multi.Generic ) - warning
17:29:18.0578 0752	EGATHDRV - detected UnsignedFile.Multi.Generic (1)
17:29:18.0781 0752	Fastfat         (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:29:19.0046 0752	Fastfat - ok
17:29:19.0093 0752	Fdc             (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
17:29:19.0328 0752	Fdc - ok
17:29:19.0359 0752	Fips            (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
17:29:19.0593 0752	Fips - ok
17:29:19.0640 0752	Flpydisk        (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
17:29:19.0859 0752	Flpydisk - ok
17:29:19.0921 0752	FltMgr          (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
17:29:20.0156 0752	FltMgr - ok
17:29:20.0343 0752	fssfltr         (e0087225b137e57239ff40f8ae82059b) C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
17:29:20.0421 0752	fssfltr - ok
17:29:20.0468 0752	Fs_Rec          (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:29:20.0703 0752	Fs_Rec - ok
17:29:20.0765 0752	Ftdisk          (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:29:21.0000 0752	Ftdisk - ok
17:29:21.0046 0752	GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
17:29:21.0125 0752	GEARAspiWDM - ok
17:29:21.0156 0752	giveio          (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
17:29:21.0203 0752	giveio ( UnsignedFile.Multi.Generic ) - warning
17:29:21.0203 0752	giveio - detected UnsignedFile.Multi.Generic (1)
17:29:21.0375 0752	Gpc             (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:29:21.0609 0752	Gpc - ok
17:29:21.0671 0752	HDAudBus        (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:29:21.0906 0752	HDAudBus - ok
17:29:21.0953 0752	HidUsb          (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:29:22.0187 0752	HidUsb - ok
17:29:22.0234 0752	hpn             (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
17:29:22.0453 0752	hpn - ok
17:29:22.0515 0752	HSFHWAZL        (6a5c4732d6803f84e2987edd8e4359ce) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
17:29:22.0625 0752	HSFHWAZL - ok
17:29:22.0796 0752	HSF_DPV         (21c31273c6cc4826e74be8ae3b09d4a8) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
17:29:22.0937 0752	HSF_DPV - ok
17:29:23.0046 0752	HSXHWAZL        (3af45f5b4157c88ffae24d89ba408302) C:\WINDOWS\system32\DRIVERS\hsxhwazl.sys
17:29:23.0140 0752	HSXHWAZL - ok
17:29:23.0296 0752	HTTP            (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
17:29:23.0390 0752	HTTP - ok
17:29:23.0437 0752	i2omgmt         (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
17:29:23.0671 0752	i2omgmt - ok
17:29:23.0718 0752	i2omp           (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
17:29:23.0953 0752	i2omp - ok
17:29:24.0031 0752	i8042prt        (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:29:24.0265 0752	i8042prt - ok
17:29:24.0390 0752	iaStor          (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
17:29:24.0578 0752	iaStor - ok
17:29:24.0671 0752	ibmfilter       (bd1ddf774e7fd633d701b1fb69b9f081) C:\WINDOWS\system32\drivers\ibmfilter.sys
17:29:24.0750 0752	ibmfilter ( UnsignedFile.Multi.Generic ) - warning
17:29:24.0750 0752	ibmfilter - detected UnsignedFile.Multi.Generic (1)
17:29:24.0828 0752	IBMPMDRV        (bf648877413f6160e480814a24942b65) C:\WINDOWS\system32\DRIVERS\ibmpmdrv.sys
17:29:24.0875 0752	IBMPMDRV - ok
17:29:24.0968 0752	IBMTPCHK        (bfc9f3adaad74e13f9ce16c8bd336f95) C:\WINDOWS\system32\Drivers\IBMBLDID.sys
17:29:25.0000 0752	IBMTPCHK ( UnsignedFile.Multi.Generic ) - warning
17:29:25.0000 0752	IBMTPCHK - detected UnsignedFile.Multi.Generic (1)
17:29:25.0078 0752	Imapi           (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:29:25.0296 0752	Imapi - ok
17:29:25.0343 0752	ini910u         (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
17:29:25.0578 0752	ini910u - ok
17:29:25.0640 0752	IntelIde        (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
17:29:25.0859 0752	IntelIde - ok
17:29:25.0921 0752	intelppm        (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:29:26.0140 0752	intelppm - ok
17:29:26.0187 0752	Ip6Fw           (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
17:29:26.0406 0752	Ip6Fw - ok
17:29:26.0453 0752	IpFilterDriver  (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:29:26.0687 0752	IpFilterDriver - ok
17:29:26.0750 0752	IpInIp          (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:29:26.0968 0752	IpInIp - ok
17:29:27.0031 0752	IpNat           (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:29:27.0265 0752	IpNat - ok
17:29:27.0281 0752	IPSec           (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:29:27.0531 0752	IPSec - ok
17:29:27.0578 0752	irda            (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
17:29:27.0796 0752	irda - ok
17:29:27.0859 0752	IRENUM          (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:29:28.0078 0752	IRENUM - ok
17:29:28.0125 0752	isapnp          (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:29:28.0343 0752	isapnp - ok
17:29:28.0390 0752	Kbdclass        (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:29:28.0625 0752	Kbdclass - ok
17:29:28.0687 0752	kmixer          (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:29:28.0921 0752	kmixer - ok
17:29:28.0984 0752	KSecDD          (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
17:29:29.0109 0752	KSecDD - ok
17:29:29.0140 0752	lbrtfdc - ok
17:29:29.0218 0752	mdmxsdk         (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
17:29:29.0281 0752	mdmxsdk - ok
17:29:29.0359 0752	mnmdd           (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:29:29.0578 0752	mnmdd - ok
17:29:29.0703 0752	Modem           (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
17:29:29.0906 0752	Modem - ok
17:29:29.0953 0752	Mouclass        (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:29:30.0187 0752	Mouclass - ok
17:29:30.0281 0752	mouhid          (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:29:30.0500 0752	mouhid - ok
17:29:30.0531 0752	MountMgr        (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:29:30.0796 0752	MountMgr - ok
17:29:30.0890 0752	MpFilter        (fee0baded54222e9f1dae9541212aab1) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
17:29:31.0000 0752	MpFilter - ok
17:29:31.0140 0752	MpKsl06f1d0c7 - ok
17:29:31.0218 0752	MpKsl3d152c12   (a69630d039c38018689190234f866d77) c:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{89A2593E-6C14-4EF2-8AA2-24110F267508}\MpKsl3d152c12.sys
17:29:31.0265 0752	MpKsl3d152c12 - ok
17:29:31.0453 0752	MQAC            (70c14f5cca5cf73f8a645c73a01d8726) C:\WINDOWS\system32\drivers\mqac.sys
17:29:31.0671 0752	MQAC - ok
17:29:31.0750 0752	mraid35x        (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
17:29:31.0984 0752	mraid35x - ok
17:29:32.0031 0752	MRxDAV          (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:29:32.0250 0752	MRxDAV - ok
17:29:32.0328 0752	MRxSmb          (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:29:32.0468 0752	MRxSmb - ok
17:29:32.0625 0752	Msfs            (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:29:32.0828 0752	Msfs - ok
17:29:32.0875 0752	MSKSSRV         (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:29:33.0109 0752	MSKSSRV - ok
17:29:33.0171 0752	MSPCLOCK        (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:29:33.0359 0752	MSPCLOCK - ok
17:29:33.0390 0752	MSPQM           (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:29:33.0609 0752	MSPQM - ok
17:29:33.0656 0752	mssmbios        (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:29:33.0859 0752	mssmbios - ok
17:29:33.0906 0752	MSTEE           (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:29:34.0109 0752	MSTEE - ok
17:29:34.0156 0752	Mup             (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
17:29:34.0250 0752	Mup - ok
17:29:34.0421 0752	NABTSFEC        (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:29:34.0640 0752	NABTSFEC - ok
17:29:34.0718 0752	NDIS            (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:29:34.0968 0752	NDIS - ok
17:29:35.0000 0752	NdisIP          (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:29:35.0218 0752	NdisIP - ok
17:29:35.0281 0752	NdisTapi        (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:29:35.0359 0752	NdisTapi - ok
17:29:35.0500 0752	Ndisuio         (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:29:35.0718 0752	Ndisuio - ok
17:29:35.0750 0752	NdisWan         (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:29:36.0031 0752	NdisWan - ok
17:29:36.0093 0752	NDProxy         (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
17:29:36.0171 0752	NDProxy - ok
17:29:36.0203 0752	NetBIOS         (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:29:36.0421 0752	NetBIOS - ok
17:29:36.0453 0752	NetBT           (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:29:36.0687 0752	NetBT - ok
17:29:36.0750 0752	Npfs            (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:29:36.0953 0752	Npfs - ok
17:29:36.0968 0752	NSCIRDA         (2adc0ca9945c65284b3d19bc18765974) C:\WINDOWS\system32\DRIVERS\nscirda.sys
17:29:37.0187 0752	NSCIRDA - ok
17:29:37.0359 0752	Ntfs            (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:29:37.0640 0752	Ntfs - ok
17:29:37.0703 0752	NTIDrvr         (8055859b87ac3e504ece0c1e9353cc4e) C:\WINDOWS\system32\drivers\NTIDrvr.sys
17:29:37.0750 0752	NTIDrvr - ok
17:29:37.0796 0752	Null            (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:29:38.0000 0752	Null - ok
17:29:38.0125 0752	nv              (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
17:29:38.0437 0752	nv - ok
17:29:38.0609 0752	NwlnkFlt        (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:29:38.0828 0752	NwlnkFlt - ok
17:29:38.0875 0752	NwlnkFwd        (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:29:39.0093 0752	NwlnkFwd - ok
17:29:39.0171 0752	Parport         (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\DRIVERS\parport.sys
17:29:39.0437 0752	Parport - ok
17:29:39.0468 0752	PartMgr         (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:29:39.0671 0752	PartMgr - ok
17:29:39.0703 0752	ParVdm          (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
17:29:39.0937 0752	ParVdm - ok
17:29:39.0953 0752	PCI             (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
17:29:40.0203 0752	PCI - ok
17:29:40.0218 0752	PCIDump - ok
17:29:40.0250 0752	PCIIde          (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
17:29:40.0484 0752	PCIIde - ok
17:29:40.0656 0752	Pcmcia          (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
17:29:40.0875 0752	Pcmcia - ok
17:29:40.0890 0752	PDCOMP - ok
17:29:40.0906 0752	PDFRAME - ok
17:29:40.0937 0752	PDRELI - ok
17:29:40.0953 0752	PDRFRAME - ok
17:29:40.0984 0752	perc2           (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
17:29:41.0218 0752	perc2 - ok
17:29:41.0265 0752	perc2hib        (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
17:29:41.0484 0752	perc2hib - ok
17:29:41.0531 0752	pmem            (fa292805788528c083f416e151b60ab6) C:\WINDOWS\System32\drivers\pmemnt.sys
17:29:41.0578 0752	pmem ( UnsignedFile.Multi.Generic ) - warning
17:29:41.0578 0752	pmem - detected UnsignedFile.Multi.Generic (1)
17:29:41.0625 0752	PptpMiniport    (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:29:41.0843 0752	PptpMiniport - ok
17:29:41.0968 0752	PrivateDisk     (e580dd7d54415905bb0bab306b659fdf) C:\Programme\IBM ThinkVantage\SafeGuard PrivateDisk\PrivateDiskM.sys
17:29:42.0140 0752	PrivateDisk ( UnsignedFile.Multi.Generic ) - warning
17:29:42.0140 0752	PrivateDisk - detected UnsignedFile.Multi.Generic (1)
17:29:42.0328 0752	PROCDD          (abd39d58dac2cfcee7f0c9a838e989a8) C:\WINDOWS\system32\DRIVERS\PROCDD.SYS
17:29:42.0328 0752	PROCDD ( UnsignedFile.Multi.Generic ) - warning
17:29:42.0328 0752	PROCDD - detected UnsignedFile.Multi.Generic (1)
17:29:42.0359 0752	Processor       (2cb55427c58679f49ad600fccba76360) C:\WINDOWS\system32\DRIVERS\processr.sys
17:29:42.0578 0752	Processor - ok
17:29:42.0625 0752	psadd           (76df9412c1556fca3d6d94b2c9d94d6b) C:\WINDOWS\system32\Drivers\psadd.sys
17:29:42.0687 0752	psadd ( UnsignedFile.Multi.Generic ) - warning
17:29:42.0687 0752	psadd - detected UnsignedFile.Multi.Generic (1)
17:29:42.0703 0752	PSched          (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:29:42.0968 0752	PSched - ok
17:29:43.0015 0752	PSI             (d24dfd16a1e2a76034df5aa18125c35d) C:\WINDOWS\system32\DRIVERS\psi_mf.sys
17:29:43.0093 0752	PSI - ok
17:29:43.0125 0752	Ptilink         (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:29:43.0343 0752	Ptilink - ok
17:29:43.0375 0752	PxHelp20        (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:29:43.0437 0752	PxHelp20 - ok
17:29:43.0468 0752	ql1080          (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
17:29:43.0703 0752	ql1080 - ok
17:29:43.0890 0752	Ql10wnt         (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
17:29:44.0125 0752	Ql10wnt - ok
17:29:44.0218 0752	ql12160         (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
17:29:44.0468 0752	ql12160 - ok
17:29:44.0500 0752	ql1240          (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
17:29:44.0750 0752	ql1240 - ok
17:29:44.0781 0752	ql1280          (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
17:29:45.0000 0752	ql1280 - ok
17:29:45.0062 0752	RasAcd          (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:29:45.0281 0752	RasAcd - ok
17:29:45.0359 0752	Rasirda         (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
17:29:45.0484 0752	Rasirda - ok
17:29:45.0546 0752	Rasl2tp         (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:29:45.0765 0752	Rasl2tp - ok
17:29:45.0796 0752	RasPppoe        (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:29:46.0031 0752	RasPppoe - ok
17:29:46.0062 0752	Raspti          (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:29:46.0296 0752	Raspti - ok
17:29:46.0328 0752	Rdbss           (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:29:46.0578 0752	Rdbss - ok
17:29:46.0687 0752	RDPCDD          (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:29:46.0906 0752	RDPCDD - ok
17:29:46.0968 0752	rdpdr           (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:29:47.0234 0752	rdpdr - ok
17:29:47.0328 0752	RDPWD           (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
17:29:47.0437 0752	RDPWD - ok
17:29:47.0484 0752	redbook         (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:29:47.0718 0752	redbook - ok
17:29:47.0890 0752	RkHit - ok
17:29:47.0984 0752	RMCAST          (96f7a9a7bf0c9c0440a967440065d33c) C:\WINDOWS\system32\drivers\RMCast.sys
17:29:48.0109 0752	RMCAST - ok
17:29:48.0218 0752	s24trans        (13c2d87042260afa37b6d6a0ba3e4391) C:\WINDOWS\system32\DRIVERS\s24trans.sys
17:29:48.0296 0752	s24trans ( UnsignedFile.Multi.Generic ) - warning
17:29:48.0296 0752	s24trans - detected UnsignedFile.Multi.Generic (1)
17:29:48.0421 0752	Secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:29:48.0640 0752	Secdrv - ok
17:29:48.0687 0752	serenum         (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
17:29:48.0890 0752	serenum - ok
17:29:48.0937 0752	Serial          (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\DRIVERS\serial.sys
17:29:49.0203 0752	Serial - ok
17:29:49.0328 0752	Sfloppy         (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:29:49.0531 0752	Sfloppy - ok
17:29:49.0578 0752	ShockMgr        (1a9b76c8e0d77bcaca24fdf36781b59d) C:\WINDOWS\system32\drivers\ShockMgr.sys
17:29:49.0609 0752	ShockMgr ( UnsignedFile.Multi.Generic ) - warning
17:29:49.0609 0752	ShockMgr - detected UnsignedFile.Multi.Generic (1)
17:29:49.0687 0752	Shockprf        (70d82eb75e7e3b2980d6bf5b26051f4b) C:\WINDOWS\system32\drivers\Shockprf.sys
17:29:49.0812 0752	Shockprf ( UnsignedFile.Multi.Generic ) - warning
17:29:49.0812 0752	Shockprf - detected UnsignedFile.Multi.Generic (1)
17:29:49.0859 0752	Simbad - ok
17:29:49.0953 0752	sisagp          (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
17:29:50.0203 0752	sisagp - ok
17:29:50.0250 0752	SLIP            (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:29:50.0437 0752	SLIP - ok
17:29:50.0500 0752	Smapint         (26341d0dd225d19fd50e0ee3c3c77502) C:\WINDOWS\system32\drivers\Smapint.sys
17:29:50.0562 0752	Smapint ( UnsignedFile.Multi.Generic ) - warning
17:29:50.0562 0752	Smapint - detected UnsignedFile.Multi.Generic (1)
17:29:50.0656 0752	smi2            (3ba9d0c8a0fbd9fb4029b6cd87c8ce0b) C:\Programme\SMI2\smi2.sys
17:29:50.0687 0752	smi2 ( UnsignedFile.Multi.Generic ) - warning
17:29:50.0687 0752	smi2 - detected UnsignedFile.Multi.Generic (1)
17:29:50.0765 0752	Sparrow         (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
17:29:50.0906 0752	Sparrow - ok
17:29:51.0000 0752	speedfan        (3fa2e254bfbce52b3c6f1bf23aab6911) C:\WINDOWS\system32\speedfan.sys
17:29:51.0062 0752	speedfan - ok
17:29:51.0125 0752	splitter        (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:29:51.0343 0752	splitter - ok
17:29:51.0437 0752	sr              (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
17:29:51.0687 0752	sr - ok
17:29:51.0750 0752	Srv             (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
17:29:51.0859 0752	Srv - ok
17:29:51.0953 0752	streamip        (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:29:52.0156 0752	streamip - ok
17:29:52.0218 0752	swenum          (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:29:52.0437 0752	swenum - ok
17:29:52.0484 0752	swmidi          (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:29:52.0718 0752	swmidi - ok
17:29:52.0843 0752	symc810         (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
17:29:53.0062 0752	symc810 - ok
17:29:53.0109 0752	symc8xx         (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
17:29:53.0328 0752	symc8xx - ok
17:29:53.0375 0752	sym_hi          (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
17:29:53.0593 0752	sym_hi - ok
17:29:53.0609 0752	sym_u3          (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
17:29:53.0828 0752	sym_u3 - ok
17:29:53.0937 0752	SynTP           (d7dc30b8b41e7a913c3fccc0631e72ec) C:\WINDOWS\system32\DRIVERS\SynTP.sys
17:29:54.0000 0752	SynTP - ok
17:29:54.0062 0752	sysaudio        (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:29:54.0281 0752	sysaudio - ok
17:29:54.0421 0752	Tcpip           (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:29:54.0593 0752	Tcpip - ok
17:29:54.0656 0752	TDPIPE          (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:29:54.0875 0752	TDPIPE - ok
17:29:54.0984 0752	TDSMAPI         (564b337034271b7bddcabfddc91c6b7a) C:\WINDOWS\system32\drivers\TDSMAPI.SYS
17:29:55.0046 0752	TDSMAPI ( UnsignedFile.Multi.Generic ) - warning
17:29:55.0046 0752	TDSMAPI - detected UnsignedFile.Multi.Generic (1)
17:29:55.0093 0752	TDTCP           (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:29:55.0328 0752	TDTCP - ok
17:29:55.0437 0752	TermDD          (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:29:55.0656 0752	TermDD - ok
17:29:55.0718 0752	TosIde          (d213a9247dc347f305a2d4cc9b951487) C:\WINDOWS\system32\DRIVERS\toside.sys
17:29:55.0921 0752	TosIde - ok
17:29:55.0968 0752	TPHKDRV         (29f3601d4233a53f819010fee8c04a60) C:\WINDOWS\system32\drivers\TPHKDRV.sys
17:29:56.0046 0752	TPHKDRV ( UnsignedFile.Multi.Generic ) - warning
17:29:56.0046 0752	TPHKDRV - detected UnsignedFile.Multi.Generic (1)
17:29:56.0140 0752	TPPWRIF         (44672de6cea9569c21c4b7a8d2560750) C:\WINDOWS\system32\drivers\Tppwrif.sys
17:29:56.0187 0752	TPPWRIF ( UnsignedFile.Multi.Generic ) - warning
17:29:56.0187 0752	TPPWRIF - detected UnsignedFile.Multi.Generic (1)
17:29:56.0218 0752	TSMAPIP         (f2aba3066d7921d7fcdbd66dea88be11) C:\WINDOWS\system32\drivers\TSMAPIP.SYS
17:29:56.0265 0752	TSMAPIP ( UnsignedFile.Multi.Generic ) - warning
17:29:56.0265 0752	TSMAPIP - detected UnsignedFile.Multi.Generic (1)
17:29:56.0312 0752	UBHelper        (9e39dc3022e6d84bf974678011a1ea4c) C:\WINDOWS\system32\drivers\UBHelper.sys
17:29:56.0359 0752	UBHelper - ok
17:29:56.0468 0752	Udfs            (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:29:56.0687 0752	Udfs - ok
17:29:56.0734 0752	ultra           (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
17:29:56.0890 0752	ultra - ok
17:29:56.0968 0752	Update          (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:29:57.0187 0752	Update - ok
17:29:57.0296 0752	USBAAPL         (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
17:29:57.0390 0752	USBAAPL - ok
17:29:57.0421 0752	usbaudio        (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
17:29:57.0687 0752	usbaudio - ok
17:29:57.0796 0752	usbccgp         (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:29:58.0046 0752	usbccgp - ok
17:29:58.0078 0752	usbehci         (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:29:58.0296 0752	usbehci - ok
17:29:58.0328 0752	usbhub          (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:29:58.0578 0752	usbhub - ok
17:29:58.0671 0752	usbscan         (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
17:29:58.0875 0752	usbscan - ok
17:29:58.0921 0752	USBSTOR         (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:29:59.0125 0752	USBSTOR - ok
17:29:59.0156 0752	usbuhci         (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:29:59.0375 0752	usbuhci - ok
17:29:59.0484 0752	usbvideo        (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
17:29:59.0703 0752	usbvideo - ok
17:29:59.0750 0752	VgaSave         (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:29:59.0968 0752	VgaSave - ok
17:30:00.0046 0752	viaagp          (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
17:30:00.0296 0752	viaagp - ok
17:30:00.0343 0752	ViaIde          (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
17:30:00.0562 0752	ViaIde - ok
17:30:00.0593 0752	VolSnap         (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
17:30:00.0812 0752	VolSnap - ok
17:30:01.0015 0752	w39n51          (b1f126e7e28877106d60e6ff3998d033) C:\WINDOWS\system32\DRIVERS\w39n51.sys
17:30:01.0218 0752	w39n51 - ok
17:30:01.0296 0752	Wanarp          (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:30:01.0531 0752	Wanarp - ok
17:30:01.0687 0752	Wdf01000        (d918617b46457b9ac28027722e30f647) C:\WINDOWS\system32\Drivers\wdf01000.sys
17:30:01.0765 0752	Wdf01000 - ok
17:30:01.0781 0752	WDICA - ok
17:30:01.0859 0752	wdmaud          (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:30:02.0125 0752	wdmaud - ok
17:30:02.0218 0752	winachsf        (307d248f97835b6879bdd361086924fe) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
17:30:02.0343 0752	winachsf - ok
17:30:02.0500 0752	WpdUsb          (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
17:30:02.0625 0752	WpdUsb - ok
17:30:02.0718 0752	WS2IFSL         (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:30:02.0968 0752	WS2IFSL - ok
17:30:03.0015 0752	WSTCODEC        (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:30:03.0265 0752	WSTCODEC - ok
17:30:03.0328 0752	WudfPf          (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
17:30:03.0468 0752	WudfPf - ok
17:30:03.0562 0752	WudfRd          (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
17:30:03.0656 0752	WudfRd - ok
17:30:03.0703 0752	MBR (0x1B8)     (27a2c828549e506fa4a176df897fa151) \Device\Harddisk0\DR0
17:30:03.0812 0752	\Device\Harddisk0\DR0 - ok
17:30:03.0812 0752	Boot (0x1200)   (71402eec6fba5652da501fa87e92a751) \Device\Harddisk0\DR0\Partition0
17:30:03.0812 0752	\Device\Harddisk0\DR0\Partition0 - ok
17:30:03.0828 0752	============================================================
17:30:03.0828 0752	Scan finished
17:30:03.0828 0752	============================================================
17:30:03.0937 2576	Detected object count: 22
17:30:03.0937 2576	Actual detected object count: 22
18:26:07.0421 2576	AegisP ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:07.0421 2576	AegisP ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:26:07.0421 2576	ANC ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:07.0421 2576	ANC ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:26:07.0421 2576	ANCSQ ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:07.0421 2576	ANCSQ ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:26:07.0421 2576	BTKRNL ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:07.0421 2576	BTKRNL ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:26:07.0421 2576	BTWUSB ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:07.0421 2576	BTWUSB ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:26:07.0437 2576	EGATHDRV ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:07.0437 2576	EGATHDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:26:07.0437 2576	giveio ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:07.0437 2576	giveio ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:26:07.0437 2576	ibmfilter ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:07.0437 2576	ibmfilter ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:26:07.0437 2576	IBMTPCHK ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:07.0437 2576	IBMTPCHK ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:26:07.0453 2576	pmem ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:07.0453 2576	pmem ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:26:07.0453 2576	PrivateDisk ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:07.0453 2576	PrivateDisk ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:26:07.0453 2576	PROCDD ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:07.0453 2576	PROCDD ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:26:07.0453 2576	psadd ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:07.0453 2576	psadd ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:26:07.0453 2576	s24trans ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:07.0453 2576	s24trans ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:26:07.0468 2576	ShockMgr ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:07.0468 2576	ShockMgr ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:26:07.0468 2576	Shockprf ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:07.0468 2576	Shockprf ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:26:07.0468 2576	Smapint ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:07.0468 2576	Smapint ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:26:07.0468 2576	smi2 ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:07.0468 2576	smi2 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:26:07.0468 2576	TDSMAPI ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:07.0468 2576	TDSMAPI ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:26:07.0468 2576	TPHKDRV ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:07.0468 2576	TPHKDRV ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:26:07.0484 2576	TPPWRIF ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:07.0484 2576	TPPWRIF ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:26:07.0484 2576	TSMAPIP ( UnsignedFile.Multi.Generic ) - skipped by user
18:26:07.0484 2576	TSMAPIP ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Alt 14.01.2012, 20:33   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Win32.Agent.bb - Standard

Win32.Agent.bb



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.01.2012, 09:29   #15
IhrBlog
 
Win32.Agent.bb - Standard

Win32.Agent.bb



Combofix Logfile:
Code:
ATTFilter
ComboFix 12-01-13.05 - *** 01/15/2012   0:57.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.49.1031.18.2046.1424 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\***\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\***\Anwendungsdaten\SogouExplorer
c:\dokumente und einstellungen\***\Anwendungsdaten\SogouExplorer\Skin\????????.seskin
c:\dokumente und einstellungen\***\Anwendungsdaten\SogouExplorer\Skin\???????????.seskin
c:\dokumente und einstellungen\***\Anwendungsdaten\SogouExplorer\Skin\?????‘Chrome’?.seskin
c:\dokumente und einstellungen\***\Anwendungsdaten\SogouExplorer\Skin\?????IE???.seskin
c:\programme\StartNow Toolbar
c:\programme\StartNow Toolbar\Resources\images\btn-msn.png
c:\programme\StartNow Toolbar\Resources\images\chevronButton.png
c:\programme\StartNow Toolbar\Resources\images\engine_images.png
c:\programme\StartNow Toolbar\Resources\images\engine_maps.png
c:\programme\StartNow Toolbar\Resources\images\engine_news.png
c:\programme\StartNow Toolbar\Resources\images\engine_videos.png
c:\programme\StartNow Toolbar\Resources\images\engine_web.png
c:\programme\StartNow Toolbar\Resources\images\icon_amazon.png
c:\programme\StartNow Toolbar\Resources\images\icon_ebay.png
c:\programme\StartNow Toolbar\Resources\images\icon_facebook.png
c:\programme\StartNow Toolbar\Resources\images\icon_games.png
c:\programme\StartNow Toolbar\Resources\images\icon_shopping.png
c:\programme\StartNow Toolbar\Resources\images\icon_travel.png
c:\programme\StartNow Toolbar\Resources\images\icon_twitter.png
c:\programme\StartNow Toolbar\Resources\images\separator.png
c:\programme\StartNow Toolbar\Resources\images\splitter.png
c:\programme\StartNow Toolbar\Resources\images\startnow_logo.png
c:\programme\StartNow Toolbar\Resources\installer.xml
c:\programme\StartNow Toolbar\Resources\protect\index.html
c:\programme\StartNow Toolbar\Resources\protect\NotIE6.css
c:\programme\StartNow Toolbar\Resources\protect\OnlyIE6.css
c:\programme\StartNow Toolbar\Resources\protect\SearchProtectIcon.png
c:\programme\StartNow Toolbar\Resources\protect\window.css
c:\programme\StartNow Toolbar\Resources\protect\window.js
c:\programme\StartNow Toolbar\Resources\reactivate\index.html
c:\programme\StartNow Toolbar\Resources\reactivate\LeftImage.png
c:\programme\StartNow Toolbar\Resources\reactivate\NotIE6.css
c:\programme\StartNow Toolbar\Resources\reactivate\OnlyIE6.css
c:\programme\StartNow Toolbar\Resources\reactivate\window.css
c:\programme\StartNow Toolbar\Resources\reactivate\window.js
c:\programme\StartNow Toolbar\Resources\searchbox\dropdown_button_normal.png
c:\programme\StartNow Toolbar\Resources\searchbox\searchbox_button_hover.png
c:\programme\StartNow Toolbar\Resources\searchbox\searchbox_button_normal.png
c:\programme\StartNow Toolbar\Resources\searchbox\searchbox_input_left.png
c:\programme\StartNow Toolbar\Resources\searchbox\searchbox_input_middle.png
c:\programme\StartNow Toolbar\Resources\toolbar.xml
c:\programme\StartNow Toolbar\Resources\toolbarbutton\hover_c.png
c:\programme\StartNow Toolbar\Resources\toolbarbutton\hover_l.png
c:\programme\StartNow Toolbar\Resources\toolbarbutton\hover_r.png
c:\programme\StartNow Toolbar\Resources\toolbarbutton\normal_c.png
c:\programme\StartNow Toolbar\Resources\toolbarbutton\normal_l.png
c:\programme\StartNow Toolbar\Resources\toolbarbutton\normal_r.png
c:\programme\StartNow Toolbar\Resources\update.xml
c:\programme\StartNow Toolbar\uninstall.dat
c:\windows\IsUn0407.exe
c:\windows\system32\Cache
c:\windows\system32\TPAPSLOG.LOG
c:\windows\system32\TPHDLOG0.LOG
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_RKHIT
-------\Service_RkHit
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-12-15 bis 2012-01-15  ))))))))))))))))))))))))))))))
.
.
2012-01-15 01:26 . 2012-01-15 01:26	56200	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{3013AE6D-53EF-49BF-A1B0-B4D12AAE17A2}\offreg.dll
2012-01-15 01:26 . 2011-11-21 01:47	6823496	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{3013AE6D-53EF-49BF-A1B0-B4D12AAE17A2}\mpengine.dll
2012-01-13 17:16 . 2012-01-13 17:16	--------	d-----w-	C:\_OTL
2012-01-09 22:07 . 2012-01-09 22:07	--------	d-----w-	c:\dokumente und einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\PCHealth
2012-01-08 14:03 . 2012-01-08 14:03	--------	d-----w-	c:\programme\PHP
2012-01-08 13:56 . 2012-01-08 13:56	--------	d-----w-	c:\dokumente und einstellungen\Internet\Papa_Model_Eichhoernchen
2012-01-08 10:59 . 2012-01-08 11:01	--------	d-----w-	c:\programme\JDownloader
2012-01-07 20:43 . 2009-03-16 13:18	22360	----a-w-	c:\windows\system32\X3DAudio1_6.dll
2012-01-07 20:39 . 2012-01-07 20:39	--------	d-----w-	c:\programme\Smart Projects
2012-01-07 20:39 . 2012-01-07 20:39	--------	d-----w-	c:\programme\Winamp Detect
2012-01-07 20:38 . 2012-01-07 21:36	--------	d-----w-	c:\dokumente und einstellungen\***\Anwendungsdaten\Winamp
2012-01-07 20:36 . 2012-01-07 20:36	239168	----a-w-	c:\windows\system32\drivers\dtsoftbus01.sys
2012-01-07 20:36 . 2012-01-07 20:37	--------	d-----w-	c:\programme\DAEMON Tools Lite
2012-01-07 20:36 . 2012-01-07 20:36	--------	d-----w-	c:\dokumente und einstellungen\***\Anwendungsdaten\DAEMON Tools Lite
2012-01-07 20:36 . 2012-01-07 20:36	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\DAEMON Tools Lite
2012-01-07 20:35 . 2012-01-07 20:35	--------	d-----w-	c:\programme\SopCast
2012-01-07 20:28 . 2012-01-07 20:28	--------	d-----w-	c:\programme\FreeTime
2012-01-07 20:26 . 2012-01-07 20:26	--------	d-----w-	c:\programme\FileZilla FTP Client
2012-01-07 15:02 . 2012-01-07 15:02	--------	d-----w-	c:\programme\IrfanView
2012-01-07 14:54 . 2012-01-07 14:54	--------	d-----w-	c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Sun
2012-01-07 14:52 . 2012-01-07 14:52	--------	d-----w-	c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\PCHealth
2012-01-07 14:24 . 2012-01-07 14:24	--------	d-----w-	c:\programme\Gemeinsame Dateien\Java
2012-01-07 14:23 . 2012-01-07 14:22	637848	----a-w-	c:\windows\system32\npdeployJava1.dll
2012-01-07 14:19 . 2012-01-07 14:19	--------	d-----w-	c:\programme\Notepad++
2012-01-07 14:16 . 2012-01-14 16:27	626688	----a-w-	c:\programme\Mozilla Firefox\msvcr80.dll
2012-01-07 14:16 . 2012-01-14 16:27	548864	----a-w-	c:\programme\Mozilla Firefox\msvcp80.dll
2012-01-07 14:16 . 2012-01-14 16:27	479232	----a-w-	c:\programme\Mozilla Firefox\msvcm80.dll
2012-01-07 14:16 . 2012-01-14 16:27	43992	----a-w-	c:\programme\Mozilla Firefox\mozutils.dll
2012-01-07 14:10 . 2012-01-07 14:22	141312	----a-w-	c:\windows\system32\javacpl.cpl
2012-01-07 14:09 . 2011-11-21 01:47	6823496	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-01-07 13:53 . 2010-10-19 20:51	222080	------w-	c:\windows\system32\MpSigStub.exe
2012-01-07 13:40 . 2012-01-07 13:43	--------	d-----w-	c:\programme\Microsoft Security Client
2012-01-07 13:32 . 2012-01-07 13:32	--------	d-----w-	c:\programme\SpeedFan
2012-01-07 13:32 . 2012-01-07 13:32	--------	d-----w-	c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Secunia PSI
2012-01-07 13:30 . 2012-01-07 13:30	--------	d-----w-	c:\programme\Secunia
2012-01-07 13:05 . 2011-12-10 14:24	20464	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-01-07 13:05 . 2012-01-07 13:05	--------	d-----w-	c:\programme\Malwarebytes' Anti-Malware
2012-01-07 10:55 . 2012-01-07 10:55	--------	d-----w-	c:\programme\7-Zip
2012-01-06 21:12 . 2012-01-06 21:12	--------	d-----w-	c:\programme\iPod
2012-01-06 21:12 . 2012-01-06 21:14	--------	d-----w-	c:\programme\iTunes
2012-01-03 13:10 . 2012-01-03 13:10	182672	----a-w-	c:\programme\Mozilla Firefox\plugins\nppdf32.dll
2012-01-03 13:10 . 2012-01-03 13:10	182672	----a-w-	c:\programme\Internet Explorer\PLUGINS\nppdf32.dll
2011-12-31 16:44 . 2011-12-31 16:44	--------	d-----w-	c:\dokumente und einstellungen\***\Anwendungsdaten\Malwarebytes
2011-12-31 16:44 . 2011-12-31 16:44	--------	d-----w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2011-12-31 16:42 . 2011-12-31 16:42	--------	d-----w-	c:\dokumente und einstellungen\***\Anwendungsdaten\WinPatrol
2011-12-31 16:41 . 2011-12-31 16:41	388096	----a-r-	c:\dokumente und einstellungen\***\Anwendungsdaten\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-12-31 16:41 . 2011-12-31 16:41	--------	d-----w-	c:\programme\Trend Micro
2011-12-31 16:25 . 2011-12-31 16:25	--------	d-----w-	c:\programme\ESET
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-14 23:23 . 2010-09-29 18:39	5427	----a-w-	c:\windows\system32\EGATHDRV.SYS
2012-01-07 20:38 . 2011-06-01 14:51	414368	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-07 14:22 . 2010-10-04 17:28	567184	----a-w-	c:\windows\system32\deployJava1.dll
2011-11-25 21:57 . 1979-12-31 22:00	293888	----a-w-	c:\windows\system32\winsrv.dll
2011-11-23 14:40 . 1979-12-31 22:00	1859712	------w-	c:\windows\system32\win32k.sys
2011-11-20 06:12 . 1979-12-31 22:00	61952	------w-	c:\windows\system32\packager.exe
2011-11-04 19:13 . 1979-12-31 22:00	916992	----a-w-	c:\windows\system32\wininet.dll
2011-11-04 19:13 . 1979-12-31 22:00	43520	------w-	c:\windows\system32\licmgr10.dll
2011-11-04 19:13 . 1979-12-31 22:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2011-11-04 11:23 . 1979-12-31 22:00	385024	------w-	c:\windows\system32\html.iec
2011-11-03 15:28 . 1979-12-31 22:00	387072	------w-	c:\windows\system32\qdvd.dll
2011-11-03 15:28 . 1979-12-31 22:00	1297920	------w-	c:\windows\system32\quartz.dll
2011-11-01 16:07 . 1979-12-31 22:00	1288704	----a-w-	c:\windows\system32\ole32.dll
2011-10-28 05:31 . 1979-12-31 22:00	33280	------w-	c:\windows\system32\csrsrv.dll
2011-10-26 10:49 . 2004-08-03 22:50	2029568	------w-	c:\windows\system32\ntkrnlpa.exe
2011-10-26 10:49 . 1979-12-31 22:00	2151424	------w-	c:\windows\system32\ntoskrnl.exe
2011-10-24 13:29 . 2011-10-24 13:29	94208	----a-w-	c:\windows\system32\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29	69632	----a-w-	c:\windows\system32\QuickTime.qts
2011-10-21 10:38 . 2011-10-21 10:38	371272	------r-	c:\dokumente und einstellungen\Internet\Anwendungsdaten\Microsoft\Installer\{AA59DDE4-B672-4621-A016-4C248204957A}\SkypeIcon.exe
2011-10-18 11:13 . 1979-12-31 22:00	186880	------w-	c:\windows\system32\encdec.dll
2012-01-14 16:27 . 2011-06-01 02:38	121816	----a-w-	c:\programme\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\programme\Analog Devices\Core\smax4pnp.exe" [2005-12-15 925696]
"MSC"="c:\programme\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\
OneNote Table Of Contents.onetoc2 [2012-1-8 3656]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\programme\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 21:45	28672	------w-	c:\windows\system32\notifyf2.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 18:16	24576	------w-	c:\windows\system32\tphklock.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\keyboard layouts\e0200804]
   Ime File	REG_SZ         	SOGOUPY.IME
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^All Users^Startmenü^Programme^Autostart^Secunia PSI Tray.lnk]
path=c:\dokumente und einstellungen\All Users\Startmenü\Programme\Autostart\Secunia PSI Tray.lnk
backup=c:\windows\pss\Secunia PSI Tray.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Dokumente und Einstellungen^***^Startmenü^Programme^Autostart^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\dokumente und einstellungen\***\Startmenü\Programme\Autostart\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37	843712	----a-w-	c:\programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2011-11-02 06:51	59240	----a-w-	c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2011-11-01 22:25	59240	----a-w-	c:\programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-01-08 13:11	136176	----atw-	c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-12-08 00:36	421736	----a-w-	c:\programme\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 13:28	421888	----a-w-	c:\programme\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-09-30 11:19	252296	----a-w-	c:\programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
2010-04-22 22:16	1725736	----a-w-	c:\programme\Synaptics\SynTP\SynTPEnh.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
2010-04-22 23:16	128296	----a-w-	c:\programme\Synaptics\SynTP\SynTPLpr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"PWRMGRTR"=rundll32 c:\progra~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 ANCSQ;ANCSQ;c:\windows\system32\drivers\ANCSQ.sys [12/21/2005 10:39 PM 6912]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [1/7/2012 9:36 PM 239168]
R2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\programme\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe [2/22/2010 9:44 AM 45312]
R2 PrivateDisk;PrivateDisk;c:\programme\IBM ThinkVantage\SafeGuard PrivateDisk\privatediskm.sys [11/15/2005 12:11 PM 46142]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\programme\Secunia\PSI\PSIA.exe --start-service --> c:\programme\Secunia\PSI\PSIA.exe --start-service [?]
R2 Secunia Update Agent;Secunia Update Agent;c:\programme\Secunia\PSI\sua.exe --start-service --> c:\programme\Secunia\PSI\sua.exe --start-service [?]
R2 smi2;smi2;c:\programme\SMI2\smi2.sys [12/21/2005 3:45 PM 3968]
R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [9/1/2010 9:30 AM 15544]
S1 MpKsl066d7c49;MpKsl066d7c49;\??\c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{D5BAF62F-5904-457A-BE06-859DDD662EDC}\MpKsl066d7c49.sys --> c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{D5BAF62F-5904-457A-BE06-859DDD662EDC}\MpKsl066d7c49.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 12:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [2/2/2010 3:41 AM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [2/2/2010 3:41 AM 136176]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [12/31/1979 11:00 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 12:16 PM 753504]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM	REG_MULTI_SZ   	WINRM
.
Inhalt des "geplante Tasks" Ordners
.
2011-08-21 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:57]
.
2012-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cccbad9a56400a.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-02-02 02:41]
.
2011-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-02-02 02:41]
.
2012-01-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1285189494-1214931641-1441595476-1005Core.job
- c:\dokumente und einstellungen\***\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2012-01-08 13:11]
.
2011-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1285189494-1214931641-1441595476-1008Core.job
- c:\dokumente und einstellungen\Internet\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [2011-06-29 02:41]
.
2012-01-15 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programme\Microsoft Security Client\Antimalware\MpCmdRun.exe [2011-04-27 14:39]
.
2011-12-31 c:\windows\Tasks\PMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE [2010-09-29 23:12]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = 
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Senden an &Bluetooth - c:\programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: microsoft.com\windowsupdate
TCP: DhcpNameServer = 192.168.0.1
DPF: {4D2D3A17-9B46-483C-A5F4-1DC471080009} - hxxps://cas.sc.loc/auth/taweb.cab
FF - ProfilePath - c:\dokumente und einstellungen\***\Anwendungsdaten\Mozilla\Firefox\Profiles\cdti4bpa.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - Google
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Notify-ACNotify - ACNotify.dll
Notify-NavLogon - (no file)
MSConfigStartUp-ISW - c:\programme\CheckPoint\ZAForceField\ForceField.exe
AddRemove-DAEMON Tools Toolbar - c:\programme\DAEMON Tools Toolbar\uninst.exe
AddRemove-Microsoft Interactive Training - c:\windows\IsUn0407.exe
AddRemove-Presentation Director - c:\windows\IsUn0407.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-01-15 07:52
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(940)
c:\programme\ThinkPad\ConnectUtilities\ACNotify.dll
c:\programme\ThinkPad\ConnectUtilities\AcSvcStub.dll
c:\programme\ThinkPad\ConnectUtilities\AcLocSettings.dll
c:\programme\ThinkPad\ConnectUtilities\ACHelper.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\tphklock.dll
.
- - - - - - - > 'explorer.exe'(3324)
c:\windows\system32\PROCHLP.DLL
c:\programme\Windows Desktop Search\deskbar.dll
c:\programme\Windows Desktop Search\de-de\dbres.dll.mui
c:\programme\Windows Desktop Search\dbres.dll
c:\programme\Windows Desktop Search\wordwheel.dll
c:\programme\Windows Desktop Search\de-de\msnlExtRes.dll.mui
c:\programme\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\Ati2evxx.exe
c:\programme\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\programme\Intel\Wireless\Bin\EvtEng.exe
c:\programme\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\IPSSVC.EXE
c:\windows\system32\msdtc.exe
c:\programme\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\programme\Java\jre7\bin\jqs.exe
c:\programme\Intel\Wireless\Bin\RegSrvc.exe
c:\programme\Secunia\PSI\PSIA.exe
c:\windows\System32\snmp.exe
c:\windows\System32\TPHDEXLG.EXE
c:\windows\system32\TpKmpSVC.exe
c:\programme\IBM ThinkVantage\Client Security Solution\ibmtcsd.exe
c:\programme\IBM ThinkVantage\Rescue and Recovery\rrservice.exe
c:\programme\IBM ThinkVantage\Common\Scheduler\tvtsched.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\mqsvc.exe
c:\programme\Windows Media Player\WMPNetwk.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programme\IBM ThinkVantage\Common\Logger\logmon.exe
c:\programme\Secunia\PSI\sua.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-01-15  07:58:17 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-01-15 06:58
.
Vor Suchlauf: 8,942,624,768 Bytes frei
Nach Suchlauf: 8,725,815,296 Bytes frei
.
WindowsXP-KB310994-SP2-Pro-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noguiboot /numproc=2
.
- - End Of File - - 8489267ACE70D4F265AF0A92EBB5A97A
         
--- --- ---

Antwort

Themen zu Win32.Agent.bb
0x00000001, adware.sogou, amerika, antivirus, avg, avira, bho, bonjour, dateisystem, einstellungen, entfernen, error, firefox, format, ftp, google, google earth, heuristiks/extra, heuristiks/shuriken, hijack, internet, logfile, microsoft, opera, problem, registry, scan, security, senden, skybot, software, superfish, superfish.com, trojaner, trojaner-board, version=1.0, version=2.0, wallpaper, win32.agent, win32.agent.bb, winlogon



Ähnliche Themen: Win32.Agent.bb


  1. 2 Trojaner eingefangen durch E-Mail-Anhänge // Trojan-Banker.Win32.Agent.ubo und Trojan.Win32.Yakes.ghny
    Log-Analyse und Auswertung - 19.07.2015 (28)
  2. Mehrere Viren gefuden: Win32.Adware.OfferMosquito.A und Win32.Trojan.Agent.KQF
    Log-Analyse und Auswertung - 19.09.2014 (23)
  3. Win32/openCandy + Win32.Trojan.Agent.C5K071 auf PC Win7/64bit
    Log-Analyse und Auswertung - 17.01.2014 (3)
  4. TR/Agent.10512429.1 und Win32/Agent.SZW trojan
    Plagegeister aller Art und deren Bekämpfung - 12.03.2013 (30)
  5. Win32.Agent.tdd / Win32.Delf.uv Trojaner
    Log-Analyse und Auswertung - 15.06.2011 (3)
  6. nach spybot durchlauf... Win32.Agent.ieu, Win32.FraudLoad, Win32.PornPopup
    Log-Analyse und Auswertung - 08.08.2010 (3)
  7. Trojan.Win32.Agent.delx ; Trojan-Downloader.Win32.Agent.bvst; HackTool.Win32.Kiser.fb
    Plagegeister aller Art und deren Bekämpfung - 05.01.2010 (3)
  8. Win32.Trojan.Agent/Win32.Worm.Autorun mit Ad-Aware unschädlich gemacht?
    Plagegeister aller Art und deren Bekämpfung - 06.08.2009 (6)
  9. Backdoor.Win32.Agent.tpi und Packed.Win32.Black.a
    Plagegeister aller Art und deren Bekämpfung - 07.12.2008 (4)
  10. Probleme mit Tr/win32.Tiny.h Tr/Win32.Agent.bq! Hilfe
    Mülltonne - 02.10.2008 (0)
  11. Trojaner: Win32.KeyLogger, Win32.GreenScreen,Win32.Agent, Win32Tiny, HTML.Bankfraud
    Log-Analyse und Auswertung - 29.09.2008 (1)
  12. Was sind Win32.Rungbu.a und Win32.Agent.frl
    Plagegeister aller Art und deren Bekämpfung - 18.07.2008 (0)
  13. Sind Win32.Agent.frl und Win32.Rungbu.a Schadprogramme???
    Mülltonne - 15.07.2008 (0)
  14. Trojaner-Verdacht: Win32:Agent-PBF + Win32:Zlob-AJG
    Log-Analyse und Auswertung - 05.01.2008 (1)
  15. Trojan.Win32.Sphinx.a+Backdoor.Win32.agent.zq+HJT-log
    Plagegeister aller Art und deren Bekämpfung - 01.12.2006 (1)
  16. Trojan-Clicker.Win32.Agent.ac / Bachdoor.Win32.PoeBot.a etc
    Plagegeister aller Art und deren Bekämpfung - 22.01.2005 (1)
  17. HackTool.Win32.Hidd.c / TrojanSpy.Win32.Agent.w / Trojan-Downloader.Win32.Agent.fy
    Plagegeister aller Art und deren Bekämpfung - 21.12.2004 (3)

Zum Thema Win32.Agent.bb - Hallo Trojaner-Board Community, Skybot hat folgendes Problem gemeldet: " --- Search result list --- Win32.Agent.bb: [SBI $E6716A09] Programm-Verzeichnis (Verzeichnis, nothing done) C:\Dokumente und Einstellungen\Jan\Anwendungsdaten\SogouExplorer\ " Leider konnte weder Skybot den - Win32.Agent.bb...
Archiv
Du betrachtest: Win32.Agent.bb auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.