Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: 50-€ Virus infiziert

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 19.02.2012, 03:40   #1
ricu123
 
50-€ Virus infiziert - Standard

50-€ Virus infiziert



Hallo,
bin ebenfalls von dem Virus "Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert". Ein schwarzer Bildschirm und ich muss 50€ zahlen um den Virus loszuwerden
Hab schonmal Malwarebytes und OTL wie HIER(http://www.trojaner-board.de/109693-...blockiert.html) durchgeführt: hier die Logs:

Malwarebytes:
Zitat:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.18.08

Windows XP Service Pack 3 x86 FAT32
Internet Explorer 8.0.6001.18702
Poppel :: ACER-A9CE03BBC6 [Administrator]

19.02.2012 04:04:42
mbam-log-2012-02-19 (04-04-42).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 191845
Laufzeit: 6 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ZUMIESEARCH_SERVICE (PUP.Zwangi) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Microsoft\torrent.exe (Trojan.VUPX.PL1) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Dokumente und Einstellungen\Poppel\Lokale Einstellungen\Temp\0.06353048701918118.exe (Trojan.VUPX.PL1) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
ORL.txt:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 19.02.2012 04:37:49 - Run 1
OTL by OldTimer - Version 3.2.33.0     Folder = C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Mari
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,44 Gb Total Physical Memory | 0,93 Gb Available Physical Memory | 64,56% Memory free
2,72 Gb Paging File | 2,12 Gb Available in Paging File | 77,72% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 53,68 Gb Total Space | 2,56 Gb Free Space | 4,77% Space Free | Partition Type: FAT32
Drive D: | 54,18 Gb Total Space | 22,40 Gb Free Space | 41,34% Space Free | Partition Type: FAT32
 
Computer Name: ACER-A9CE03BBC6 | User Name: Poppel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.19 04:35:44 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Mari\OTL.exe
PRC - [2011.08.25 15:25:00 | 000,886,760 | ---- | M] (Search-Results) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2011.06.28 19:47:42 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.06 12:13:34 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.02.18 16:37:16 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.11.30 20:06:04 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.05.20 23:59:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.20 23:59:28 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2010.01.14 21:10:54 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008.04.14 04:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.08.09 17:42:06 | 000,342,016 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PRC - [2006.08.08 14:15:14 | 000,634,880 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2006.07.18 11:37:30 | 000,438,272 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2006.06.28 17:01:32 | 000,520,192 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\LockServ.exe
PRC - [2006.06.13 16:23:50 | 000,045,056 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
PRC - [2006.06.07 20:18:12 | 000,208,896 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
PRC - [2006.06.01 14:40:54 | 000,413,696 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2006.05.18 16:52:06 | 000,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
PRC - [2006.05.11 15:22:48 | 000,028,672 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
PRC - [2006.04.27 12:10:30 | 000,254,050 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
PRC - [2006.04.27 12:10:30 | 000,114,784 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
PRC - [2006.04.27 12:09:50 | 001,077,376 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
PRC - [2006.04.27 12:09:50 | 000,061,440 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2005.11.04 15:04:48 | 000,176,128 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2001.12.12 01:32:56 | 000,196,608 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.11 15:57:58 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_22279648\mscorlib.dll
MOD - [2012.01.11 15:57:56 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_21750a87\system.drawing.dll
MOD - [2012.01.11 15:57:48 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_cec5e857\system.xml.dll
MOD - [2012.01.11 15:57:40 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_278b595e\system.windows.forms.dll
MOD - [2012.01.11 15:57:28 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_7e1616a1\system.dll
MOD - [2012.01.11 15:57:18 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012.01.11 15:57:16 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2011.02.06 11:32:14 | 000,067,872 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2010.05.04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2010.01.28 12:57:54 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2006.08.25 14:58:00 | 000,126,976 | ---- | M] () -- c:\windows\assembly\gac\system.serviceprocess\1.0.5000.0__b03f5f7f11d50a3a\system.serviceprocess.dll
MOD - [2006.08.25 14:57:58 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2006.08.25 14:57:58 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2006.08.25 14:57:58 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2006.08.25 14:57:58 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2006.08.25 14:57:20 | 000,233,472 | ---- | M] () -- c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2006.08.25 14:57:20 | 000,040,960 | ---- | M] () -- c:\windows\assembly\gac\system.serviceprocess.resources\1.0.5000.0_de_b03f5f7f11d50a3a\system.serviceprocess.resources.dll
MOD - [2006.08.15 21:10:00 | 001,403,904 | ---- | M] () -- C:\WINDOWS\system32\UIVCL.dll
MOD - [2006.08.09 17:40:50 | 000,057,344 | ---- | M] () -- C:\WINDOWS\system32\APISlice.dll
MOD - [2006.07.18 11:37:30 | 000,438,272 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
MOD - [2006.06.28 17:01:32 | 000,520,192 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\LockServ.exe
MOD - [2006.06.02 14:08:58 | 000,188,416 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\CPUID.dll
MOD - [2006.05.19 16:09:40 | 000,352,256 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\it41.dll
MOD - [2006.04.27 12:10:38 | 000,192,616 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapEngine.dll
MOD - [2006.04.27 12:10:38 | 000,061,538 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSchMgr.dll
MOD - [2006.04.27 12:10:38 | 000,028,672 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvcps.dll
MOD - [2006.04.27 12:10:38 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSchedps.dll
MOD - [2006.04.27 12:10:30 | 000,254,050 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
MOD - [2006.04.27 12:10:30 | 000,114,784 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
MOD - [2006.03.30 00:05:20 | 000,126,976 | ---- | M] () -- C:\WINDOWS\system\BisonCam.dll
MOD - [2006.03.16 12:03:24 | 000,032,768 | ---- | M] () -- c:\Acer\Empowering Technology\eDataSecurity\eDSCS2CClassLib.dll
MOD - [2006.01.12 09:33:34 | 000,212,992 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\imagefile.dll
MOD - [2005.11.04 17:07:22 | 000,151,552 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\LocVistaCDBackup.dll
MOD - [2005.11.04 17:02:18 | 000,007,680 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\locPcd.dll
MOD - [2005.11.04 16:46:42 | 000,258,048 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\LocVistaEmail.dll
MOD - [2005.11.04 16:35:44 | 000,090,112 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
MOD - [2005.11.04 16:31:46 | 000,708,608 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\LocVistaControls.dll
MOD - [2005.11.04 16:31:16 | 000,094,208 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\LocVistaPrintOnLine.dll
MOD - [2005.11.04 16:28:56 | 000,008,704 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\LocVistaAdapter.dll
MOD - [2005.11.04 15:43:18 | 000,327,680 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
MOD - [2005.11.04 15:42:12 | 000,393,216 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\ESCom.dll
MOD - [2005.11.04 15:23:16 | 000,421,888 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\VistaEmail.esx
MOD - [2005.11.04 15:21:02 | 000,266,240 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
MOD - [2005.11.04 15:20:38 | 000,091,648 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
MOD - [2005.11.04 15:19:06 | 000,162,304 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\Pcd.esx
MOD - [2005.11.04 15:18:12 | 000,203,776 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\VistaControls.esx
MOD - [2005.11.04 15:17:58 | 000,046,592 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
MOD - [2005.11.04 15:17:14 | 000,074,752 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
MOD - [2005.11.04 15:17:04 | 000,684,032 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
MOD - [2005.11.04 15:15:42 | 000,131,072 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
MOD - [2005.11.04 15:13:52 | 000,693,248 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\ESSkin.esx
MOD - [2005.11.04 15:13:24 | 000,076,800 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\keml40.dll
MOD - [2005.11.04 15:12:08 | 000,095,232 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\kpri40.dll
MOD - [2005.11.04 15:07:16 | 000,186,880 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\AppCore.dll
MOD - [2005.11.04 15:06:54 | 000,262,144 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\KFx.dll
MOD - [2005.11.04 15:06:12 | 000,059,392 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
MOD - [2005.11.04 15:06:00 | 000,299,520 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\Atlas.dll
MOD - [2005.11.04 15:05:18 | 000,032,768 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
MOD - [2005.11.04 15:04:48 | 000,176,128 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe
MOD - [2005.11.04 15:04:44 | 000,101,888 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
MOD - [2005.11.04 15:04:42 | 000,215,552 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
MOD - [2005.10.20 17:20:24 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\DialogDLL.dll
MOD - [2005.10.11 13:18:54 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
MOD - [2005.07.13 10:21:08 | 000,503,808 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxCommon30.dll
MOD - [2005.07.13 10:20:50 | 000,319,488 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxProc30.dll
MOD - [2005.07.13 10:20:32 | 000,565,248 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxXML30.dll
MOD - [2005.07.13 10:20:12 | 000,311,296 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxFF30.dll
MOD - [2005.07.13 10:20:00 | 001,126,400 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxCmp30.dll
MOD - [2005.07.13 10:19:12 | 000,438,272 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxIm30.dll
MOD - [2005.07.13 10:18:50 | 000,516,096 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxBase30.dll
MOD - [2005.03.04 08:26:10 | 000,024,576 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\KcmsMgr.dll
MOD - [2003.06.07 13:30:08 | 000,057,344 | ---- | M] () -- C:\Programme\Launch Manager\PowerUtl.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] --  -- (HidServ)
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - [2011.06.28 19:47:42 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.06 12:13:34 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.02.18 16:37:16 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2006.06.28 17:01:32 | 000,520,192 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eLock\LockServ.exe -- (LockServ)
SRV - [2006.05.18 16:52:06 | 000,049,152 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006.05.11 15:22:48 | 000,028,672 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2006.04.27 12:10:30 | 000,254,050 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2006.04.27 12:10:30 | 000,114,784 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006.04.27 12:09:50 | 000,061,440 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005.03.30 16:46:56 | 000,411,920 | ---- | M] (Eastman Kodak Company) [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.02.07 18:36:28 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011.06.28 19:47:42 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.28 19:47:42 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 11:49:20 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.05.11 09:12:50 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.10.04 12:01:56 | 000,201,984 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008.10.04 12:01:56 | 000,081,024 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2008.10.04 12:01:56 | 000,028,064 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2006.07.24 02:15:04 | 004,353,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006.06.30 10:40:40 | 000,775,936 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BisonCam.sys -- (Cam5603D)
DRV - [2006.06.25 22:19:54 | 000,564,224 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006.06.08 17:54:24 | 000,017,664 | ---- | M] (Windows (R) 2000 DDK provider) [File_System | Auto | Running] -- C:\WINDOWS\system32\eLock2BurnerLockDriver.sys -- (eLock2BurnerLockDriver)
DRV - [2006.06.06 18:36:30 | 000,090,112 | ---- | M] (Windows (R) 2000 DDK provider) [File_System | Auto | Running] -- C:\WINDOWS\system32\eLock2FSCTLDriver.sys -- (eLock2FSCTLDriver)
DRV - [2006.06.02 13:59:54 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\TVicPort.sys -- (tvicport)
DRV - [2006.06.02 13:59:52 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zntport.sys -- (zntport)
DRV - [2006.06.02 13:59:50 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\int15.sys -- (int15)
DRV - [2006.05.17 18:32:38 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2006.05.10 11:27:00 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006.03.07 05:49:36 | 000,011,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006.03.04 06:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006.03.04 06:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006.01.27 15:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005.10.24 10:20:52 | 000,218,496 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005.10.18 16:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005.10.18 16:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005.06.16 14:41:02 | 000,037,150 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam)
DRV - [2005.03.31 08:00:08 | 000,152,081 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit)
DRV - [2005.03.31 07:47:56 | 000,070,262 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP)
DRV - [2005.03.31 07:47:50 | 000,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps)
DRV - [2005.03.31 07:47:48 | 000,038,673 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K)
DRV - [2005.03.31 07:47:42 | 000,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint)
DRV - [2005.01.13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.search-results.com/?l=dis&o=41648036
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Programme\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
 
 
[2006.12.15 19:01:12 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Mozilla\Firefox\Profiles\jo639oys.default\extensions
[2011.12.24 21:01:34 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Mozilla\Firefox\Profiles\jo639oys.default\extensions\toolbar@ask.com
[2011.08.25 15:21:20 | 000,003,295 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Mozilla\Firefox\Profiles\jo639oys.default\searchplugins\search-results.xml
[2006.12.15 19:00:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2008.10.22 21:25:44 | 000,000,000 | ---D | M] (Zumie Search) -- C:\Programme\Mozilla Firefox\extensions\{D7FEF78F-AFAA-4F9C-A2F7-4706F5F1E1DB}
[2006.10.30 14:34:52 | 000,010,582 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\gmx-suche.xml
[2006.11.28 18:03:38 | 000,005,180 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\preisvergleich.xml
[2008.10.22 21:25:36 | 000,002,390 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\zumie.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2004.08.04 05:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (no name) - {BD2BEE4D-2C9F-4EA8-B850-D0A4660226F0} - No CLSID value found.
O2 - BHO: (no name) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found.
O2 - BHO: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O2 - BHO: (no name) - {E859E13A-569E-463D-BE84-A259AD7DB843} - No CLSID value found.
O2 - BHO: (no name) - {F3DBB6FC-D8EF-4EBB-8E3E-87ECE6CDF4AF} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (no name) - {B99F805C-F0B1-48EA-8C8B-753BFCBED913} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKCU\..\Toolbar\WebBrowser: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe (Acer Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Search-Results)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe ( )
O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe ()
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [ntiMUI] C:\Programme\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Acer\Acer Arcade\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [preload] C:\WINDOWS\RUNXMLPL.EXE (Wistron)
O4 - HKLM..\Run: [QuickTime Task] C:\Programme\QuickTime Alternative\QTTask.exe (Apple Inc.)
O4 - HKCU..\Run: [ICQ] "C:\Programme\ICQ6.5\ICQ.exe" silent File not found
O4 - HKLM..\RunOnceEx: []  File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Kodak EasyShare Software.lnk = C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe (Acer Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Poppel\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\npjpi160_19.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1C6B3C2-A7C9-4320-BE0A-DD7D6D0200AA}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\byXQKefG: DllName - (byXQKefG.dll) -  File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\awttqnMe) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2140b9cc-b057-11df-8007-0016cf9d054d}\Shell - "" = AutoRun
O33 - MountPoints2\{2140b9cc-b057-11df-8007-0016cf9d054d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2140b9cc-b057-11df-8007-0016cf9d054d}\Shell\AutoRun\command - "" = F:\Windows\CHECK\DriveNavigator.exe
O33 - MountPoints2\{e5f63f8d-df7e-11de-bfd8-0016d34d9642}\Shell\AutoRun\command - "" = F:\Toshiba\more4you.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: HidServ -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - Services: "AntiVirService"
MsConfig - Services: "AntiVirSchedulerService"
MsConfig - StartUpReg: 557839895 - hkey= - key= -  File not found
MsConfig - StartUpReg: BisonBar - hkey= - key= - C:\WINDOWS\BUtilityBar\BisonBar.exe ()
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= -  File not found
MsConfig - StartUpReg: MSPY2002 - hkey= - key= -  File not found
MsConfig - StartUpReg: PHIME2002A - hkey= - key= -  File not found
MsConfig - StartUpReg: PHIME2002ASync - hkey= - key= -  File not found
MsConfig - StartUpReg: portwexexe.exe - hkey= - key= -  File not found
MsConfig - StartUpReg: {D6F5BC5F-543D-5AFB-146E-FE8A27A8AC05} - hkey= - key= -  File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.16 18:13:16 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Poppel\Recent
[2012.02.15 18:30:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Poppel\Desktop\didi
[2012.02.07 18:36:17 | 000,000,000 | ---D | C] -- C:\Programme\LSoft Technologies
[2012.02.07 18:36:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Active@ ISO Burner
[2012.02.05 18:30:38 | 023,229,504 | ---- | C] (GridinSoft LLC) -- C:\Dokumente und Einstellungen\Poppel\Desktop\gtk2116-setup.exe
[2012.01.31 16:48:58 | 002,548,777 | ---- | C] (PortableApps.com) -- C:\Dokumente und Einstellungen\Poppel\Desktop\SIWPortable_2011.10.29.paf.exe
[2012.01.31 16:30:38 | 004,179,293 | ---- | C] (Lavalys, Inc.                                               ) -- C:\Dokumente und Einstellungen\Poppel\Desktop\everesthome220.exe
[2012.01.29 17:11:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Poppel\Desktop\BilderLernwerkstatt Mathe
[2012.01.20 13:28:02 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Meine empfangenen Dateien
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.19 04:41:12 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A6F78E69-A2C1-4D0A-8D92-BCAE0171BF20}.job
[2012.02.19 04:24:02 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.19 04:20:02 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.02.19 04:19:56 | 010,082,304 | R--- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\ESBK.mbb
[2012.02.19 04:19:52 | 007,117,824 | R--- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\ESBK.mb
[2012.02.19 04:18:10 | 000,000,097 | ---- | M] () -- C:\WINDOWS\ComponentList.xml
[2012.02.19 04:18:08 | 000,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012.02.19 04:17:46 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.19 04:17:44 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\WefiStartup.job
[2012.02.19 04:17:26 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.02.19 04:17:16 | 1542,107,136 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.19 04:03:16 | 000,000,664 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.19 04:02:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2012.02.19 04:02:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2012.02.19 04:01:02 | 000,000,228 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012.02.16 18:51:32 | 000,204,120 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.02.16 18:50:04 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2012.02.16 18:50:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2012.02.16 18:13:02 | 001,281,256 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\cc_20120216_181136.reg
[2012.02.16 18:03:44 | 000,009,289 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Geschichte%20handzettel.odt_0.odt
[2012.02.15 22:48:16 | 000,000,153 | -H-- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\.~lock.Geschichte handzettel.odt#
[2012.02.15 22:46:42 | 000,012,468 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Geschichte handzettel.odt
[2012.02.15 19:31:34 | 000,013,364 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Lebenslauf%20Didi.odt_0.odt
[2012.02.15 16:35:26 | 000,011,157 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Neu%20OpenDocument%20Text.odt_0.odt
[2012.02.14 18:22:02 | 000,013,814 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Geschichte 2.odt
[2012.02.08 01:19:08 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2012.02.08 01:19:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2012.02.06 21:52:42 | 006,381,354 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\732862_LS_BY_12_K5.pdf
[2012.02.05 23:35:14 | 000,227,980 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Datenschutz_ab_18.pdf
[2012.02.05 18:32:44 | 023,229,504 | ---- | M] (GridinSoft LLC) -- C:\Dokumente und Einstellungen\Poppel\Desktop\gtk2116-setup.exe
[2012.02.05 18:04:54 | 000,825,374 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\karikatur.bmp
[2012.02.05 18:02:36 | 003,523,926 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\kari.bmp
[2012.02.05 18:00:12 | 003,523,926 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\asfdasdf.bmp
[2012.02.05 17:57:52 | 001,255,192 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\100_4400.jpg
[2012.02.05 16:40:34 | 003,523,926 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Unbenannt.bmp
[2012.02.05 16:32:26 | 000,038,745 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\asd.JPG
[2012.02.05 16:28:14 | 000,012,341 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Neu OpenDocument Text.odt
[2012.02.02 00:58:02 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2012.02.02 00:58:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2012.01.31 16:49:18 | 002,548,777 | ---- | M] (PortableApps.com) -- C:\Dokumente und Einstellungen\Poppel\Desktop\SIWPortable_2011.10.29.paf.exe
[2012.01.31 16:31:00 | 004,179,293 | ---- | M] (Lavalys, Inc.                                               ) -- C:\Dokumente und Einstellungen\Poppel\Desktop\everesthome220.exe
[2012.01.24 18:24:16 | 000,010,391 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Geschichte_Marius_Poppel.odt
[2012.01.23 23:39:58 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2012.01.23 23:39:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2012.01.22 14:08:30 | 000,010,875 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\zingaro.odt
 
========== Files Created - No Company Name ==========
 
[2012.02.19 04:37:46 | 000,013,364 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Lebenslauf%20Didi.odt_0.odt
[2012.02.19 04:37:46 | 000,011,157 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Neu%20OpenDocument%20Text.odt_0.odt
[2012.02.19 04:37:46 | 000,009,289 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Geschichte%20handzettel.odt_0.odt
[2012.02.19 04:03:14 | 000,000,664 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.19 04:02:09 | 000,000,268 | -H-- | C] () -- C:\sqmdata16.sqm
[2012.02.19 04:02:09 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt16.sqm
[2012.02.16 18:50:03 | 000,000,268 | -H-- | C] () -- C:\sqmdata15.sqm
[2012.02.16 18:50:03 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt15.sqm
[2012.02.16 18:11:38 | 001,281,256 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\cc_20120216_181136.reg
[2012.02.16 18:09:40 | 000,001,090 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.16 18:09:40 | 000,001,086 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.15 22:48:15 | 000,000,153 | -H-- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\.~lock.Geschichte handzettel.odt#
[2012.02.15 16:13:14 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.02.15 16:13:14 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012.02.14 17:05:59 | 000,013,814 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Geschichte 2.odt
[2012.02.08 01:19:06 | 000,000,268 | -H-- | C] () -- C:\sqmdata14.sqm
[2012.02.08 01:19:06 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt14.sqm
[2012.02.06 21:52:31 | 006,381,354 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\732862_LS_BY_12_K5.pdf
[2012.02.05 23:35:11 | 000,227,980 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Datenschutz_ab_18.pdf
[2012.02.05 18:04:53 | 000,825,374 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\karikatur.bmp
[2012.02.05 18:02:34 | 003,523,926 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\kari.bmp
[2012.02.05 18:00:10 | 003,523,926 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\asfdasdf.bmp
[2012.02.05 17:57:57 | 001,255,192 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\100_4400.jpg
[2012.02.05 16:40:33 | 003,523,926 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Unbenannt.bmp
[2012.02.05 16:32:24 | 000,038,745 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\asd.JPG
[2012.02.05 16:01:51 | 000,012,341 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Neu OpenDocument Text.odt
[2012.02.02 01:01:54 | 000,012,468 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Geschichte handzettel.odt
[2012.02.02 00:58:00 | 000,000,268 | -H-- | C] () -- C:\sqmdata13.sqm
[2012.02.02 00:58:00 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt13.sqm
[2012.01.24 18:07:39 | 000,010,391 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Geschichte_Marius_Poppel.odt
[2012.01.23 23:39:57 | 000,000,268 | -H-- | C] () -- C:\sqmdata12.sqm
[2012.01.23 23:39:57 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt12.sqm
[2012.01.22 14:08:28 | 000,010,875 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\zingaro.odt
[2011.07.11 23:11:09 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\winscp.rnd
[2011.03.11 06:36:37 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2007.11.03 11:38:50 | 000,094,208 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.12.15 05:34:20 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== LOP Check ==========
 
[2006.08.29 11:21:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint
[2006.12.15 19:01:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX Firefox
[2008.04.11 07:13:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ralctwdg
[2009.05.17 07:06:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2009.06.01 18:06:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ImagesWords
[2009.06.01 18:06:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EasyPCGate
[2009.11.13 19:20:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\avg9
[2011.03.09 17:07:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2006.12.15 19:02:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Opera
[2006.12.26 18:52:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\FileMaker
[2006.12.29 12:44:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\RTPlayer
[2007.07.08 13:33:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\DriveCleaner Free
[2008.10.04 18:51:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Spamihilator
[2008.10.24 16:43:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\MSNInstaller
[2009.06.01 18:06:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\ImagesWords
[2009.06.01 18:06:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\EasyPCGate
[2009.11.09 20:30:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\CoSoSys
[2010.11.22 18:54:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\BBZ
[2010.11.27 07:22:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Ukicko
[2010.11.27 07:22:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Ylyx
[2010.11.28 22:51:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\OpenOffice.org
[2010.11.28 23:20:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Foxit Software
[2011.02.15 19:24:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\SampleDecks
[2011.06.16 20:06:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1
[2011.08.21 04:01:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\LolClient
[2012.02.19 04:17:44 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\WefiStartup.job
[2012.02.19 04:41:12 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{A6F78E69-A2C1-4D0A-8D92-BCAE0171BF20}.job
[2012.02.19 04:01:02 | 000,000,228 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2004.09.13 12:09:24 | 000,000,000 | ---D | M] -- C:\I386
[2004.09.13 12:13:12 | 000,000,000 | ---D | M] -- C:\DOCS
[2004.09.13 12:13:12 | 000,000,000 | ---D | M] -- C:\DOTNETFX
[2004.09.13 12:13:22 | 000,000,000 | ---D | M] -- C:\SUPPORT
[2004.09.13 12:13:26 | 000,000,000 | ---D | M] -- C:\VALUEADD
[2004.09.13 12:14:16 | 000,000,000 | ---D | M] -- C:\ELEMENTS
[2004.09.13 12:20:38 | 000,000,000 | ---D | M] -- C:\WINDOWS
[2004.09.13 12:24:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen
[2004.09.13 12:32:24 | 000,000,000 | ---D | M] -- C:\Programme
[2006.08.25 14:21:04 | 000,000,000 | ---D | M] -- C:\BOOK
[2006.08.25 14:21:18 | 000,000,000 | ---D | M] -- C:\Sysinfo
[2006.08.29 10:59:16 | 000,000,000 | -HSD | M] -- C:\system volume information
[2006.08.29 11:21:18 | 000,000,000 | ---D | M] -- C:\My Music
[2006.12.15 05:37:44 | 000,000,000 | ---D | M] -- C:\Program Files
[2006.12.15 05:38:56 | 000,000,000 | ---D | M] -- C:\Acer
[2006.12.15 19:03:42 | 000,000,000 | -HSD | M] -- C:\Recycled
[2006.12.26 19:11:44 | 000,000,000 | ---D | M] -- C:\KPCMS
[2006.12.29 00:43:56 | 000,000,000 | ---D | M] -- C:\musik
[2008.01.15 17:55:36 | 000,000,000 | ---D | M] -- C:\Games
[2006.12.29 00:38:44 | 000,000,000 | R--D | M] -- C:\Eigene Musik
[2010.03.03 18:38:00 | 000,000,000 | ---D | M] -- C:\scripts
[2010.03.03 18:38:00 | 000,000,000 | ---D | M] -- C:\logs
[2008.11.02 20:56:28 | 000,000,000 | ---D | M] -- C:\Belkin
 
< %PROGRAMFILES%\*.exe >
 
Invalid Environment Variable: LOCALAPPDATA
 
< %systemroot%\*. /mp /s >
 
 
< MD5 for: EXPLORER.EXE  >
[2007.06.13 15:10:08 | 001,036,288 | ---- | M] (Microsoft Corporation) MD5=331ED93570BAF3CFE30340298762CD56 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008.04.14 04:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\explorer.exe
[2008.04.14 04:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) MD5=418045A93CD87A352098AB7DABE1B53E -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2005.04.07 19:47:00 | 001,035,264 | ---- | M] (Microsoft Corporation) MD5=64322E8399B205B7281FF883737A9B03 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2004.08.04 05:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\I386\REGEDIT.EXE
[2004.08.04 05:00:00 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=8193CE5FB09E83F2699FD65BBCBE2FD2 -- C:\WINDOWS\$NtServicePackUninstall$\regedit.exe
[2008.04.14 04:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\regedit.exe
[2008.04.14 04:22:58 | 000,153,600 | ---- | M] (Microsoft Corporation) MD5=AD9226BF3CED13636083BB9C76E9D2A2 -- C:\WINDOWS\ServicePackFiles\i386\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 04:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 05:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 05:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 04:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-02-16 15:56:59

< End of report >
         
--- --- ---

[/QUOTE]

und die Extras.Txt:

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 19.02.2012 04:37:49 - Run 1
OTL by OldTimer - Version 3.2.33.0     Folder = C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Mari
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,44 Gb Total Physical Memory | 0,93 Gb Available Physical Memory | 64,56% Memory free
2,72 Gb Paging File | 2,12 Gb Available in Paging File | 77,72% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 53,68 Gb Total Space | 2,56 Gb Free Space | 4,77% Space Free | Partition Type: FAT32
Drive D: | 54,18 Gb Total Space | 22,40 Gb Free Space | 41,34% Space Free | Partition Type: FAT32
 
Computer Name: ACER-A9CE03BBC6 | User Name: Poppel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Programme\Microsoft Office\ART\Office\msohtmed.exe" %1 (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"8397:TCP" = 8397:TCP:*:Enabled:League of Legends Launcher
"8397:UDP" = 8397:UDP:*:Enabled:League of Legends Launcher
"6945:TCP" = 6945:TCP:*:Enabled:League of Legends Launcher
"6945:UDP" = 6945:UDP:*:Enabled:League of Legends Launcher
"8398:TCP" = 8398:TCP:*:Enabled:League of Legends Launcher
"8398:UDP" = 8398:UDP:*:Enabled:League of Legends Launcher
"8393:TCP" = 8393:TCP:*:Enabled:League of Legends Lobby
"8393:UDP" = 8393:UDP:*:Enabled:League of Legends Lobby
"8390:TCP" = 8390:TCP:*:Enabled:League of Legends Game Client
"8390:UDP" = 8390:UDP:*:Enabled:League of Legends Game Client
"6994:TCP" = 6994:TCP:*:Enabled:League of Legends Launcher
"6994:UDP" = 6994:UDP:*:Enabled:League of Legends Launcher
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0
"C:\Program Files\Acer\Acer Arcade\PCMService.exe" = C:\Program Files\Acer\Acer Arcade\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
"C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- ()
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX Firefox\gmx_Update.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX Firefox\gmx_Update.exe:*:Enabled:GMX Update
"C:\Programme\TVAnts\Tvants.exe" = C:\Programme\TVAnts\Tvants.exe:*:Enabled:TVAnts
"C:\Programme\EA GAMES\MOHAA\MOHAA.exe" = C:\Programme\EA GAMES\MOHAA\MOHAA.exe:*:Enabled:Medal of Honor Allied Assault(tm)
"C:\WINDOWS\System32\java.exe" = C:\WINDOWS\System32\java.exe:*:Disabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\AVG\AVG8\avgupd.exe" = C:\Programme\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
"C:\Programme\AVG\AVG8\avgemc.exe" = C:\Programme\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
"C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Programme\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player Beta
"C:\Programme\AVG\AVG9\avgemc.exe" = C:\Programme\AVG\AVG9\avgemc.exe:*:Enabled:avgemc.exe
"C:\Programme\AVG\AVG9\avgupd.exe" = C:\Programme\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe
"C:\Programme\AVG\AVG9\avgnsx.exe" = C:\Programme\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Programme\Java\JRE6\launch4j-tmp\UltraMixer.exe" = C:\Programme\Java\JRE6\launch4j-tmp\UltraMixer.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"\" = C:\WINDOWS\system\dwm.exe:*:Enabled:KL
"C:\Dokumente und Einstellungen\Poppel\Lokale Einstellungen\Temp\{D0AB9921-CB80-4C1E-9509-637FB524AFA9}\bin\javaw.exe" = C:\Dokumente und Einstellungen\Poppel\Lokale Einstellungen\Temp\{D0AB9921-CB80-4C1E-9509-637FB524AFA9}\bin\javaw.exe:*:Enabled:xp2p
"C:\Dokumente und Einstellungen\Poppel\Lokale Einstellungen\Temp\{1D243D6A-A01D-4029-B447-0E7ABAF3B541}\bin\javaw.exe" = C:\Dokumente und Einstellungen\Poppel\Lokale Einstellungen\Temp\{1D243D6A-A01D-4029-B447-0E7ABAF3B541}\bin\javaw.exe:*:Enabled:xp2p
"D:\Programme\EA GAMES\Battlefield 2\BF2.exe" = D:\Programme\EA GAMES\Battlefield 2\BF2.exe:*:Enabled:Battlefield 2
"D:\Programme\Wolfenstein - Enemy Territory\ET.exe" = D:\Programme\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET
"C:\Dokumente und Einstellungen\Poppel\Desktop\Battlefield 2\BF2.exe" = C:\Dokumente und Einstellungen\Poppel\Desktop\Battlefield 2\BF2.exe:*:Enabled:BF2
"C:\Dokumente und Einstellungen\Poppel\Desktop\Wolfenstein - Enemy Territory\ET.exe" = C:\Dokumente und Einstellungen\Poppel\Desktop\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET
"C:\Dokumente und Einstellungen\Poppel\Desktop\UnrealTournament\System\0CLICK.exe" = C:\Dokumente und Einstellungen\Poppel\Desktop\UnrealTournament\System\0CLICK.exe:*:Enabled:0CLICK
"C:\Dokumente und Einstellungen\Poppel\Desktop\scheiß shirtinator ich will die titten sehen\Age of Empires\EMPIRES.EXE" = C:\Dokumente und Einstellungen\Poppel\Desktop\scheiß shirtinator ich will die titten sehen\Age of Empires\EMPIRES.EXE:*:Enabled:Age of Empires
"C:\WINDOWS\System32\dplaysvr.exe" = C:\WINDOWS\System32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\Poppel\Desktop\hallo\Battlefield 2\Bf2_w32ded.exe" = C:\Dokumente und Einstellungen\Poppel\Desktop\hallo\Battlefield 2\Bf2_w32ded.exe:*:Enabled:Bf2_w32ded
"C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Mari\Battlefield 2\BF2.exe" = C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Mari\Battlefield 2\BF2.exe:*:Enabled:BF2 -- ()
"C:\Dokumente und Einstellungen\Poppel\Lokale Einstellungen\Temp\{4D0A2FE6-88BD-4D8C-8B94-68717BB1D3D5}\bin\javaw.exe" = C:\Dokumente und Einstellungen\Poppel\Lokale Einstellungen\Temp\{4D0A2FE6-88BD-4D8C-8B94-68717BB1D3D5}\bin\javaw.exe:*:Enabled:NETDIS-WSDEVNTS-In-TCP-Java
"C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Mari\Wolfenstein - Enemy Territory\ET.exe" = C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Mari\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET
"C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Mari\UnrealTournament\System\0CLICK.exe" = C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Mari\UnrealTournament\System\0CLICK.exe:*:Disabled:0CLICK
"C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Mari\Re-Volt\REVOLT.EXE" = C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Mari\Re-Volt\REVOLT.EXE:*:Enabled:REVOLT -- ()
"C:\Programme\Wolfenstein - Enemy Territory\ET.exe" = C:\Programme\Wolfenstein - Enemy Territory\ET.exe:*:Enabled:ET -- ()
"C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Mari schule\UnrealTournament\System\0CLICK.exe" = C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Mari schule\UnrealTournament\System\0CLICK.exe:*:Enabled:0CLICK -- ()
"D:\Riot Games\League of Legends\air\LolClient.exe" = D:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby
"D:\Riot Games\League of Legends\game\League of Legends.exe" = D:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client
"D:\Riot Games\League of Legends\lol.launcher.exe" = D:\Riot Games\League of Legends\lol.launcher.exe:*:Enabled:League of Legends Launcher -- ()
"C:\WINDOWS\System32\dpvsetup.exe" = C:\WINDOWS\System32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{00180407-78E1-11D2-B60F-006097C998E7}" = Microsoft Access 2000 Runtime
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{116FF17B-1A30-4FC2-9B01-5BC5BD46B0B3}" = Acer eLock Management
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F2C8256-2773-46C7-9ABA-3E39C24ABB51}" = Acer eSettings Management
"{1F77C418-2C90-459C-BD33-B56A4182B9FA}" = System Requirements Lab CYRI
"{1FC2DFF2-D86A-4775-8940-4081D60B4E1C}" = Philips Firmware Manager
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 19
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{2D03B6F8-DF36-4980-B7B6-5B93D5BA3A8F}" = essvatgt
"{32E2F180-247C-4077-B06A-20F9868568E0}_is1" = UltraMixer 2.4.1
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = TIPCI
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = Acer OrbiCam
"{4AD13F68-CADA-4C6B-9759-C33753F89908}" = Acer eDataSecurity Management
"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{6A28AB0B-22B1-494C-AF61-B386EA1736C0}" = LightScribe  1.4.97.1
"{7057702F-6D71-4F30-8000-9E72BC771887}" = Acer ePerformance Management
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7694E0B1-2332-448B-9235-929F84B41E3F}" = Active@ ISO Burner
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Search-Results Toolbar
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}" = ESSCT
"{8C3727F2-8E37-49E4-820C-03B1677F53B6}" = Stronghold Crusader
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{8DD94CA3-BCD2-49C0-B537-F3B5D95FF0C8}" = HLPSFO
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA396ABC-98AF-4F4A-B0F8-EB160DFF344B}" = Acer OrbiCam Utility Bar
"{AB6097D9-D722-4987-BD9E-A076E2848EE2}" = Acer Empowering Technology
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{B06B842F-2450-494F-BBDE-217CDC151A37}" = NTI Backup NOW! 4.5
"{B162D0A6-9A1D-4B7C-91A5-88FB48113C45}" = OfotoXMI
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{BF839132-BD43-4056-ACBF-4377F4A88E2A}" = Acer ePresentation Management
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CA60320D-6A16-49C8-A34F-84EEF4799567}" = ESSTUTOR
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{cb8abcef-9183-4de7-9b90-3443479441f2}_is1" = SampleDecks 1.9.0
"{D1973749-F5E7-40EB-B528-F2B78685B9FF}" = essvcpt
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare Software
"{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}" = Acer Screensaver
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EC25B803-4BDB-47F7-B877-FCE7D7966C0F}" = Visual C++ CRT 9.0 SP1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{F9D54D77-01A4-7D34-6F3C-EDC9F8F466E3}" = Fragen-Lern-CD 4.0
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"{FEDE2483-87B7-44C1-A5BB-D75AEB8B6340}" = ESSEMAIL
"7-Zip" = 7-Zip 4.42
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BBZ" = BBZ 4.12 30.10.2010
"BeobachtungZeugnis_is1" = BeobachtungZeugnis
"CCleaner" = CCleaner
"CdCoverCreator" = CdCoverCreator 2.5.3
"CFF5FD902CAD8828AC62E155C542E69D5439C37A" = Windows-Treiberpaket - Advanced Micro Devices (AmdK8) Processor  (04/28/2006 1.3.1.0)
"de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1" = Fragen-Lern-CD 4.0
"Foxit Reader" = Foxit Reader
"GridVista" = Acer GridVista
"hp deskjet 930c series_Driver" = hp deskjet 930c series
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{4497AFF6-98C4-4F49-B073-F48F42BCBF9E}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"InstallShield_{4AD13F68-CADA-4C6B-9759-C33753F89908}" = Acer eDataSecurity Management 2.0.3081
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"MSNINST" = MSN
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 11.61.1250" = Opera 11.61
"PhotoFiltre" = PhotoFiltre
"QuicktimeAlt_is1" = QuickTime Alternative 3.2.2
"RealPlayer 6.0" = RealPlayer Basic
"Success 1.0" = Success 1.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TrueImage" = Acronis*TrueImage
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VideoLAN VLC media player 0.8.6f
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"Wolfenstein - Enemy Territory" = Wolfenstein - Enemy Territory
"xp-AntiSpy" = xp-AntiSpy 3.96-2
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 18.02.2012 14:23:44 | Computer Name = ACER-A9CE03BBC6 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3938
 
Error - 18.02.2012 14:23:48 | Computer Name = ACER-A9CE03BBC6 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 18.02.2012 14:23:48 | Computer Name = ACER-A9CE03BBC6 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7891
 
Error - 18.02.2012 14:23:48 | Computer Name = ACER-A9CE03BBC6 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7891
 
Error - 18.02.2012 14:23:52 | Computer Name = ACER-A9CE03BBC6 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 18.02.2012 14:23:52 | Computer Name = ACER-A9CE03BBC6 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 11813
 
Error - 18.02.2012 14:23:52 | Computer Name = ACER-A9CE03BBC6 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 11813
 
Error - 18.02.2012 22:39:05 | Computer Name = ACER-A9CE03BBC6 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 18.02.2012 22:39:05 | Computer Name = ACER-A9CE03BBC6 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 29725031
 
Error - 18.02.2012 22:39:05 | Computer Name = ACER-A9CE03BBC6 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 29725031
 
[ System Events ]
Error - 09.02.2012 13:13:25 | Computer Name = ACER-A9CE03BBC6 | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.35 für die Netzwerkkarte mit der Netzwerkadresse
 0016CF9D054D wurde durch  den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat 
eine DHCPNACK-Meldung gesendet).
 
Error - 09.02.2012 13:14:22 | Computer Name = ACER-A9CE03BBC6 | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 15.02.2012 11:10:54 | Computer Name = ACER-A9CE03BBC6 | Source = Print | ID = 19
Description = Freigabe des Druckers fehlgeschlagen (+ 1722). Drucker hp deskjet 
930c series, Freigabename Drucker4.
 
Error - 16.02.2012 12:53:28 | Computer Name = ACER-A9CE03BBC6 | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.2.29 für die Netzwerkkarte mit der Netzwerkadresse
 0016CF9D054D wurde durch  den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat 
eine DHCPNACK-Meldung gesendet).
 
Error - 16.02.2012 21:22:04 | Computer Name = ACER-A9CE03BBC6 | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.178.39 für die Netzwerkkarte mit der Netzwerkadresse
 0016CF9D054D wurde durch  den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat 
eine DHCPNACK-Meldung gesendet).
 
Error - 18.02.2012 11:35:09 | Computer Name = ACER-A9CE03BBC6 | Source = MRxSmb | ID = 8003
Description = Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "USER-B13783889A",
der
 der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{B1C6B3C2-A7C-Transport zu sein
 scheint.  Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
 
Error - 18.02.2012 14:23:35 | Computer Name = ACER-A9CE03BBC6 | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.178.39 für die Netzwerkkarte mit der Netzwerkadresse
 0016CF9D054D wurde durch  den DHCP-Server 0.0.0.0 abgelehnt (der DHCP-Server hat 
eine DHCPNACK-Meldung gesendet).
 
Error - 18.02.2012 22:58:31 | Computer Name = ACER-A9CE03BBC6 | Source = Service Control Manager | ID = 7034
Description = Dienst "Cyberlink RichVideo Service(CRVS)" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
Error - 18.02.2012 23:17:35 | Computer Name = ACER-A9CE03BBC6 | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume2" ist im 
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
 wurde angehalten.
 
Error - 18.02.2012 23:19:54 | Computer Name = ACER-A9CE03BBC6 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   abp480n5  adpu160m  agp440  agpCPQ  Aha154x  aic78u2  aic78xx  AliIde  alim1541  amdagp  amsint  asc  asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
gagp30kx
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde
 
 
< End of report >
         
--- --- ---

[/QUOTE]


Vielen Dank!

Geändert von ricu123 (19.02.2012 um 03:43 Uhr) Grund: Verlinkung hat nicht funktioniert

Alt 19.02.2012, 19:06   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
50-€ Virus infiziert - Standard

50-€ Virus infiziert



Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 19.02.2012, 22:41   #3
ricu123
 
50-€ Virus infiziert - Standard

50-€ Virus infiziert



nr1:
Zitat:
Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.19.03

Windows XP Service Pack 3 x86 FAT32
Internet Explorer 8.0.6001.18702
Poppel :: ACER-A9CE03BBC6 [Administrator]

19.02.2012 20:15:40
mbam-log-2012-02-19 (20-15-40).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 293734
Laufzeit: 1 Stunde(n), 17 Minute(n),

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\system volume information\_restore{20805B88-0A57-49FE-94C0-35B1D4357244}\RP110\A0019318.exe (PUP.BundleOffer.Downloader.S) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)


nr2:
Zitat:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=5fd647307b7f05448d3ac1570c9b18ac
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-19 10:45:26
# local_time=2012-02-19 11:45:26 (+0100, Westeuropäische Normalzeit)
# country="Germany"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1797 16775141 100 93 187125 66221649 179884 0
# compatibility_mode=8192 67108863 100 0 3933 3933 0 0
# scanned=106507
# found=4
# cleaned=0
# scan_time=6735
C:\Dokumente und Einstellungen\Poppel\Desktop\gtk2116-setup.exe a variant of Win32/1AntiVirus application (unable to clean) 00000000000000000000000000000000 I
C:\Programme\Mozilla Firefox\extensions\{D7FEF78F-AFAA-4F9C-A2F7-4706F5F1E1DB}\chrome\zumie.jar Win32/Adware.OneStep application (unable to clean) 00000000000000000000000000000000 I
C:\Eigene Musik\Rap-music\lp\hitfaker.zip probably a variant of Win32/Agent.BROBMYK trojan (unable to clean) 00000000000000000000000000000000 I
C:\Eigene Musik\Rap-music\lp\hitfaker\HitFaker.exe probably a variant of Win32/Agent.BROBMYK trojan (unable to clean) 00000000000000000000000000000000 I
__________________

Alt 20.02.2012, 09:34   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
50-€ Virus infiziert - Standard

50-€ Virus infiziert



Zitat:
C:\Eigene Musik\Rap-music\lp\hitfaker\HitFaker.exe
Was ist das denn?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.02.2012, 13:57   #5
ricu123
 
50-€ Virus infiziert - Standard

50-€ Virus infiziert



hi,
weiss es leider nicht, soll ich es mal ausführen um zu sehen was es ist?


Alt 20.02.2012, 14:29   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
50-€ Virus infiziert - Standard

50-€ Virus infiziert



Hallo?! Das Teil ist deinem Musikordner und du hast keine Ahnung wie das in "Rap-Musik" reinkommt?
__________________
--> 50-€ Virus infiziert

Alt 20.02.2012, 14:33   #7
ricu123
 
50-€ Virus infiziert - Standard

50-€ Virus infiziert



Ums kurz zu sagen, ja. Ich informier mich mal im Internet was das sein könnte.
gruß

Alt 20.02.2012, 14:36   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
50-€ Virus infiziert - Standard

50-€ Virus infiziert



Zitat:
Drive C: | 53,68 Gb Total Space | 2,56 Gb Free Space | 4,77% Space Free | Partition Type: FAT32
Drive D: | 54,18 Gb Total Space | 22,40 Gb Free Space | 41,34% Space Free | Partition Type: FAT32
Und übrigens, auch lt. OTL sind C und D bei dir nur in FAT32!

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.02.2012, 17:48   #9
ricu123
 
50-€ Virus infiziert - Standard

50-€ Virus infiziert



Hi,
hier die OTL.txt:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 20.02.2012 18:42:27 - Run 2
OTL by OldTimer - Version 3.2.33.1     Folder = C:\Dokumente und Einstellungen\Poppel\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,44 Gb Total Physical Memory | 1,05 Gb Available Physical Memory | 73,37% Memory free
2,72 Gb Paging File | 2,14 Gb Available in Paging File | 78,68% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 53,68 Gb Total Space | 2,47 Gb Free Space | 4,60% Space Free | Partition Type: FAT32
Drive D: | 54,18 Gb Total Space | 22,40 Gb Free Space | 41,34% Space Free | Partition Type: FAT32
 
Computer Name: ACER-A9CE03BBC6 | User Name: Poppel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.20 18:41:36 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Poppel\Desktop\OTL.exe
PRC - [2012.02.19 21:42:42 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Dokumente und Einstellungen\Poppel\Lokale Einstellungen\Temp\RtkBtMnt.exe
PRC - [2011.08.25 15:25:00 | 000,886,760 | ---- | M] (Search-Results) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2011.06.28 19:47:42 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.06 12:13:34 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.02.18 16:37:16 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010.11.30 20:06:04 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.05.20 23:59:30 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.05.20 23:59:28 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2010.01.14 21:10:54 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2008.04.14 04:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.08.09 17:42:06 | 000,342,016 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PRC - [2006.08.08 14:15:14 | 000,634,880 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2006.07.18 11:37:30 | 000,438,272 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2006.06.28 17:01:32 | 000,520,192 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\LockServ.exe
PRC - [2006.06.28 12:24:30 | 000,348,160 | ---- | M] ( ) -- C:\Acer\Empowering Technology\eLock\Monitor\LockMon.exe
PRC - [2006.06.13 16:23:50 | 000,045,056 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
PRC - [2006.06.07 20:18:12 | 000,208,896 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
PRC - [2006.06.01 14:40:54 | 000,413,696 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
PRC - [2006.05.18 16:52:06 | 000,049,152 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
PRC - [2006.05.11 15:22:48 | 000,028,672 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
PRC - [2006.04.27 12:10:30 | 000,254,050 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
PRC - [2006.04.27 12:10:30 | 000,114,784 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
PRC - [2006.04.27 12:10:10 | 000,151,552 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer\Acer Arcade\PCMService.exe
PRC - [2006.04.27 12:09:50 | 001,077,376 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
PRC - [2006.04.27 12:09:50 | 000,061,440 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2005.11.04 15:04:48 | 000,176,128 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe
PRC - [2001.12.12 01:32:56 | 000,196,608 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.11 15:57:58 | 003,391,488 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_22279648\mscorlib.dll
MOD - [2012.01.11 15:57:56 | 000,835,584 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.drawing\1.0.5000.0__b03f5f7f11d50a3a_21750a87\system.drawing.dll
MOD - [2012.01.11 15:57:48 | 002,088,960 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.xml\1.0.5000.0__b77a5c561934e089_cec5e857\system.xml.dll
MOD - [2012.01.11 15:57:40 | 003,035,136 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system.windows.forms\1.0.5000.0__b77a5c561934e089_278b595e\system.windows.forms.dll
MOD - [2012.01.11 15:57:28 | 001,966,080 | ---- | M] () -- c:\windows\assembly\nativeimages1_v1.1.4322\system\1.0.5000.0__b77a5c561934e089_7e1616a1\system.dll
MOD - [2012.01.11 15:57:18 | 001,232,896 | ---- | M] () -- c:\windows\assembly\gac\system\1.0.5000.0__b77a5c561934e089\system.dll
MOD - [2012.01.11 15:57:16 | 002,064,384 | ---- | M] () -- c:\windows\assembly\gac\system.windows.forms\1.0.5000.0__b77a5c561934e089\system.windows.forms.dll
MOD - [2011.02.06 11:32:14 | 000,067,872 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2010.05.04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2010.01.28 12:57:54 | 000,355,688 | ---- | M] () -- C:\Programme\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2008.04.14 04:22:16 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2006.08.25 14:58:00 | 000,126,976 | ---- | M] () -- c:\windows\assembly\gac\system.serviceprocess\1.0.5000.0__b03f5f7f11d50a3a\system.serviceprocess.dll
MOD - [2006.08.25 14:57:58 | 001,339,392 | ---- | M] () -- c:\windows\assembly\gac\system.xml\1.0.5000.0__b77a5c561934e089\system.xml.dll
MOD - [2006.08.25 14:57:58 | 000,466,944 | ---- | M] () -- c:\windows\assembly\gac\system.drawing\1.0.5000.0__b03f5f7f11d50a3a\system.drawing.dll
MOD - [2006.08.25 14:57:58 | 000,372,736 | ---- | M] () -- c:\windows\assembly\gac\system.management\1.0.5000.0__b03f5f7f11d50a3a\system.management.dll
MOD - [2006.08.25 14:57:58 | 000,323,584 | ---- | M] () -- c:\windows\assembly\gac\system.runtime.remoting\1.0.5000.0__b77a5c561934e089\system.runtime.remoting.dll
MOD - [2006.08.25 14:57:20 | 000,233,472 | ---- | M] () -- c:\windows\assembly\gac\mscorlib.resources\1.0.5000.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2006.08.25 14:57:20 | 000,040,960 | ---- | M] () -- c:\windows\assembly\gac\system.serviceprocess.resources\1.0.5000.0_de_b03f5f7f11d50a3a\system.serviceprocess.resources.dll
MOD - [2006.07.18 11:37:30 | 000,438,272 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
MOD - [2006.06.28 17:01:32 | 000,520,192 | ---- | M] () -- C:\Acer\Empowering Technology\eLock\LockServ.exe
MOD - [2006.06.02 14:08:58 | 000,188,416 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\CPUID.dll
MOD - [2006.05.19 16:09:40 | 000,352,256 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\it41.dll
MOD - [2006.04.27 12:10:38 | 000,192,616 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapEngine.dll
MOD - [2006.04.27 12:10:38 | 000,061,538 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSchMgr.dll
MOD - [2006.04.27 12:10:38 | 000,028,672 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvcps.dll
MOD - [2006.04.27 12:10:38 | 000,024,576 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSchedps.dll
MOD - [2006.04.27 12:10:30 | 000,254,050 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
MOD - [2006.04.27 12:10:30 | 000,114,784 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
MOD - [2006.03.30 00:05:20 | 000,126,976 | ---- | M] () -- C:\WINDOWS\system\BisonCam.dll
MOD - [2006.03.16 12:03:24 | 000,032,768 | ---- | M] () -- c:\Acer\Empowering Technology\eDataSecurity\eDSCS2CClassLib.dll
MOD - [2006.01.12 09:33:34 | 000,212,992 | ---- | M] () -- C:\Acer\Empowering Technology\eRecovery\imagefile.dll
MOD - [2005.11.04 17:07:22 | 000,151,552 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\LocVistaCDBackup.dll
MOD - [2005.11.04 17:02:18 | 000,007,680 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\locPcd.dll
MOD - [2005.11.04 16:46:42 | 000,258,048 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\LocVistaEmail.dll
MOD - [2005.11.04 16:35:44 | 000,090,112 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
MOD - [2005.11.04 16:31:46 | 000,708,608 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\LocVistaControls.dll
MOD - [2005.11.04 16:31:16 | 000,094,208 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\LocVistaPrintOnLine.dll
MOD - [2005.11.04 16:28:56 | 000,008,704 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\LocVistaAdapter.dll
MOD - [2005.11.04 15:43:18 | 000,327,680 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
MOD - [2005.11.04 15:42:12 | 000,393,216 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\ESCom.dll
MOD - [2005.11.04 15:23:16 | 000,421,888 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\VistaEmail.esx
MOD - [2005.11.04 15:21:02 | 000,266,240 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
MOD - [2005.11.04 15:20:38 | 000,091,648 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
MOD - [2005.11.04 15:19:06 | 000,162,304 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\Pcd.esx
MOD - [2005.11.04 15:18:12 | 000,203,776 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\VistaControls.esx
MOD - [2005.11.04 15:17:58 | 000,046,592 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
MOD - [2005.11.04 15:17:14 | 000,074,752 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
MOD - [2005.11.04 15:17:04 | 000,684,032 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
MOD - [2005.11.04 15:15:42 | 000,131,072 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
MOD - [2005.11.04 15:13:52 | 000,693,248 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\ESSkin.esx
MOD - [2005.11.04 15:13:24 | 000,076,800 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\keml40.dll
MOD - [2005.11.04 15:12:08 | 000,095,232 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\kpri40.dll
MOD - [2005.11.04 15:07:16 | 000,186,880 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\AppCore.dll
MOD - [2005.11.04 15:06:54 | 000,262,144 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\KFx.dll
MOD - [2005.11.04 15:06:12 | 000,059,392 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
MOD - [2005.11.04 15:06:00 | 000,299,520 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\Atlas.dll
MOD - [2005.11.04 15:05:18 | 000,032,768 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
MOD - [2005.11.04 15:04:48 | 000,176,128 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe
MOD - [2005.11.04 15:04:44 | 000,101,888 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
MOD - [2005.11.04 15:04:42 | 000,215,552 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
MOD - [2005.10.20 17:20:24 | 000,208,896 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\DialogDLL.dll
MOD - [2005.10.11 13:18:54 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
MOD - [2005.07.13 10:21:08 | 000,503,808 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxCommon30.dll
MOD - [2005.07.13 10:20:50 | 000,319,488 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxProc30.dll
MOD - [2005.07.13 10:20:32 | 000,565,248 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxXML30.dll
MOD - [2005.07.13 10:20:12 | 000,311,296 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxFF30.dll
MOD - [2005.07.13 10:20:00 | 001,126,400 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxCmp30.dll
MOD - [2005.07.13 10:19:12 | 000,438,272 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxIm30.dll
MOD - [2005.07.13 10:18:50 | 000,516,096 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\SkinuxBase30.dll
MOD - [2005.03.04 08:26:10 | 000,024,576 | ---- | M] () -- C:\Programme\Kodak\Kodak EasyShare software\bin\KcmsMgr.dll
MOD - [2003.06.07 13:30:08 | 000,057,344 | ---- | M] () -- C:\Programme\Launch Manager\PowerUtl.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Disabled | Stopped] --  -- (HidServ)
SRV - File not found [On_Demand | Stopped] --  -- (AppMgmt)
SRV - [2011.06.28 19:47:42 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.06 12:13:34 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.02.18 16:37:16 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2006.06.28 17:01:32 | 000,520,192 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eLock\LockServ.exe -- (LockServ)
SRV - [2006.05.18 16:52:06 | 000,049,152 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe -- (LightScribeService)
SRV - [2006.05.11 15:22:48 | 000,028,672 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\ePerformance\MemCheck.exe -- (AcerMemUsageCheckService)
SRV - [2006.04.27 12:10:30 | 000,254,050 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2006.04.27 12:10:30 | 000,114,784 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2006.04.27 12:09:50 | 000,061,440 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2005.11.14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005.03.30 16:46:56 | 000,411,920 | ---- | M] (Eastman Kodak Company) [On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\KodakCCS.exe -- (KodakCCS)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.02.07 18:36:28 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2011.06.28 19:47:42 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.06.28 19:47:42 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.05.11 11:49:20 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2009.05.11 09:12:50 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.10.04 12:01:56 | 000,201,984 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008.10.04 12:01:56 | 000,081,024 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2008.10.04 12:01:56 | 000,028,064 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2006.07.24 02:15:04 | 004,353,024 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2006.06.30 10:40:40 | 000,775,936 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BisonCam.sys -- (Cam5603D)
DRV - [2006.06.25 22:19:54 | 000,564,224 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006.06.08 17:54:24 | 000,017,664 | ---- | M] (Windows (R) 2000 DDK provider) [File_System | Auto | Running] -- C:\WINDOWS\system32\eLock2BurnerLockDriver.sys -- (eLock2BurnerLockDriver)
DRV - [2006.06.06 18:36:30 | 000,090,112 | ---- | M] (Windows (R) 2000 DDK provider) [File_System | Auto | Running] -- C:\WINDOWS\system32\eLock2FSCTLDriver.sys -- (eLock2FSCTLDriver)
DRV - [2006.06.02 13:59:54 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\TVicPort.sys -- (tvicport)
DRV - [2006.06.02 13:59:52 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\zntport.sys -- (zntport)
DRV - [2006.06.02 13:59:50 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\int15.sys -- (int15)
DRV - [2006.05.17 18:32:38 | 000,162,560 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2006.05.10 11:27:00 | 000,043,520 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006.03.07 05:49:36 | 000,011,136 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2006.03.04 06:31:04 | 000,013,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2006.03.04 06:31:02 | 000,034,176 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2006.01.27 15:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvata.sys -- (nvata)
DRV - [2005.10.24 10:20:52 | 000,218,496 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005.10.18 16:53:24 | 000,998,656 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005.10.18 16:52:30 | 000,721,280 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005.06.16 14:41:02 | 000,037,150 | ---- | M] (Eastman Kodak Company) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\DcCam.sys -- (DcCam)
DRV - [2005.03.31 08:00:08 | 000,152,081 | ---- | M] (Eastman Kodak Company) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ExportIt.sys -- (Exportit)
DRV - [2005.03.31 07:47:56 | 000,070,262 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcPtp.sys -- (DcPTP)
DRV - [2005.03.31 07:47:50 | 000,008,022 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcLps.sys -- (DcLps)
DRV - [2005.03.31 07:47:48 | 000,038,673 | ---- | M] (Eastman Kodak Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\DCFS2k.sys -- (DCFS2K)
DRV - [2005.03.31 07:47:42 | 000,061,564 | ---- | M] (Eastman Kodak Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DcFpoint.sys -- (DcFpoint)
DRV - [2005.01.13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.com/ [binary data]
IE - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.search-results.com/?l=dis&o=41648036
IE - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
IE - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Programme\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Programme\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
 
 
[2006.12.15 19:01:12 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Mozilla\Firefox\Profiles\jo639oys.default\extensions
[2011.12.24 21:01:34 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Mozilla\Firefox\Profiles\jo639oys.default\extensions\toolbar@ask.com
[2011.08.25 15:21:20 | 000,003,295 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Mozilla\Firefox\Profiles\jo639oys.default\searchplugins\search-results.xml
[2006.12.15 19:00:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2008.10.22 21:25:44 | 000,000,000 | ---D | M] (Zumie Search) -- C:\Programme\Mozilla Firefox\extensions\{D7FEF78F-AFAA-4F9C-A2F7-4706F5F1E1DB}
[2006.10.30 14:34:52 | 000,010,582 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\gmx-suche.xml
[2006.11.28 18:03:38 | 000,005,180 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\preisvergleich.xml
[2008.10.22 21:25:36 | 000,002,390 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\zumie.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2004.08.04 05:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (no name) - {BD2BEE4D-2C9F-4EA8-B850-D0A4660226F0} - No CLSID value found.
O2 - BHO: (no name) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found.
O2 - BHO: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O2 - BHO: (no name) - {E859E13A-569E-463D-BE84-A259AD7DB843} - No CLSID value found.
O2 - BHO: (no name) - {F3DBB6FC-D8EF-4EBB-8E3E-87ECE6CDF4AF} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (no name) - {B99F805C-F0B1-48EA-8C8B-753BFCBED913} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O3 - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\..\Toolbar\WebBrowser: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe (Acer Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ApnUpdater] C:\Programme\Ask.com\Updater\Updater.exe (Search-Results)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AzMixerSel] C:\Programme\Realtek\InstallShield\AzMixerSel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe ()
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [eLockMonitor] C:\Acer\Empowering Technology\eLock\Monitor\LaunchMonitor.exe ( )
O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe ()
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (Acer Inc.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [ntiMUI] C:\Programme\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Acer\Acer Arcade\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [preload] C:\WINDOWS\RUNXMLPL.EXE (Wistron)
O4 - HKLM..\Run: [QuickTime Task] C:\Programme\QuickTime Alternative\QTTask.exe (Apple Inc.)
O4 - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006..\Run: [ICQ] "C:\Programme\ICQ6.5\ICQ.exe" silent File not found
O4 - HKLM..\RunOnceEx: []  File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Kodak EasyShare Software.lnk = C:\Programme\Kodak\Kodak EasyShare software\bin\EasyShare.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Acer Empowering Technology.lnk = C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe (Acer Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Poppel\Startmenü\Programme\Autostart\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre6\bin\npjpi160_19.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab (Java Plug-in 1.6.0_19)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B1C6B3C2-A7C9-4320-BE0A-DD7D6D0200AA}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\byXQKefG: DllName - (byXQKefG.dll) -  File not found
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\awttqnMe) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2140b9cc-b057-11df-8007-0016cf9d054d}\Shell - "" = AutoRun
O33 - MountPoints2\{2140b9cc-b057-11df-8007-0016cf9d054d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2140b9cc-b057-11df-8007-0016cf9d054d}\Shell\AutoRun\command - "" = F:\Windows\CHECK\DriveNavigator.exe
O33 - MountPoints2\{e5f63f8d-df7e-11de-bfd8-0016d34d9642}\Shell\AutoRun\command - "" = F:\Toshiba\more4you.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: 6to4 -  File not found
NetSvcs: AppMgmt -  File not found
NetSvcs: HidServ -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Iprip -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: WmdmPmSp -  File not found
 
MsConfig - Services: "AntiVirService"
MsConfig - Services: "AntiVirSchedulerService"
MsConfig - StartUpReg: 557839895 - hkey= - key= -  File not found
MsConfig - StartUpReg: BisonBar - hkey= - key= - C:\WINDOWS\BUtilityBar\BisonBar.exe ()
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= -  File not found
MsConfig - StartUpReg: MSPY2002 - hkey= - key= -  File not found
MsConfig - StartUpReg: PHIME2002A - hkey= - key= -  File not found
MsConfig - StartUpReg: PHIME2002ASync - hkey= - key= -  File not found
MsConfig - StartUpReg: portwexexe.exe - hkey= - key= -  File not found
MsConfig - StartUpReg: {D6F5BC5F-543D-5AFB-146E-FE8A27A8AC05} - hkey= - key= -  File not found
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt -  File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
SafeBootNet: AppMgmt -  File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {1a3e09be-1e45-494b-9174-d7385b45bbf5} - Reg Error: Value error.
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
 
ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vektorgrafik-Rendering (VML)
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML-Datenbindung für Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Erweitertes Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Taskplaner
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E78BFA60-5393-4C38-82AB-E8019E464EB4} - .NET Framework
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
 
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp -  File not found
Drivers32: msacm.mkdmp3enc - C:\PROGRA~2\Acer\ACERAR~1\Kernel\Burner\MKDMP3Enc.ACM File not found
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\System32\vp6vfw.dll (EA.com/On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\System32\vp6vfw.dll (EA.com/On2.com)
Drivers32: vidc.VP62 - C:\WINDOWS\System32\vp6vfw.dll (EA.com/On2.com)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.20 18:41:34 | 000,583,168 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Poppel\Desktop\OTL.exe
[2012.02.19 21:47:41 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2012.02.16 18:13:16 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Poppel\Recent
[2012.02.15 18:30:47 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Poppel\Desktop\didi
[2012.02.07 18:36:17 | 000,000,000 | ---D | C] -- C:\Programme\LSoft Technologies
[2012.02.07 18:36:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Active@ ISO Burner
[2012.02.05 18:30:38 | 023,229,504 | ---- | C] (GridinSoft LLC) -- C:\Dokumente und Einstellungen\Poppel\Desktop\gtk2116-setup.exe
[2012.01.31 16:48:58 | 002,548,777 | ---- | C] (PortableApps.com) -- C:\Dokumente und Einstellungen\Poppel\Desktop\SIWPortable_2011.10.29.paf.exe
[2012.01.31 16:30:38 | 004,179,293 | ---- | C] (Lavalys, Inc.                                               ) -- C:\Dokumente und Einstellungen\Poppel\Desktop\everesthome220.exe
[2012.01.29 17:11:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Poppel\Desktop\BilderLernwerkstatt Mathe
[2007.11.03 11:38:50 | 000,094,208 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006.12.15 05:42:32 | 000,041,976 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2006.12.15 05:34:20 | 002,813,702 | -H-- | C] () -- C:\Dokumente und Einstellungen\Poppel\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2006.12.15 05:34:20 | 000,000,139 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.20 18:41:36 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Poppel\Desktop\OTL.exe
[2012.02.20 18:38:52 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A6F78E69-A2C1-4D0A-8D92-BCAE0171BF20}.job
[2012.02.20 18:24:02 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.20 18:24:02 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.20 18:01:02 | 000,000,228 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2012.02.19 21:44:52 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2012.02.19 21:44:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2012.02.19 21:44:36 | 010,082,304 | R--- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\ESBK.mbb
[2012.02.19 21:44:34 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.02.19 21:44:32 | 007,117,824 | R--- | M] () -- C:\Dokumente und Einstellungen\All Users\Dokumente\ESBK.mb
[2012.02.19 21:42:26 | 000,051,048 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012.02.19 21:42:26 | 000,000,097 | ---- | M] () -- C:\WINDOWS\ComponentList.xml
[2012.02.19 21:42:20 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\WefiStartup.job
[2012.02.19 21:42:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.02.19 21:42:00 | 1542,107,136 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.19 21:36:20 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2012.02.19 21:36:20 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2012.02.19 04:03:16 | 000,000,664 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.19 04:02:10 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2012.02.19 04:02:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2012.02.16 18:51:32 | 000,204,120 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.02.16 18:50:04 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2012.02.16 18:50:04 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2012.02.16 18:13:02 | 001,281,256 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\cc_20120216_181136.reg
[2012.02.16 18:03:44 | 000,009,289 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Geschichte%20handzettel.odt_0.odt
[2012.02.15 22:48:16 | 000,000,153 | -H-- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\.~lock.Geschichte handzettel.odt#
[2012.02.15 22:46:42 | 000,012,468 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Geschichte handzettel.odt
[2012.02.15 19:31:34 | 000,013,364 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Lebenslauf%20Didi.odt_0.odt
[2012.02.15 16:35:26 | 000,011,157 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Neu%20OpenDocument%20Text.odt_0.odt
[2012.02.14 18:22:02 | 000,013,814 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Geschichte 2.odt
[2012.02.08 01:19:08 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2012.02.08 01:19:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2012.02.06 21:52:42 | 006,381,354 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\732862_LS_BY_12_K5.pdf
[2012.02.05 23:35:14 | 000,227,980 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Datenschutz_ab_18.pdf
[2012.02.05 18:32:44 | 023,229,504 | ---- | M] (GridinSoft LLC) -- C:\Dokumente und Einstellungen\Poppel\Desktop\gtk2116-setup.exe
[2012.02.05 18:04:54 | 000,825,374 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\karikatur.bmp
[2012.02.05 18:02:36 | 003,523,926 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\kari.bmp
[2012.02.05 18:00:12 | 003,523,926 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\asfdasdf.bmp
[2012.02.05 17:57:52 | 001,255,192 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\100_4400.jpg
[2012.02.05 16:40:34 | 003,523,926 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Unbenannt.bmp
[2012.02.05 16:32:26 | 000,038,745 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\asd.JPG
[2012.02.05 16:28:14 | 000,012,341 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Neu OpenDocument Text.odt
[2012.02.02 00:58:02 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2012.02.02 00:58:02 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2012.01.31 16:49:18 | 002,548,777 | ---- | M] (PortableApps.com) -- C:\Dokumente und Einstellungen\Poppel\Desktop\SIWPortable_2011.10.29.paf.exe
[2012.01.31 16:31:00 | 004,179,293 | ---- | M] (Lavalys, Inc.                                               ) -- C:\Dokumente und Einstellungen\Poppel\Desktop\everesthome220.exe
[2012.01.24 18:24:16 | 000,010,391 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Geschichte_Marius_Poppel.odt
[2012.01.23 23:39:58 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2012.01.23 23:39:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2012.01.22 14:08:30 | 000,010,875 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\zingaro.odt
 
========== Files Created - No Company Name ==========
 
[2012.02.19 21:44:51 | 000,000,268 | -H-- | C] () -- C:\sqmdata18.sqm
[2012.02.19 21:44:51 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt18.sqm
[2012.02.19 21:36:19 | 000,000,268 | -H-- | C] () -- C:\sqmdata17.sqm
[2012.02.19 21:36:19 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt17.sqm
[2012.02.19 04:37:46 | 000,013,364 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Lebenslauf%20Didi.odt_0.odt
[2012.02.19 04:37:46 | 000,011,157 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Neu%20OpenDocument%20Text.odt_0.odt
[2012.02.19 04:37:46 | 000,009,289 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\Geschichte%20handzettel.odt_0.odt
[2012.02.19 04:03:14 | 000,000,664 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.19 04:02:09 | 000,000,268 | -H-- | C] () -- C:\sqmdata16.sqm
[2012.02.19 04:02:09 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt16.sqm
[2012.02.16 18:50:03 | 000,000,268 | -H-- | C] () -- C:\sqmdata15.sqm
[2012.02.16 18:50:03 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt15.sqm
[2012.02.16 18:11:38 | 001,281,256 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\cc_20120216_181136.reg
[2012.02.16 18:09:40 | 000,001,090 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.16 18:09:40 | 000,001,086 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.15 22:48:15 | 000,000,153 | -H-- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\.~lock.Geschichte handzettel.odt#
[2012.02.15 16:13:14 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.02.15 16:13:14 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\dllcache\iacenc.dll
[2012.02.14 17:05:59 | 000,013,814 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Geschichte 2.odt
[2012.02.08 01:19:06 | 000,000,268 | -H-- | C] () -- C:\sqmdata14.sqm
[2012.02.08 01:19:06 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt14.sqm
[2012.02.06 21:52:31 | 006,381,354 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\732862_LS_BY_12_K5.pdf
[2012.02.05 23:35:11 | 000,227,980 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Datenschutz_ab_18.pdf
[2012.02.05 18:04:53 | 000,825,374 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\karikatur.bmp
[2012.02.05 18:02:34 | 003,523,926 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\kari.bmp
[2012.02.05 18:00:10 | 003,523,926 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\asfdasdf.bmp
[2012.02.05 17:57:57 | 001,255,192 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\100_4400.jpg
[2012.02.05 16:40:33 | 003,523,926 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Unbenannt.bmp
[2012.02.05 16:32:24 | 000,038,745 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\asd.JPG
[2012.02.05 16:01:51 | 000,012,341 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Neu OpenDocument Text.odt
[2012.02.02 01:01:54 | 000,012,468 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Geschichte handzettel.odt
[2012.02.02 00:58:00 | 000,000,268 | -H-- | C] () -- C:\sqmdata13.sqm
[2012.02.02 00:58:00 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt13.sqm
[2012.01.24 18:07:39 | 000,010,391 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Desktop\Geschichte_Marius_Poppel.odt
[2012.01.23 23:39:57 | 000,000,268 | -H-- | C] () -- C:\sqmdata12.sqm
[2012.01.23 23:39:57 | 000,000,244 | -H-- | C] () -- C:\sqmnoopt12.sqm
[2012.01.22 14:08:28 | 000,010,875 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Eigene Dateien\zingaro.odt
[2011.07.11 23:11:09 | 000,000,600 | ---- | C] () -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\winscp.rnd
[2011.03.11 06:36:37 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
 
========== LOP Check ==========
 
[2006.08.29 11:21:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint
[2006.12.15 19:01:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX Firefox
[2008.04.11 07:13:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ralctwdg
[2009.05.17 07:06:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
[2009.06.01 18:06:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ImagesWords
[2009.06.01 18:06:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\EasyPCGate
[2009.11.13 19:20:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\avg9
[2011.03.09 17:07:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2006.12.15 19:02:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Opera
[2006.12.26 18:52:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\FileMaker
[2006.12.29 12:44:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\RTPlayer
[2007.07.08 13:33:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\DriveCleaner Free
[2008.10.04 18:51:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Spamihilator
[2008.10.24 16:43:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\MSNInstaller
[2009.06.01 18:06:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\ImagesWords
[2009.06.01 18:06:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\EasyPCGate
[2009.11.09 20:30:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\CoSoSys
[2010.11.22 18:54:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\BBZ
[2010.11.27 07:22:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Ukicko
[2010.11.27 07:22:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Ylyx
[2010.11.28 22:51:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\OpenOffice.org
[2010.11.28 23:20:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Foxit Software
[2011.02.15 19:24:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\SampleDecks
[2011.06.16 20:06:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1
[2011.08.21 04:01:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\LolClient
[2012.02.19 21:42:20 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\WefiStartup.job
[2012.02.20 18:38:52 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{A6F78E69-A2C1-4D0A-8D92-BCAE0171BF20}.job
[2012.02.20 18:01:02 | 000,000,228 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2004.09.13 12:38:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Identities
[2006.08.29 11:21:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\You've Got Pictures Screensaver
[2006.08.29 11:22:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\AOL
[2008.04.14 04:22:46 | 000,000,000 | --SD | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Microsoft
[2006.12.15 05:36:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Macromedia
[2006.12.15 19:01:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Mozilla
[2006.12.15 19:02:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Opera
[2006.12.15 19:08:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Lavasoft
[2006.12.26 18:52:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\FileMaker
[2006.12.27 14:46:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\CyberLink
[2006.12.28 10:14:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Sun
[2006.12.29 12:44:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\RTPlayer
[2007.01.01 20:21:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Help
[2007.01.20 16:51:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\OpenOffice.org2
[2007.06.17 12:58:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Google
[2007.07.08 13:33:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\DriveCleaner Free
[2008.08.23 10:08:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\vlc
[2008.10.04 18:51:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Spamihilator
[2008.10.24 16:43:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\MSNInstaller
[2008.11.25 20:53:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Adobe
[2009.06.01 18:06:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\ImagesWords
[2009.06.01 18:06:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\EasyPCGate
[2009.11.09 20:30:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\CoSoSys
[2010.11.22 18:54:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\BBZ
[2010.11.27 07:22:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Ukicko
[2010.11.27 07:22:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Ylyx
[2010.11.28 22:05:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Malwarebytes
[2010.11.28 22:51:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\OpenOffice.org
[2010.11.28 23:16:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Avira
[2010.11.28 23:20:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Foxit Software
[2011.02.15 19:24:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\SampleDecks
[2011.03.09 17:09:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Apple Computer
[2011.06.16 20:06:02 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\de.3m5.wendel.flcd.FLCDB.4E7DF207D694E815646D9C9DD7DC91A41EB7FD23.1
[2011.08.21 04:01:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\LolClient
 
< %APPDATA%\*.exe /s >
[2011.06.16 20:18:50 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2008.10.24 16:43:14 | 000,827,368 | ---- | M] (Microsoft Corporation) -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\MSNInstaller\msnauins.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2004.08.04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\I386\sp2.cab:AGP440.sys
[2004.08.04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008.10.17 17:36:22 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008.10.17 17:36:22 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008.04.13 20:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004.08.03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\I386\sp2.cab:atapi.sys
[2004.08.04 05:00:00 | 018,782,319 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008.10.17 17:36:22 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008.10.17 17:36:22 | 023,898,261 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008.04.13 20:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008.04.14 04:22:10 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=04955AA695448C181B367D964AF158AA -- C:\WINDOWS\system32\eventlog.dll
[2004.08.04 05:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=B932C077D5A65B71B4512544AC404CB4 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
< MD5 for: NETLOGON.DLL  >
[2008.04.14 04:22:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008.04.14 04:22:20 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=0098D35F91DEAB9C127360A877F2CF84 -- C:\WINDOWS\system32\netlogon.dll
[2004.08.04 05:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=D27395EDCD3416AFD125A9370DCB585C -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
< MD5 for: NVATA.SYS  >
[2006.01.27 15:04:16 | 000,099,584 | ---- | M] (NVIDIA Corporation) MD5=3AC5EEDD35B7437D53960F3998BFA462 -- C:\WINDOWS\system32\drivers\nvata.sys
 
< MD5 for: SCECLI.DLL  >
[2008.04.14 04:22:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008.04.14 04:22:24 | 000,187,904 | ---- | M] (Microsoft Corporation) MD5=5132443DF6FC3771A17AB4AE55DCBC28 -- C:\WINDOWS\system32\scecli.dll
[2004.08.04 05:00:00 | 000,186,880 | ---- | M] (Microsoft Corporation) MD5=64DC26B3CF7BCCAD431CE360A4C625D5 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005.03.02 19:09:46 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=3751D7CF0E0A113D84414992146BCE6A -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll
[2007.03.08 17:36:30 | 000,579,072 | ---- | M] (Microsoft Corporation) MD5=492E166CFD26A50FB9160DB536FF7D2B -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2007.03.08 17:48:40 | 000,579,584 | ---- | M] (Microsoft Corporation) MD5=78785EFF8CB90CEC1862A4CCFD9A3C3A -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008.04.14 04:22:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008.04.14 04:22:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.04.14 04:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008.04.14 04:23:04 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=788F95312E26389D596C0FA55834E106 -- C:\WINDOWS\system32\userinit.exe
[2004.08.04 05:00:00 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=D1E53DC57143F2584B1DD53B036C0633 -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 05:00:00 | 000,507,392 | ---- | M] (Microsoft Corporation) MD5=2B6A0BAF33A9918F09442D873848FF72 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Programme\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.04.14 04:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008.04.14 04:23:06 | 000,513,024 | ---- | M] (Microsoft Corporation) MD5=F09A527B422E25C478E38CAA0E44417A -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.04 05:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.04 05:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
[2012.02.07 18:36:28 | 000,691,696 | ---- | M] () Unable to obtain MD5 -- C:\WINDOWS\system32\drivers\sptd.sys
 
< %systemroot%\System32\config\*.sav >
[2004.09.13 12:24:16 | 000,434,176 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
[2004.09.13 12:24:16 | 000,638,976 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004.09.13 12:24:16 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
         
--- --- ---



gruß

Alt 20.02.2012, 20:18   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
50-€ Virus infiziert - Standard

50-€ Virus infiziert



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.search-results.com/?l=dis&o=41648036
IE - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
IE - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"
[2006.12.15 19:01:12 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Mozilla\Firefox\Profiles\jo639oys.default\extensions
[2011.12.24 21:01:34 | 000,000,000 | ---D | M] (Search-Results Toolbar) -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Mozilla\Firefox\Profiles\jo639oys.default\extensions\toolbar@ask.com
[2011.08.25 15:21:20 | 000,003,295 | ---- | M] () -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Mozilla\Firefox\Profiles\jo639oys.default\searchplugins\search-results.xml
[2006.12.15 19:00:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2008.10.22 21:25:44 | 000,000,000 | ---D | M] (Zumie Search) -- C:\Programme\Mozilla Firefox\extensions\{D7FEF78F-AFAA-4F9C-A2F7-4706F5F1E1DB}
[2006.10.30 14:34:52 | 000,010,582 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\gmx-suche.xml
[2006.11.28 18:03:38 | 000,005,180 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\preisvergleich.xml
[2008.10.22 21:25:36 | 000,002,390 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\zumie.xml
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O2 - BHO: (no name) - {BD2BEE4D-2C9F-4EA8-B850-D0A4660226F0} - No CLSID value found.
O2 - BHO: (no name) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - No CLSID value found.
O2 - BHO: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O2 - BHO: (no name) - {E859E13A-569E-463D-BE84-A259AD7DB843} - No CLSID value found.
O2 - BHO: (no name) - {F3DBB6FC-D8EF-4EBB-8E3E-87ECE6CDF4AF} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKLM\..\Toolbar: (no name) - {B99F805C-F0B1-48EA-8C8B-753BFCBED913} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O3 - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll (HiTRUST)
O3 - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\..\Toolbar\WebBrowser: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
O4 - HKLM..\Run: []  File not found
O4 - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006..\Run: [ICQ] "C:\Programme\ICQ6.5\ICQ.exe" silent File not found
O4 - HKLM..\RunOnceEx: []  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O20 - Winlogon\Notify\byXQKefG: DllName - (byXQKefG.dll) -  File not found
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\awttqnMe) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2140b9cc-b057-11df-8007-0016cf9d054d}\Shell - "" = AutoRun
O33 - MountPoints2\{2140b9cc-b057-11df-8007-0016cf9d054d}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{2140b9cc-b057-11df-8007-0016cf9d054d}\Shell\AutoRun\command - "" = F:\Windows\CHECK\DriveNavigator.exe
O33 - MountPoints2\{e5f63f8d-df7e-11de-bfd8-0016d34d9642}\Shell\AutoRun\command - "" = F:\Toshiba\more4you.exe
[2008.04.11 07:13:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ralctwdg
[2010.11.27 07:22:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Ukicko
[2010.11.27 07:22:12 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Ylyx
:Commands
[emptytemp]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.02.2012, 13:17   #11
ricu123
 
50-€ Virus infiziert - Standard

50-€ Virus infiziert



Hallo,
bei diesem Eintrag:
Code:
ATTFilter
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
         
hängt sich das Programm auf und gibt "Keine Rückmeldung".

Was soll ich jetzt tun?

Gruß

Alt 21.02.2012, 14:47   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
50-€ Virus infiziert - Standard

50-€ Virus infiziert



Probier den FIx im abgesicherten Modus aus
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 21.02.2012, 18:26   #13
ricu123
 
50-€ Virus infiziert - Standard

50-€ Virus infiziert



Selbes Problem im abgesichterten Modus!
Hab mal nachgeschaut die Datei mit dem Pfad (C:\Programme\Ask.com\GenericAskToolbar.dll) existiert garnicht?


Alt 21.02.2012, 18:30   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
50-€ Virus infiziert - Standard

50-€ Virus infiziert



Dann nimm mal nur diese Zeile raus dem Fixscript und probiers erneut
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 22.02.2012, 14:29   #15
ricu123
 
50-€ Virus infiziert - Standard

50-€ Virus infiziert



Musste jetzt:
Code:
ATTFilter
O3 - HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\..\Toolbar\WebBrowser: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
         
und
Code:
ATTFilter
O3 - HKLM\..\Toolbar: (Search-Results Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Search-Results)
         
rausnehmen, damit es lief, hier die Logdatei:
Code:
ATTFilter
All processes killed
========== OTL ==========
HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1949775650-2822676996-1979519876-1006\Software\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Registry value HKEY_USERS\S-1-5-21-1949775650-2822676996-1979519876-1006\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-1949775650-2822676996-1979519876-1006\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKU\S-1-5-21-1949775650-2822676996-1979519876-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "hxxp://start.icq.com/" removed from browser.startup.homepage
Folder C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Mozilla\Firefox\Profiles\jo639oys.default\extensions\ not found.
Folder C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Mozilla\Firefox\Profiles\jo639oys.default\extensions\toolbar@ask.com\ not found.
File C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Mozilla\Firefox\Profiles\jo639oys.default\searchplugins\search-results.xml not found.
Folder C:\Programme\Mozilla Firefox\extensions\ not found.
Folder C:\Programme\Mozilla Firefox\extensions\{D7FEF78F-AFAA-4F9C-A2F7-4706F5F1E1DB}\ not found.
File C:\Programme\mozilla firefox\searchplugins\gmx-suche.xml not found.
File C:\Programme\mozilla firefox\searchplugins\preisvergleich.xml not found.
File C:\Programme\mozilla firefox\searchplugins\zumie.xml not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ not found.
File C:\Programme\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BD2BEE4D-2C9F-4EA8-B850-D0A4660226F0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BD2BEE4D-2C9F-4EA8-B850-D0A4660226F0}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Programme\Ask.com\GenericAskToolbar.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E859E13A-569E-463D-BE84-A259AD7DB843}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E859E13A-569E-463D-BE84-A259AD7DB843}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3DBB6FC-D8EF-4EBB-8E3E-87ECE6CDF4AF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F3DBB6FC-D8EF-4EBB-8E3E-87ECE6CDF4AF}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5CBE3B7C-1E47-477e-A7DD-396DB0476E29} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CBE3B7C-1E47-477e-A7DD-396DB0476E29}\ not found.
File C:\WINDOWS\system32\eDStoolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B99F805C-F0B1-48EA-8C8B-753BFCBED913} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B99F805C-F0B1-48EA-8C8B-753BFCBED913}\ not found.
Registry value HKEY_USERS\S-1-5-21-1949775650-2822676996-1979519876-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5CBE3B7C-1E47-477E-A7DD-396DB0476E29}\ not found.
File C:\WINDOWS\system32\eDStoolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1949775650-2822676996-1979519876-1006\Software\Microsoft\Windows\CurrentVersion\Run\\ICQ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoCDBurning deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\HonorAutoRunSetting deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1949775650-2822676996-1979519876-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\byXQKefG\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\WINDOWS\system32\awttqnMe deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2140b9cc-b057-11df-8007-0016cf9d054d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2140b9cc-b057-11df-8007-0016cf9d054d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2140b9cc-b057-11df-8007-0016cf9d054d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2140b9cc-b057-11df-8007-0016cf9d054d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2140b9cc-b057-11df-8007-0016cf9d054d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2140b9cc-b057-11df-8007-0016cf9d054d}\ not found.
File F:\Windows\CHECK\DriveNavigator.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e5f63f8d-df7e-11de-bfd8-0016d34d9642}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e5f63f8d-df7e-11de-bfd8-0016d34d9642}\ not found.
File F:\Toshiba\more4you.exe not found.
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ralctwdg folder moved successfully.
C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Ukicko folder moved successfully.
C:\Dokumente und Einstellungen\Poppel\Anwendungsdaten\Ylyx folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes
 
User: All Users
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 35993 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1057171 bytes
->FireFox cache emptied: 0 bytes
 
User: Poppel
->Temp folder emptied: 48740456 bytes
->Temporary Internet Files folder emptied: 7433580 bytes
->Java cache emptied: 300221 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 6052679 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 56972 bytes
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 840818 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 62,00 mb
 
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.33.1 log created on 02222012_152838

Files\Folders moved on Reboot...
C:\WINDOWS\temp\Perflib_Perfdata_9a8.dat moved successfully.

Registry entries deleted on Reboot...
         

Antwort

Themen zu 50-€ Virus infiziert
0x00000001, 0xc0000001, 7-zip, antivir, avira, bho, bildschirm, blockiert, bonjour, dateisystem, desktop, document, error, explorer, fehler, firefox, format, frage, heuristiks/extra, heuristiks/shuriken, home, internet browser, launch, league of legends, logfile, pup.zwangi, realtek, registry, rundll, safer networking, schutz, schwarzer bildschirm, security update, software, studio, temp, torrent.exe, udp, version=1.0, virus, windows internet, winlogon.exe



Ähnliche Themen: 50-€ Virus infiziert


  1. Interpol Virus / Bin ich infiziert?
    Plagegeister aller Art und deren Bekämpfung - 11.04.2014 (7)
  2. Notebook mit Virus infiziert
    Plagegeister aller Art und deren Bekämpfung - 10.10.2013 (17)
  3. Windows 7: mit Virus ihavenet infiziert
    Log-Analyse und Auswertung - 01.10.2013 (9)
  4. Computer Zero.Access Virus infiziert
    Mülltonne - 16.07.2013 (1)
  5. Dateien mit Virus corrupted.exe infiziert
    Plagegeister aller Art und deren Bekämpfung - 26.02.2013 (17)
  6. mit ihavenet-Virus infiziert - was nun?
    Log-Analyse und Auswertung - 28.12.2012 (22)
  7. ihavenet - virus infiziert?
    Plagegeister aller Art und deren Bekämpfung - 03.10.2012 (3)
  8. Infiziert durch den Virus: Trojan.Sirefef.JD/.JC
    Log-Analyse und Auswertung - 27.09.2012 (2)
  9. Mit BKA Virus 1.13 infiziert, Windows 7
    Log-Analyse und Auswertung - 06.09.2012 (9)
  10. Computer mit Bundespolizei-Virus (Ukash) infiziert
    Plagegeister aller Art und deren Bekämpfung - 22.08.2012 (3)
  11. (2x) Infiziert durch den Virus: Trojan.Sirefef.JD/.JC
    Mülltonne - 15.08.2012 (2)
  12. Infiziert durch den Virus: Trojan.Sirefef.JD/.JC
    Mülltonne - 11.08.2012 (0)
  13. Virus/Malware infiziert was soll ich tun.
    Log-Analyse und Auswertung - 21.01.2011 (7)
  14. PC wurde mit Virus infiziert ?
    Log-Analyse und Auswertung - 29.10.2010 (3)
  15. Virus infiziert Entwicklungsumgebung
    Nachrichten - 18.08.2009 (0)
  16. PC - Infiziert??? Virus-Meldungen
    Plagegeister aller Art und deren Bekämpfung - 30.07.2008 (1)
  17. paranoid od. infiziert ? BkCln.Unknown Virus
    Log-Analyse und Auswertung - 21.01.2006 (1)

Zum Thema 50-€ Virus infiziert - Hallo, bin ebenfalls von dem Virus "Achtung! Aus Sicherheitsgründen wurde Ihr Windowssystem blockiert". Ein schwarzer Bildschirm und ich muss 50€ zahlen um den Virus loszuwerden Hab schonmal Malwarebytes und OTL - 50-€ Virus infiziert...
Archiv
Du betrachtest: 50-€ Virus infiziert auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.