Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Firefox öffnet bei suche in Google mehrmals falsche links vor dem richtigen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 19.05.2010, 14:43   #1
roadrunner14
 
Firefox öffnet bei suche in Google mehrmals falsche links  vor dem richtigen - Icon21

Firefox öffnet bei suche in Google mehrmals falsche links vor dem richtigen



Hallo!

Ich hab Probleme mit meinem Laptop. Seit einiger Zeit ruft Firefox falsche links auf. Wenn ich Google benutze und will ein Suchergebnis in einem neuen Tab öffnen, dann kommt meistens immer 2 mal Ebay oder irgendwas anderes. Erst danach beim 3. oder 4. versuch kommt die richtige Seite. Ich hab Bitdefender Internet-Security 2010 drauf. Ich hab schon paarmal komplett gescannt, bisher ohne Erfolg. Ich hab momentan den F-Secure Online-Scanner am laufen. Er hat eben 1 Malware und 7 Spyware gefunden. Was noch kommt weiß ich nicht. Was kann ich noch prüfen oder machen?

Das Problem hab ich zwar schonmal mit der Suche gefunden, aber das ist 3 Jahre her und manche Programme die empfohlen wurden gibts nicht mehr.

Es ist ein Core2Duo mit 2GB und Windows 7 Ultimate 32bit.

Alt 19.05.2010, 16:39   #2
roadrunner14
 
Firefox öffnet bei suche in Google mehrmals falsche links  vor dem richtigen - Standard

Firefox öffnet bei suche in Google mehrmals falsche links vor dem richtigen



Hi!

Ich hab mal Combofix und CCleaner durchlaufen lassen. Ich erhielt unter anderem auch Meldungen von gefundenen Rootkits.
Hier mal ein Logfile:

Zitat:
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\roadrunner1405\AppData\Roaming\cglogs.dat
c:\windows\system32\drivers\npf.sys
c:\windows\system32\lowsec
c:\windows\system32\lowsec\local.ds
c:\windows\system32\lowsec\user.ds
c:\windows\system32\msdvdr.dat
c:\windows\system32\Packet.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll

.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_iprip
-------\Service_msdvdDrv
-------\Service_msdvdr
-------\Service_NPF


((((((((((((((((((((((( Dateien erstellt von 2010-04-19 bis 2010-05-19 ))))))))))))))))))))))))))))))
.

2010-05-19 13:22 . 2010-05-19 13:22 -------- d-----w- c:\program files\CCleaner
2010-05-19 12:24 . 2010-05-19 12:24 -------- d-----w- c:\programdata\F-Secure
2010-05-17 12:28 . 2010-05-17 12:28 -------- d-----w- c:\program files\SweetIM
2010-05-17 12:28 . 2010-05-17 12:28 -------- d-----w- c:\programdata\SweetIM
2010-05-15 15:03 . 2010-05-15 15:33 -------- d-----w- c:\program files\ICQ7.1
2010-05-10 19:17 . 2009-10-10 02:57 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-05-10 19:17 . 2009-10-10 02:31 84992 ----a-w- c:\windows\system32\drivers\sdbus.sys
2010-05-10 18:42 . 2009-12-11 07:44 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-05-10 18:42 . 2009-12-11 07:38 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2010-05-10 18:42 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys
2010-05-07 19:15 . 2010-05-07 19:15 -------- d-----w- c:\program files\The KMPlayer
2010-05-07 19:02 . 2010-05-07 19:02 -------- d-----w- c:\users\roadrunner1405\AppData\Local\ratDVD
2010-05-07 19:02 . 2010-05-07 19:02 -------- d-----w- c:\program files\ratDVD
2010-05-07 13:32 . 2010-05-07 13:32 -------- d-----w- c:\users\roadrunner1405\AppData\Local\Diagnostics
2010-05-05 10:56 . 2010-05-05 10:56 -------- d-----w- c:\programdata\eBay
2010-05-05 10:56 . 2010-05-05 10:56 -------- d-----w- c:\program files\eBay
2010-05-04 10:12 . 2010-05-04 10:12 -------- d-----w- c:\users\roadrunner1405\AppData\Local\FixItCenter
2010-05-04 09:58 . 2010-05-04 09:58 -------- d-----w- c:\windows\CheckSur
2010-05-04 09:50 . 2010-05-04 09:50 -------- d-----w- c:\windows\MATS
2010-05-04 09:50 . 2010-05-04 09:50 -------- d-----w- c:\program files\Microsoft Fix it Center
2010-05-03 22:44 . 2010-05-04 10:06 -------- d-----w- c:\program files\Registry Easy
2010-05-03 17:18 . 2010-05-03 17:18 -------- d-----w- c:\program files\Trend Micro
2010-04-28 06:28 . 2010-04-28 08:34 -------- d-----w- c:\program files\a-squared Free
2010-04-27 13:59 . 2010-04-27 13:59 -------- d-----w- c:\programdata\Cloanto
2010-04-27 13:59 . 2010-04-27 13:59 -------- d-----w- c:\program files\Common Files\Cloanto
2010-04-27 13:59 . 2010-04-27 13:59 -------- d-----w- c:\program files\Cloanto
2010-04-27 10:25 . 2010-04-01 13:11 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-04-27 10:10 . 2010-04-01 13:17 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-04-27 10:09 . 2010-04-27 10:25 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-04-27 10:07 . 2010-04-27 10:07 -------- d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-04-27 09:45 . 2010-05-10 16:00 -------- d-----w- c:\program files\Unlocker
2010-04-26 20:35 . 2010-04-30 08:19 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2010-04-26 20:13 . 2010-04-26 20:13 -------- d-----w- c:\program files\QSoft
2010-04-26 20:12 . 2010-04-26 20:12 -------- d-----w- c:\program files\NoVirusThanks
2010-04-26 20:06 . 2006-06-19 10:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-04-26 20:06 . 2006-05-25 12:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-04-26 20:06 . 2005-08-25 22:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-04-26 20:06 . 2003-02-02 17:06 153088 ----a-w- c:\windows\system32\UNRAR3.dll
2010-04-26 20:06 . 2002-03-05 22:00 75264 ----a-w- c:\windows\system32\unacev2.dll
2010-04-26 20:06 . 2010-04-26 21:12 -------- d-----w- c:\program files\Trojan Remover
2010-04-26 20:06 . 2010-04-26 20:06 -------- d-----w- c:\users\roadrunner1405\AppData\Roaming\Simply Super Software
2010-04-26 20:06 . 2010-04-26 20:06 -------- d-----w- c:\programdata\Simply Super Software
2010-04-26 09:00 . 2010-04-26 09:01 -------- d-----w- C:\ZL_DB_CCcam_SoftCam_Control
2010-04-25 21:15 . 2010-04-25 21:15 -------- d-----w- c:\users\roadrunner1405\AppData\Local\Mozilla
2010-04-25 10:22 . 2010-04-25 12:30 -------- d-----w- c:\program files\WindowsServices
2010-04-25 10:22 . 2010-04-25 10:22 -------- d-----w- c:\program files\TimHillOne
2010-04-24 11:05 . 2010-04-24 11:05 -------- d-----w- c:\program files\PGWARE
2010-04-23 14:59 . 2010-04-23 14:59 49152 ----a-r- c:\windows\system32\inetwh32.dll
2010-04-23 14:59 . 2010-04-23 14:59 1044480 ----a-r- c:\windows\system32\roboex32.dll

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-19 14:01 . 2009-08-23 17:48 -------- d-----w- c:\users\roadrunner1405\AppData\Roaming\Skype
2010-05-19 14:00 . 2009-08-23 17:50 -------- d-----w- c:\users\roadrunner1405\AppData\Roaming\skypePM
2010-05-19 13:59 . 2010-03-23 19:33 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2010-05-19 09:00 . 2010-01-07 12:02 2300696 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-05-19 09:00 . 2010-05-19 09:00 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-05-18 20:08 . 2010-03-15 12:49 -------- d-----w- c:\users\roadrunner1405\AppData\Roaming\UseNeXT
2010-05-16 18:02 . 2009-10-08 20:42 -------- d-----w- c:\program files\Mozilla Thunderbird 3.0 Beta 3
2010-05-15 21:44 . 2010-03-10 10:02 -------- d-----w- c:\program files\JDownloader
2010-05-15 16:31 . 2009-10-07 08:26 -------- d-----w- c:\users\roadrunner1405\AppData\Roaming\ICQ
2010-05-15 16:24 . 2009-07-14 04:52 -------- d-----w- c:\program files\Windows Sidebar
2010-05-15 15:24 . 2009-10-07 08:26 -------- d-----w- c:\program files\ICQ6Toolbar
2010-05-15 15:23 . 2009-10-07 08:26 -------- d-----w- c:\programdata\ICQ
2010-05-10 18:09 . 2009-08-23 17:45 -------- d-----r- c:\program files\Skype
2010-05-10 16:00 . 2009-08-22 15:25 -------- d-----w- c:\program files\Smart Battery
2010-05-10 16:00 . 2009-08-22 15:41 -------- d-----w- c:\program files\Lenovo Fingerprint Software
2010-05-10 12:56 . 2009-10-19 15:04 72784 ----a-w- c:\windows\system32\drivers\BdfNdisf6.sys
2010-05-10 12:05 . 2010-05-05 08:44 112 ----a-w- c:\programdata\ge8aaiu.dat
2010-05-07 19:13 . 2009-09-11 19:05 -------- d-----w- c:\users\roadrunner1405\AppData\Roaming\vlc
2010-05-07 19:11 . 2010-05-07 19:11 2853 ----a-w- c:\programdata\hQrLb0N2.PIF
2010-05-07 19:11 . 2010-05-07 19:11 2853 ----a-w- c:\programdata\hQrLb0N2.PIF
2010-05-07 19:03 . 2010-05-05 08:44 68610 ----a-w- c:\programdata\hQrLb0N2.exe
2010-05-07 19:03 . 2010-05-05 08:44 68610 ----a-w- c:\programdata\hQrLb0N2.exe
2010-05-04 18:43 . 2010-05-04 18:43 0 ----a-w- c:\windows\system32\drivers\OV9655S.SET
2010-04-28 06:45 . 2009-10-18 08:40 -------- d-----w- c:\program files\FileZilla FTP Client
2010-04-27 17:59 . 2010-03-15 12:43 -------- d-----w- c:\program files\UseNeXT
2010-04-27 10:14 . 2009-08-22 21:46 -------- d-----w- c:\program files\TuneUp Utilities 2009
2010-04-27 10:08 . 2009-08-22 21:46 -------- d-----w- c:\programdata\TuneUp Software
2010-04-14 08:04 . 2009-08-27 09:04 -------- d-----w- c:\programdata\Microsoft Help
2010-04-02 08:46 . 2009-08-22 15:12 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-02 08:45 . 2009-10-24 14:45 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2010-04-02 08:42 . 2010-04-02 08:42 -------- d-----w- c:\program files\Xirrus
2010-04-01 14:13 . 2010-04-01 14:13 -------- d-----w- c:\program files\Common Files\Skype
2010-04-01 13:43 . 2009-07-24 10:26 291352 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2010-04-01 13:11 . 2009-08-22 21:48 21320 ----a-w- c:\windows\system32\authuitu.dll
2010-03-29 21:06 . 2010-03-29 21:06 -------- d-----w- c:\program files\EPROM50
2010-03-29 20:58 . 2010-03-29 20:58 5152 ----a-w- c:\windows\system32\drivers\io.sys
2010-03-25 18:39 . 2010-03-25 18:38 -------- d-----w- c:\program files\ICQ-Banner-Remover
2010-03-25 09:27 . 2010-04-25 21:32 1107264 ----a-w- c:\users\roadrunner1405\AppData\Roaming\Mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
2010-03-24 18:17 . 2010-03-24 08:04 952768 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\30963\AdobeARM.exe
2010-03-24 18:17 . 2010-03-24 08:04 70584 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\30963\AdobeExtractFiles.dll
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\30963\ReaderUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04 326056 ----a-w- c:\programdata\Adobe\Reader\9.3\ARM\30963\AcrobatUpdater.exe
2010-03-23 19:33 . 2009-10-22 16:20 739082 ----a-w- c:\windows\system32\perfh007.dat
2010-03-23 19:33 . 2009-10-22 16:20 153070 ----a-w- c:\windows\system32\perfc007.dat
2010-03-23 19:32 . 2010-03-23 19:32 -------- d-----w- c:\program files\CMAK
2010-03-23 09:54 . 2010-03-23 09:54 -------- d-----w- c:\program files\RMClock
2010-03-22 18:04 . 2010-03-22 18:04 -------- d-----w- c:\program files\CPUCooL
2010-03-18 15:58 . 2010-03-18 15:58 101248 ----a-w- c:\windows\system32\drivers\avmaura.sys
2010-03-18 12:22 . 2010-03-18 11:08 28672 ----a-w- c:\windows\system32\AF15BDAEX.dll
2010-03-18 12:22 . 2010-03-18 11:08 126 ----a-w- c:\windows\system32\AF15IRTBL.bin
2010-03-18 12:22 . 2010-03-18 11:08 483200 ----a-w- c:\windows\system32\drivers\AF15BDA.sys
2010-03-17 09:35 . 2010-04-25 21:32 309248 ----a-w- c:\users\roadrunner1405\AppData\Roaming\Mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
2010-03-15 13:04 . 2009-08-25 12:02 34 ----a-w- c:\programdata\StarMoney 7.0\profil\sfmsm.dll
2010-03-10 10:01 . 2010-03-10 10:01 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-03-08 21:33 . 2010-04-14 07:57 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-02-28 19:23 . 2009-09-05 13:06 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2010-02-28 19:23 . 2009-09-05 13:06 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2010-02-28 18:30 . 2010-02-28 18:30 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2010-02-28 18:30 . 2010-02-06 17:47 1170240 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-02-27 12:07 . 2010-04-14 07:57 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-27 12:07 . 2010-04-14 07:57 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-27 07:32 . 2010-04-14 07:57 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-27 07:32 . 2010-04-14 07:57 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-02-27 07:32 . 2010-04-14 07:57 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 07:56 . 2010-03-30 17:57 977920 ----a-w- c:\windows\system32\wininet.dll
2010-02-22 16:58 . 2010-03-11 14:09 1733152 ----a-w- c:\windows\system32\RtkPgExt.dll
2010-02-22 16:58 . 2010-03-11 14:09 57888 ----a-w- c:\windows\system32\RtkCoInst.dll
2010-02-22 16:58 . 2010-03-11 14:09 371232 ----a-w- c:\windows\system32\RtkApoApi.dll
2010-02-22 16:58 . 2010-03-11 14:09 2649120 ----a-w- c:\windows\system32\RtkAPO.dll
2010-02-22 16:23 . 2010-03-11 14:09 3022944 ----a-w- c:\windows\system32\drivers\RTKVHDA.sys
2010-02-20 16:47 . 2010-01-07 12:02 1170240 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
Code:
ATTFilter
<pre>
c:\program files\Acronis\TrueImageHome\timountermonitor .exe
c:\program files\Acronis\TrueImageHome\TrueImageMonitor .exe
c:\program files\Adobe\Reader 9.0\Reader\reader_sl .exe
c:\program files\Common Files\Acronis\Schedule2\schedhlp .exe
c:\program files\Common Files\Adobe\ARM\1.0\adobearm .exe
c:\program files\Intel\AMT\atchk .exe
c:\program files\Lenovo Fingerprint Software\fpapp .exe
c:\program files\Microsoft Office\Office12\groovemonitor .exe
c:\program files\PGWARE\SuperRam\superramtray .exe
c:\program files\QSoft\Autorun Kicker\_autorunkicker .exe
c:\program files\Skype\Phone\skype .exe
c:\program files\Smart Battery\smbtray .exe
c:\program files\Trojan Remover\trjscan .exe
c:\program files\Unlocker\UnlockerAssistant  .exe
c:\program files\Windows Sidebar\sidebar .exe
</pre>
         
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll" [2010-03-18 187192]

[HKEY_CLASSES_ROOT\clsid\{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SweetIM_URLSearchHook.ToolbarURLSearchHook]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2010-03-18 14:06 1361208 ----a-r- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-03-18 1361208]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-03-18 1361208]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.IEToolbar]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-06 26102056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2010-04-01 1123360]
"BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-19 71152]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-02-22 8522272]
"MsmqIntCert"="mqrt.dll" [2009-07-14 152064]
"igfxTray Module"="c:\windows\System32\igfxtray.exe" [2009-09-23 141848]
"hkcmd Module"="c:\windows\System32\hkcmd.exe" [2009-09-23 173592]
"persistence Module"="c:\windows\System32\igfxpers.exe" [2009-09-23 150552]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2010-04-14 111928]

c:\users\roadrunner1405\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Mozilla Firefox.lnk - c:\program files\Mozilla Firefox\firefox.exe [2010-4-25 910296]
Mozilla Thunderbird 3.0 Beta 3.lnk - c:\program files\Mozilla Thunderbird 3.0 Beta 3\thunderbird.exe [2009-10-8 11959472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TMMonitor.lnk]
backup=c:\windows\pss\TMMonitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^roadrunner1405^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^klickTel OEM Frühjahr 2009 - Schnellstarter.lnk]
backup=c:\windows\pss\klickTel OEM Frühjahr 2009 - Schnellstarter.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2009-10-10 12:32 203264 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EmbassySecurityCheck]
2007-04-16 08:13 71232 ----a-w- c:\program files\Wave Systems Corp\Embassy Security Setup\EmbassySecurityCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2009-09-23 17:30 173592 ----a-w- c:\windows\System32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2009-06-04 17:03 186904 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2009-09-23 17:30 141848 ----a-w- c:\windows\System32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2009-09-23 17:30 150552 ----a-w- c:\windows\System32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\phonostarTimer]
2009-09-28 09:01 36864 ----a-w- c:\program files\phonostar-Player\phonostarTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2009-11-11 14:11 287800 ----a-r- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite]
2009-09-24 13:41 434176 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-03-10 10:01 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TODO_ _File description_]
c:\program files\Smart Battery\smbtray.exe [N/A]

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-10-24 721904]
R2 StarMoney 7.0 OnlineUpdate;StarMoney 7.0 OnlineUpdate;c:\program files\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [2009-09-11 528904]
R3 AF9035BDA;AF9035 BDA Devices;c:\windows\system32\Drivers\AF9035BDA.sys [2009-07-13 199168]
R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-10-19 183880]
R3 MatSvc;Microsoft Fix it Supportcenter;c:\program files\Microsoft Fix it Center\Matsvc.exe [2010-04-10 266544]
R3 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R3 WMSVC;Webverwaltungsdienst;c:\windows\system32\inetsrv\wmsvc.exe [2009-07-14 9728]
R4 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S0 KeyAgent;KeyAgent; [x]
S0 snapman378;Acronis Snapshots Manager (Build 378);c:\windows\system32\DRIVERS\snman378.sys [2009-08-22 134272]
S0 stmtpm;STM TPM Service;c:\windows\system32\DRIVERS\stm_tpm.sys [2007-07-05 21504]
S0 tdrpman124;Acronis Try&Decide and Restore Points filter (build 124);c:\windows\system32\DRIVERS\tdrpm124.sys [2009-08-22 950848]
S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\system32\DRIVERS\BdfNdisf6.sys [2010-05-10 72784]
S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-05-10 79952]
S1 ntiomin;ntiomin; [x]
S2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [2010-04-28 1872320]
S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2009-11-20 29416]
S2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2010\bdvedisk.sys [2010-05-10 85128]
S2 ftpsvc;Microsoft-FTP-Dienst;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520]
S2 io.sys;IO.DLL Driver;c:\windows\system32\drivers\io.sys [2010-03-29 5152]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-02-11 172328]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-04-01 1050440]
S2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [2007-07-27 1489688]
S3 avmaura;AVM USB-Fernanschluss;c:\windows\system32\DRIVERS\avmaura.sys [2010-03-18 101248]
S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [2010-02-17 153448]
S3 DCamUSBGene;GenesysLogic USB2.0 PC Camera;c:\windows\system32\DRIVERS\usbgene.sys [2007-06-26 131584]
S3 netw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2010-01-13 6628352]
S3 PsxDrv;PsxDrv;c:\windows\system32\drivers\psxdrv.sys [2009-07-13 9216]
S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2009-11-09 25088]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S3 wbms_vista_x86;Winbond Memory Stick Controller;c:\windows\system32\Drivers\wbms_vista_x86.SYS [2007-06-26 52224]
S3 wbsdmmc;Winbond SD/MMC Controller;c:\windows\system32\DRIVERS\wbsdmmc_vista_x86.sys [2007-04-20 44544]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
bdx REG_MULTI_SZ scan
ftpsvc REG_MULTI_SZ ftpsvc
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
ipripsvc REG_MULTI_SZ iprip
LPDService REG_MULTI_SZ LPDSVC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://start.icq.com/
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
LSP: c:\windows\system32\biolsp.dll
FF - ProfilePath - c:\users\roadrunner1405\AppData\Roaming\Mozilla\Firefox\Profiles\jx3wb3ha.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?src=2&q=
FF - component: c:\program files\BitDefender\BitDefender 2010\bdaphffext\components\bdaphff2.dll
FF - component: c:\program files\BitDefender\BitDefender 2010\bdaphffext\components\bdaphff3.6.dll
FF - component: c:\program files\BitDefender\BitDefender 2010\bdaphffext\components\bdaphff3.dll
FF - component: c:\users\roadrunner1405\AppData\Roaming\Mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}\components\NativeComponent.dll
FF - component: c:\users\roadrunner1405\AppData\Roaming\Mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\fb_add_on@avm.de\components\FB_AddOn.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Sony\Media Go\npmediago.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Win7codecs\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\Win7codecs\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\roadrunner1405\AppData\Roaming\Mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX Richtlinien ----




FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-persistent-connections-per-server - 4
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService



**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, hxxp://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: >>UNKNOWN [0x8300A000]<< >>UNKNOWN [0x89BB5000]<< >>UNKNOWN [0x89BA4000]<< >>UNKNOWN [0x84522000]<< >>UNKNOWN [0x8341A000]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
IoDeviceObjectType -> DumpProcedure -> 0xd46a624f
SecurityProcedure -> 0x8587d5f0
QueryNameProcedure -> 0x8587c280
user & kernel MBR OK

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\.Default\Software\SetID\Internal]
@Denied: (A 2) (LocalSystem)
"DATA"="<settings expireTime=\"0\" productStatus=\"1\" obSize=\"0\" InstallIS=\"2145870353\" isSubsc=\"0\" version=\"12.0.1\" timeDiff=\"1\" oldDevice=\"\" authStatus_is=\"0\" />"
"Device"="xrnJucq8yLy6z8fMzszNusjHvM8="

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'lsass.exe'(832)
c:\windows\system32\wvauth.DLL
c:\windows\system32\biolsp.dll

- - - - - - - > 'Explorer.exe'(1728)
c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\psxss.exe
c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
c:\program files\BitDefender\BitDefender 2010\vsserv.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\BitDefender\BitDefender 2010\seccenter.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Intel\AMT\atchksrv.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Intel\AMT\LMS.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\mqsvc.exe
c:\xampp\mysql\bin\mysqld.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\System32\tcpsvcs.exe
c:\windows\System32\snmp.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\TeamViewer\Version5\TeamViewer.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\system32\mqtgsvc.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\UI0Detect.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\servicing\TrustedInstaller.exe
c:\users\roadrunner1405\AppData\Local\temp\fsonlinescanner.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-05-19 16:06:40 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2010-05-19 14:06

Vor Suchlauf: 9 Verzeichnis(se), 10.513.735.680 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 10.331.709.440 Bytes frei

- - End Of File - - 647375AE73689C71DAC06A2069CC07EB
__________________


Alt 19.05.2010, 16:43   #3
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Firefox öffnet bei suche in Google mehrmals falsche links  vor dem richtigen - Standard

Firefox öffnet bei suche in Google mehrmals falsche links vor dem richtigen



Hallo und

Combofix sollte nur auf Anweisung hin ausgeführt werden!!

bitte nen Vollscan mit Malwarebytes machen und Log posten. Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
__________________

Alt 19.05.2010, 17:03   #4
roadrunner14
 
Firefox öffnet bei suche in Google mehrmals falsche links  vor dem richtigen - Standard

Firefox öffnet bei suche in Google mehrmals falsche links vor dem richtigen



Hallo! Danke für die Hilfe.

Hier die log OTL

Code:
ATTFilter
OTL logfile created on: 19.05.2010 16:55:08 - Run 1
OTL by OldTimer - Version 3.2.4.1     Folder = C:\Users\roadrunner1405\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): c:\pagefile.sys 5000 5000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 9,88 Gb Free Space | 4,24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ROADRUNNER-NB
Current User Name: roadrunner1405
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\roadrunner1405\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Thunderbird 3.0 Beta 3\thunderbird.exe (Mozilla Messaging)
PRC - C:\Programme\BitDefender\BitDefender 2010\vsserv.exe (BitDefender S.R.L.)
PRC - C:\Programme\a-squared Free\a2service.exe (Emsi Software GmbH)
PRC - C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
PRC - C:\Programme\BitDefender\BitDefender 2010\seccenter.exe (BitDefender S.R.L.)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software)
PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Programme\Java\jre6\bin\jp2launcher.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Java\jre6\bin\java.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Realtek\Audio\HDA\rthdvcpl.exe (Realtek Semiconductor)
PRC - C:\Programme\TeamViewer\Version5\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Programme\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender S.R.L.)
PRC - C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
PRC - C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
PRC - C:\xampp\mysql\bin\mysqld.exe (MySQL AB)
PRC - C:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\TCPSVCS.EXE (Microsoft Corporation)
PRC - C:\Windows\System32\snmp.exe (Microsoft Corporation)
PRC - C:\Windows\System32\psxss.exe (Microsoft Corporation)
PRC - C:\Windows\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Programme\Intel\AMT\UNS.exe (Intel Corporation)
PRC - C:\Programme\Intel\AMT\atchksrv.exe (Intel Corporation)
PRC - C:\Programme\Intel\AMT\LMS.exe (Intel Corporation)
PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\roadrunner1405\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\plugin_extra.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\plugin_net.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\plugin_nt.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\plugin_base.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\plugin_fragments.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\midas32.dll (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\plugin_registry.m32 (BitDefender S.R.L. Bucharest, ROMANIA)
MOD - C:\Programme\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\leaktests.m32 (BitDefender SRL)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (VSSERV) -- C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe (BitDefender S.R.L.)
SRV - (a2free) -- C:\Program Files\a-squared Free\a2service.exe (Emsi Software GmbH)
SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software)
SRV - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation)
SRV - (scan) -- C:\Programme\Common Files\BitDefender\BitDefender Threat Scanner\scan.dll (S.C. BitDefender S.R.L)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (TeamViewer5) -- C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (LIVESRV) -- C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe (BitDefender S.R.L.)
SRV - (EvtEng) Intel(R) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) Intel(R) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (CPUCooLServer) -- C:\Programme\CPUCooL\CooLSRV.exe ()
SRV - (MySQL) -- C:\xampp\mysql\bin\mysqld.exe (MySQL AB)
SRV - (Apache2.2) -- C:\xampp\apache\bin\httpd.exe (Apache Software Foundation)
SRV - (Arrakis3) -- C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe (BitDefender S.R.L. hxxp://www.bitdefender.com)
SRV - (ACDaemon) -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (StarMoney 7.0 OnlineUpdate) -- C:\Programme\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (LPDSVC) -- C:\Windows\System32\lpdsvc.dll (Microsoft Corporation)
SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (ftpsvc) -- C:\Windows\System32\inetsrv\ftpsvc.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (WMSVC) -- C:\Windows\System32\inetsrv\WMSvc.exe (Microsoft Corporation)
SRV - (simptcp) -- C:\Windows\System32\TCPSVCS.EXE (Microsoft Corporation)
SRV - (SNMP) -- C:\Windows\System32\snmp.exe (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\Windows\System32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (OMSI download service) -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ()
SRV - (HsfXAudioService) -- C:\Windows\System32\XAudio32.dll (Conexant Systems, Inc.)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (UNS) Intel(R) -- C:\Programme\Intel\AMT\UNS.exe (Intel Corporation)
SRV - (atchksrv) Intel(R) -- C:\Programme\Intel\AMT\atchksrv.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Programme\Intel\AMT\LMS.exe (Intel Corporation)
SRV - (TOSHIBA Bluetooth Service) -- C:\Programme\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (tcsd_win32.exe) -- C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe ()
SRV - (SecureStorageService) -- C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe (Wave Systems Corp.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (BDVEDISK) -- C:\Programme\BitDefender\BitDefender 2010\bdvedisk.sys (BitDefender)
DRV - (bdfwfpf) -- C:\Programme\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys (BitDefender LLC)
DRV - (BdfNdisf) -- C:\Windows\System32\drivers\BdfNdisf6.sys (BitDefender LLC)
DRV - (bdfsfltr) -- C:\Windows\system32\DRIVERS\bdfsfltr.sys (BitDefender)
DRV - (io.sys) -- C:\Windows\System32\drivers\io.sys ()
DRV - (avmaura) -- C:\Windows\System32\drivers\avmaura.sys (AVM Berlin)
DRV - (AF15BDA) -- C:\Windows\System32\drivers\AF15BDA.sys (ITETech                  )
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (BDFM) -- C:\Windows\System32\drivers\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (ntiopnp) -- C:\Windows\System32\drivers\ntiopnp.sys ()
DRV - (ntiomin) -- C:\Windows\System32\drivers\ntiomin.sys ()
DRV - (zebrbus) -- C:\Windows\System32\drivers\zebrbus.sys (MCCI)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (teamviewervpn) -- C:\Windows\System32\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (Profos) -- C:\Programme\Common Files\BitDefender\BitDefender Threat Scanner\profos.sys (BitDefender S.R.L.)
DRV - (tdrpman124) Acronis Try&Decide and Restore Points filter (build 124) -- C:\Windows\system32\DRIVERS\tdrpm124.sys (Acronis)
DRV - (snapman378) Acronis Snapshots Manager (Build 378) -- C:\Windows\system32\DRIVERS\snman378.sys (Acronis)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (MQAC) -- C:\Windows\System32\drivers\mqac.sys (Microsoft Corporation)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (RMCAST) -- C:\Windows\System32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (PsxDrv) -- C:\Windows\System32\drivers\psxdrv.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (AF9035BDA) -- C:\Windows\System32\drivers\AF9035BDA.sys (AfaTech                  )
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (Trufos) -- C:\Programme\Common Files\BitDefender\BitDefender Threat Scanner\trufos.sys (BitDefender S.R.L.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio32.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.)
DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.)
DRV - (TcUsb) -- C:\Windows\System32\drivers\tcusb.sys (UPEK Inc.)
DRV - (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) -- C:\Windows\System32\drivers\atswpdrv.sys (AuthenTec, Inc.)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Winbond Electronics Corp.)
DRV - (seehcri) -- C:\Windows\System32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (KeyAgent) -- C:\Windows\System32\drivers\KeyAgent.sys (Intel Corporation)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys (Intel Corporation)
DRV - (ISODrive) -- C:\Programme\UltraISO\drivers\ISODrive.sys (EZB Systems, Inc.)
DRV - (HECI) Intel(R) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (stmtpm) -- C:\Windows\system32\DRIVERS\stm_tpm.sys (STMicroelectronics, INC)
DRV - (wbms_vista_x86) -- C:\Windows\System32\drivers\wbms_vista_x86.sys (Winbond Electronics Corp.)
DRV - (DCamUSBGene) -- C:\Windows\System32\drivers\USBGENE.sys (Genesys Logic, Inc.)
DRV - (tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (wbsdmmc) -- C:\Windows\System32\drivers\wbsdmmc_vista_x86.sys (Winbond Electronics Corp.)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\HSFHWAZL.sys (Conexant Systems, Inc.)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)
DRV - (giveio) -- C:\Windows\System32\drivers\giveio.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F7 E9 F4 2F 3F E8 CA 01  [binary data]
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.order.1: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "megaup"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "megaup"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extension.gacela.network.proxy.autoconfig_url: "hxxp://nurago29.pop-hannover.net/gacela2/gacela2_pilot0903/autoproxyconfig.php?id=10901&type=FF&version=2.1.16"
FF - prefs.js..extension.gacela.network.proxy.type: 0
FF - prefs.js..extensions.enabledItems: fb_add_on@avm.de:1.5.5
FF - prefs.js..extensions.enabledItems: gmailthis@lazyrussian.com:2.2.9
FF - prefs.js..extensions.enabledItems: tabscope@xuldev.org:0.3.2
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.2
FF - prefs.js..extensions.enabledItems: {06C43693-2C7F-4beb-BB52-EF92C6CA0C44}:0.6.3
FF - prefs.js..extensions.enabledItems: {32D83016-0657-4cd3-B7D2-0B4D12CEC60E}:1.3.7
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.1
FF - prefs.js..extensions.enabledItems: {7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}:5.2.4.8
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.3
FF - prefs.js..extensions.enabledItems: {8620c15f-30dc-4dba-a131-7c5d20cf4a29}:2.0.3
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.3
FF - prefs.js..extensions.enabledItems: {aff87fa2-a58e-4edd-b852-0a20203c1e17}:0.7
FF - prefs.js..extensions.enabledItems: {ba243cb0-b824-4a26-9418-73ee795d9b9d}:1.0.3
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.3pre.100412a
FF - prefs.js..extensions.enabledItems: {f65bf62a-5ffc-4317-9612-38907a779583}:1.3.0
FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
FF - prefs.js..extensions.enabledItems: {1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}:2.4.14.1
FF - prefs.js..extensions.enabledItems: {EEE6C361-6118-11DC-9C72-001320C79847}:1.0.0.10
FF - prefs.js..extensions.enabledItems: {04CA07AB-7FC3-4110-A83F-EF1E6B75D5B0}:4.0.2
FF - prefs.js..extensions.enabledItems: {1AF3FC34-0725-4485-A939-6B40EB7CA96A}:1.8.1
FF - prefs.js..extensions.enabledItems: {2A10B180-05EF-11D9-8C50-444553540001}:2.6.6
FF - prefs.js..extensions.enabledItems: {3143B27B-F7DE-49d8-BF08-C2E4DEA71DBB}:1.0.2
FF - prefs.js..extensions.enabledItems: {36C13C8F-54F1-412e-8177-2E411719162D}:4.1.1
FF - prefs.js..extensions.enabledItems: {8803789a-23eb-44b4-bd48-6762fd320242}:1.0.20060118
FF - prefs.js..extensions.enabledItems: {a02c0c70-605c-11da-8cd6-0800200c9a66}:4.22
FF - prefs.js..extensions.enabledItems: {a81bafeb-b6ed-4501-aa17-15a2b3857e56}:3.5
FF - prefs.js..extensions.enabledItems: {bde351f9-0fcb-2fcf-3b9b-626f1f37d6e5}:0.8.2
FF - prefs.js..extensions.enabledItems: {bef86380-a99d-11da-a746-0800200c9a66}:1.0.1
FF - prefs.js..extensions.enabledItems: {c9c58820-7bd4-11da-a72b-0800200c9a66}:3.20100306
FF - prefs.js..extensions.enabledItems: {d3d70bca-2d54-425e-b02c-b7e2f4b07688}:3.5
FF - prefs.js..extensions.enabledItems: {e8cba685-830c-1283-6314-a6ae605cc7be}:2.0.1
FF - prefs.js..extensions.enabledItems: {F23DF9FE-E13C-4203-A3BF-61E8F8DC296C}:1.5.0.4
FF - prefs.js..keyword.URL: "hxxp://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..network.proxy.autoconfig_url: "hxxp://nurago29.pop-hannover.net/gacela2/gacela2_pilot0903/autoproxyconfig.php?id=10901&type=FF&version=2.1.16"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.3&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\FFToolbar@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ [2010.04.02 21:58:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.05.04 11:54:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.05.04 11:54:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird 3.0 Beta 3\components [2010.05.16 20:02:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\bdThunderbird@bitdefender.com: C:\Program Files\BitDefender\BitDefender 2010\bdtbext\ [2010.02.20 20:40:33 | 000,000,000 | ---D | M]
 
[2010.04.26 21:36:18 | 000,000,000 | ---D | M] -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Extensions
[2010.04.26 21:36:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.05.18 22:21:29 | 000,000,000 | ---D | M] -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions
[2010.04.25 23:32:35 | 000,000,000 | ---D | M] (Azerty III) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{04CA07AB-7FC3-4110-A83F-EF1E6B75D5B0}
[2010.04.25 23:32:35 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2010.04.25 23:32:36 | 000,000,000 | ---D | M] (Send Page By Email) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{06C43693-2C7F-4beb-BB52-EF92C6CA0C44}
[2010.04.25 23:32:36 | 000,000,000 | ---D | M] (Vista-aero) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}(21)
[2010.04.25 23:32:36 | 000,000,000 | ---D | M] (Metal Lion - Vista) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{1AF3FC34-0725-4485-A939-6B40EB7CA96A}
[2010.04.25 23:32:36 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2010.04.25 23:32:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.04.25 23:32:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{2A10B180-05EF-11D9-8C50-444553540001}
[2010.04.25 23:32:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{3143B27B-F7DE-49d8-BF08-C2E4DEA71DBB}
[2010.04.25 23:32:36 | 000,000,000 | ---D | M] (Open Link Host) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{32D83016-0657-4cd3-B7D2-0B4D12CEC60E}
[2010.04.25 23:32:36 | 000,000,000 | ---D | M] (Qute) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{36C13C8F-54F1-412e-8177-2E411719162D}
[2010.04.25 23:32:36 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2010.04.25 23:32:37 | 000,000,000 | ---D | M] (eBay Sidebar for Firefox) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}
[2010.04.25 23:32:37 | 000,000,000 | ---D | M] (ImageShack® Toolbar) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}
[2010.04.25 23:32:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.04.25 23:32:39 | 000,000,000 | ---D | M] (Nightly Tester Tools) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{8620c15f-30dc-4dba-a131-7c5d20cf4a29}
[2010.04.25 23:32:39 | 000,000,000 | ---D | M] (Netscape - Winscape) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{8803789a-23eb-44b4-bd48-6762fd320242}
[2010.04.25 23:32:39 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010.04.25 23:32:39 | 000,000,000 | ---D | M] (MR Tech Toolkit) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}
[2010.04.25 23:32:39 | 000,000,000 | ---D | M] (Noia 2.0 (eXtreme)) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{9f08cb5a-76b1-4bcf-aff9-90e1a5d60b1e}
[2010.04.25 23:32:40 | 000,000,000 | ---D | M] (PimpZilla) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{a02c0c70-605c-11da-8cd6-0800200c9a66}
[2010.04.25 23:32:40 | 000,000,000 | ---D | M] (jDownFF) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{a3b24d40-bac4-11dc-95ff-0800200c9a66}
[2010.04.25 23:32:40 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2010.04.25 23:32:40 | 000,000,000 | ---D | M] (iFox) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{a81bafeb-b6ed-4501-aa17-15a2b3857e56}
[2010.04.25 23:32:40 | 000,000,000 | ---D | M] (gTranslate) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{aff87fa2-a58e-4edd-b852-0a20203c1e17}
[2010.04.25 23:32:40 | 000,000,000 | ---D | M] (Password Exporter) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}
[2010.04.25 23:32:40 | 000,000,000 | ---D | M] (WataCrackaz AutoSMS) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{b422f337-27e5-4d5c-bb07-c189e7e7d7f2}
[2010.04.25 23:32:40 | 000,000,000 | ---D | M] (Bookmark Duplicate Detector) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{ba243cb0-b824-4a26-9418-73ee795d9b9d}
[2010.04.25 23:32:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{bde351f9-0fcb-2fcf-3b9b-626f1f37d6e5}
[2010.04.25 23:32:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{bef86380-a99d-11da-a746-0800200c9a66}
[2010.04.25 23:32:41 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2010.04.25 23:32:41 | 000,000,000 | ---D | M] (Plain Text to Link [de]) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{C90B0826-5A17-4970-A5BF-A43D22452E21}
[2010.04.25 23:32:45 | 000,000,000 | ---D | M] (iPox) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}
[2010.04.25 23:32:45 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2010.04.25 23:32:45 | 000,000,000 | ---D | M] (iFox Smooth) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{d3d70bca-2d54-425e-b02c-b7e2f4b07688}
[2010.04.25 23:32:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010.04.25 23:32:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{e8cba685-830c-1283-6314-a6ae605cc7be}
[2010.05.17 14:28:38 | 000,000,000 | ---D | M] (SweetIM Toolbar for Firefox) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
[2010.04.25 23:32:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{F23DF9FE-E13C-4203-A3BF-61E8F8DC296C}
[2010.04.25 23:32:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{f65bf62a-5ffc-4317-9612-38907a779583}
[2010.04.25 23:32:34 | 000,000,000 | ---D | M] -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\DTToolbar@toolbarnet.com
[2010.04.25 23:32:35 | 000,000,000 | ---D | M] -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\fb_add_on@avm.de
[2010.04.25 23:32:35 | 000,000,000 | ---D | M] -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\gmailthis@lazyrussian.com
[2010.04.25 23:32:35 | 000,000,000 | ---D | M] -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\qprefbtn@max.max
[2010.04.25 23:32:35 | 000,000,000 | ---D | M] -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\qtl.co.il@gmail.com
[2010.04.25 23:32:35 | 000,000,000 | ---D | M] -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\savesession@noasobi.net
[2010.04.25 23:32:35 | 000,000,000 | ---D | M] -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\speedtest@gotomyhelp.com
[2010.04.25 23:32:35 | 000,000,000 | ---D | M] -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\tabscope@xuldev.org
[2010.04.25 23:32:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}\chrome\mozapps\extensions
[2010.04.25 23:32:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\roadrunner1405\AppData\Roaming\mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}\chrome\mozapps\extensions\CVS
[2009.10.24 16:45:56 | 000,002,399 | ---- | M] () -- C:\Users\roadrunner1405\AppData\Roaming\Mozilla\FireFox\Profiles\jx3wb3ha.default\searchplugins\daemon-search.xml
[2010.05.13 20:12:43 | 000,000,950 | ---- | M] () -- C:\Users\roadrunner1405\AppData\Roaming\Mozilla\FireFox\Profiles\jx3wb3ha.default\searchplugins\icqplugin-1.xml
[2010.01.01 17:58:50 | 000,000,961 | ---- | M] () -- C:\Users\roadrunner1405\AppData\Roaming\Mozilla\FireFox\Profiles\jx3wb3ha.default\searchplugins\icqplugin-2.xml
[2010.01.10 20:38:48 | 000,000,961 | ---- | M] () -- C:\Users\roadrunner1405\AppData\Roaming\Mozilla\FireFox\Profiles\jx3wb3ha.default\searchplugins\icqplugin-3.xml
[2010.02.28 19:44:00 | 000,000,961 | ---- | M] () -- C:\Users\roadrunner1405\AppData\Roaming\Mozilla\FireFox\Profiles\jx3wb3ha.default\searchplugins\icqplugin-4.xml
[2010.03.12 20:07:44 | 000,000,950 | ---- | M] () -- C:\Users\roadrunner1405\AppData\Roaming\Mozilla\FireFox\Profiles\jx3wb3ha.default\searchplugins\icqplugin-5.xml
[2010.03.24 09:25:26 | 000,000,950 | ---- | M] () -- C:\Users\roadrunner1405\AppData\Roaming\Mozilla\FireFox\Profiles\jx3wb3ha.default\searchplugins\icqplugin-6.xml
[2010.03.25 20:37:24 | 000,000,950 | ---- | M] () -- C:\Users\roadrunner1405\AppData\Roaming\Mozilla\FireFox\Profiles\jx3wb3ha.default\searchplugins\icqplugin-7.xml
[2010.04.25 22:55:18 | 000,000,950 | ---- | M] () -- C:\Users\roadrunner1405\AppData\Roaming\Mozilla\FireFox\Profiles\jx3wb3ha.default\searchplugins\icqplugin-8.xml
[2010.05.15 17:24:43 | 000,000,950 | ---- | M] () -- C:\Users\roadrunner1405\AppData\Roaming\Mozilla\FireFox\Profiles\jx3wb3ha.default\searchplugins\icqplugin-9.xml
[2010.02.03 15:37:50 | 000,000,947 | ---- | M] () -- C:\Users\roadrunner1405\AppData\Roaming\Mozilla\FireFox\Profiles\jx3wb3ha.default\searchplugins\icqplugin.xml
[2009.11.11 22:04:22 | 000,002,108 | ---- | M] () -- C:\Users\roadrunner1405\AppData\Roaming\Mozilla\FireFox\Profiles\jx3wb3ha.default\searchplugins\qtl.xml
[2010.05.17 14:28:33 | 000,003,915 | ---- | M] () -- C:\Users\roadrunner1405\AppData\Roaming\Mozilla\FireFox\Profiles\jx3wb3ha.default\searchplugins\sweetim.xml
[2010.05.15 17:34:29 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.04.27 13:03:14 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010.05.19 16:00:12 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (SweetIM Toolbar Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programme\BitDefender\BitDefender 2010\ietoolbar.dll (BitDefender S.R.L.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (SweetIM Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [BDAgent] C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe (BitDefender S.R.L.)
O4 - HKLM..\Run: [MsmqIntCert] C:\Windows\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SweetIM] C:\Programme\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - Startup: C:\Users\roadrunner1405\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Firefox.lnk = C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
O4 - Startup: C:\Users\roadrunner1405\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Mozilla Thunderbird 3.0 Beta 3.lnk = C:\Programme\Mozilla Thunderbird 3.0 Beta 3\thunderbird.exe (Mozilla Messaging)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.1 - {71BFC818-0CED-42D6-9C87-5142918957EE} - C:\Programme\ICQ7.1\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\biolsp.dll (Wave Systems Corp.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\biolsp.dll (Wave Systems Corp.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\roadrunner1405\Pictures\Ines.jpg
O24 - Desktop BackupWallPaper: C:\Users\roadrunner1405\Pictures\Ines.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (wvauth) - C:\Windows\System32\wvauth.dll (Wave Systems Corp.)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.05.19 16:51:34 | 000,571,392 | ---- | C] (OldTimer Tools) -- C:\Users\roadrunner1405\Desktop\OTL.exe
[2010.05.19 16:00:14 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2010.05.19 15:57:19 | 000,000,000 | ---D | C] -- C:\Users\roadrunner1405\AppData\Local\temp
[2010.05.19 15:31:28 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010.05.19 15:31:28 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010.05.19 15:31:28 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010.05.19 15:31:12 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010.05.19 15:30:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010.05.19 15:29:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010.05.19 15:22:37 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.05.19 14:57:13 | 003,382,520 | ---- | C] (Piriform Ltd) -- C:\Users\roadrunner1405\Desktop\ccsetup231.exe
[2010.05.19 14:24:48 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2010.05.18 19:15:49 | 000,000,000 | ---D | C] -- C:\Users\roadrunner1405\Desktop\NDS Kernel Utility
[2010.05.18 17:58:59 | 000,000,000 | ---D | C] -- C:\Users\roadrunner1405\Desktop\NDS
[2010.05.18 17:27:53 | 000,000,000 | ---D | C] -- C:\Users\roadrunner1405\Desktop\NAVIGONSD
[2010.05.17 23:05:22 | 000,000,000 | ---D | C] -- C:\Users\roadrunner1405\Desktop\Avatar
[2010.05.17 17:23:27 | 000,000,000 | ---D | C] -- C:\Users\roadrunner1405\Desktop\Alarmanlage
[2010.05.17 14:28:23 | 000,000,000 | ---D | C] -- C:\Programme\SweetIM
[2010.05.17 14:28:23 | 000,000,000 | ---D | C] -- C:\ProgramData\SweetIM
[2010.05.16 19:58:30 | 000,000,000 | ---D | C] -- C:\Users\roadrunner1405\Desktop\Robin Hood
[2010.05.16 13:48:48 | 000,000,000 | ---D | C] -- C:\Users\roadrunner1405\Desktop\Navteq Deutschland 2009 -2010
[2010.05.16 03:13:25 | 000,000,000 | ---D | C] -- C:\Users\roadrunner1405\Desktop\Iron.Man.2.TELESYNC.German.XviD-2Brothers
[2010.05.15 23:57:01 | 000,000,000 | ---D | C] -- C:\Users\roadrunner1405\Desktop\Kampf.der.Titanen.2010.TS.LD.German.PROPER2.XViD.Chefflo
[2010.05.15 17:03:06 | 000,000,000 | ---D | C] -- C:\Programme\ICQ7.1
[2010.05.12 12:10:54 | 003,648,320 | ---- | C] (AVM Gmbh) -- C:\Users\roadrunner1405\Desktop\AVM_TAPI_Services_for_FRITZ!Box.exe
[2010.05.10 20:42:23 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010.05.10 20:42:23 | 000,133,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecpkg.sys
[2010.05.08 14:25:37 | 000,000,000 | ---D | C] -- C:\Users\roadrunner1405\Documents\Turbo Lister Backup
[2010.05.07 21:15:40 | 000,000,000 | ---D | C] -- C:\Users\roadrunner1405\Documents\KMPlayer
[2010.05.07 21:15:29 | 000,000,000 | ---D | C] -- C:\Programme\The KMPlayer
[2010.05.07 21:02:24 | 000,000,000 | ---D | C] -- C:\Users\roadrunner1405\AppData\Local\ratDVD
[2010.05.07 21:02:03 | 000,000,000 | ---D | C] -- C:\Programme\ratDVD
[2010.05.07 15:32:46 | 000,000,000 | ---D | C] -- C:\Users\roadrunner1405\AppData\Local\Diagnostics
[2010.05.05 13:07:51 | 000,000,000 | ---D | C] -- C:\Users\roadrunner1405\Documents\Turbo Lister
[2010.05.05 12:56:56 | 000,000,000 | ---D | C] -- C:\Programme\eBay
[2010.05.05 12:56:56 | 000,000,000 | ---D | C] -- C:\ProgramData\eBay
[2010.05.04 12:12:46 | 000,000,000 | ---D | C] -- C:\Users\roadrunner1405\AppData\Local\FixItCenter
[2010.05.04 11:58:15 | 000,000,000 | ---D | C] -- C:\Windows\CheckSur
[2010.05.04 11:54:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2010.05.04 11:50:49 | 000,000,000 | ---D | C] -- C:\Windows\MATS
[2010.05.04 11:50:48 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Fix it Center
[2010.05.04 00:44:30 | 000,000,000 | ---D | C] -- C:\Programme\Registry Easy
[2010.05.03 19:18:38 | 000,000,000 | ---D | C] -- C:\Programme\Trend Micro
[2010.04.28 08:28:01 | 000,000,000 | ---D | C] -- C:\Users\roadrunner1405\Documents\a-squared Free
[2010.04.28 08:28:01 | 000,000,000 | ---D | C] -- C:\Programme\a-squared Free
[2010.04.27 15:59:33 | 000,000,000 | R--D | C] -- C:\Users\Public\Documents\C64 Files
[2010.04.27 15:59:33 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\Cloanto
[2010.04.27 15:59:33 | 000,000,000 | ---D | C] -- C:\Programme\Cloanto
[2010.04.27 15:59:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Cloanto
[2010.04.27 14:10:41 | 000,000,000 | ---D | C] -- C:\Users\roadrunner1405\Desktop\C64
[2010.04.27 12:25:32 | 000,030,024 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll
[2010.04.27 12:10:19 | 000,030,536 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe
[2010.04.27 12:09:34 | 000,000,000 | ---D | C] -- C:\Programme\TuneUp Utilities 2010
[2010.04.27 12:07:58 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2010.04.27 11:45:41 | 000,000,000 | ---D | C] -- C:\Programme\Unlocker
[2010.04.26 22:37:15 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2010.04.26 22:35:02 | 000,000,000 | ---D | C] -- C:\Programme\GridinSoft Trojan Killer
[2010.04.26 22:13:13 | 000,000,000 | ---D | C] -- C:\Programme\QSoft
[2010.04.26 22:12:13 | 000,000,000 | ---D | C] -- C:\Programme\NoVirusThanks
[2010.04.26 22:07:00 | 000,000,000 | ---D | C] -- C:\Users\roadrunner1405\Documents\Simply Super Software
[2010.04.26 22:06:45 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll
[2010.04.26 22:06:42 | 000,000,000 | ---D | C] -- C:\Programme\Trojan Remover
[2010.04.26 22:06:42 | 000,000,000 | ---D | C] -- C:\Users\roadrunner1405\AppData\Roaming\Simply Super Software
[2010.04.26 22:06:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2010.04.26 17:56:28 | 000,000,000 | ---D | C] -- C:\Users\roadrunner1405\Desktop\Stargate Universe S01e13 german sub HDTV XVID - FQ
[2010.04.26 17:52:53 | 000,000,000 | ---D | C] -- C:\Users\roadrunner1405\Desktop\Stargate Universe - 1x14 - Human
[2010.04.26 11:00:24 | 000,209,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tabctl32.ocx
[2010.04.26 11:00:24 | 000,115,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Msinet.ocx
[2010.04.26 11:00:24 | 000,000,000 | ---D | C] -- C:\ZL_DB_CCcam_SoftCam_Control
[2010.04.25 23:15:47 | 000,000,000 | ---D | C] -- C:\Users\roadrunner1405\AppData\Roaming\Mozilla
[2010.04.25 23:15:47 | 000,000,000 | ---D | C] -- C:\Users\roadrunner1405\AppData\Local\Mozilla
[2010.04.25 23:15:39 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2010.04.25 18:54:07 | 000,000,000 | ---D | C] -- C:\Users\roadrunner1405\Desktop\Navi
[2010.04.25 12:22:26 | 000,000,000 | ---D | C] -- C:\Programme\WindowsServices
[2010.04.25 12:22:22 | 000,364,032 | ---- | C] (CoreCodec) -- C:\Windows\System32\CoreAVCDecoder.ax
[2010.04.25 12:22:20 | 000,000,000 | ---D | C] -- C:\Programme\TimHillOne
[2010.04.25 10:34:12 | 000,000,000 | ---D | C] -- C:\Users\roadrunner1405\Desktop\Lena Meyer Landrut Unser Star für Oslo - Satellite
[2010.04.24 15:18:19 | 000,000,000 | ---D | C] -- C:\Users\roadrunner1405\Desktop\FULL - Assassins Creed II DVD5 - GENTi
[2010.04.24 13:05:58 | 000,000,000 | ---D | C] -- C:\Programme\PGWARE
[2010.04.23 16:59:54 | 001,044,480 | R--- | C] (eHelp Corporation.) -- C:\Windows\System32\roboex32.dll
[2010.04.23 16:59:54 | 000,049,152 | R--- | C] (Blue Sky Software Corporation.) -- C:\Windows\System32\inetwh32.dll
 
========== Files - Modified Within 30 Days ==========
 
[2010.05.19 16:56:39 | 002,883,584 | -HS- | M] () -- C:\Users\roadrunner1405\NTUSER.DAT
[2010.05.19 16:51:34 | 000,571,392 | ---- | M] (OldTimer Tools) -- C:\Users\roadrunner1405\Desktop\OTL.exe
[2010.05.19 16:24:28 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.19 16:24:28 | 000,017,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.19 16:00:18 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010.05.19 16:00:12 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010.05.19 15:59:15 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.19 15:58:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.19 15:58:49 | 1577,275,392 | -HS- | M] () -- C:\hiberfil.sys
[2010.05.19 15:44:52 | 000,000,052 | ---- | M] () -- C:\Windows\System32\ashttpstats.csv
[2010.05.19 15:26:40 | 000,021,368 | ---- | M] () -- C:\Users\roadrunner1405\Desktop\cc_20100519_152631.reg
[2010.05.19 14:57:23 | 003,382,520 | ---- | M] (Piriform Ltd) -- C:\Users\roadrunner1405\Desktop\ccsetup231.exe
[2010.05.19 14:55:32 | 003,691,277 | R--- | M] () -- C:\Users\roadrunner1405\Desktop\ComboFix.exe
[2010.05.18 00:07:03 | 000,003,584 | ---- | M] () -- C:\Users\roadrunner1405\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.17 18:06:35 | 000,016,946 | ---- | M] () -- C:\Users\roadrunner1405\Desktop\996389782_2.jpg
[2010.05.13 10:22:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\phar_unmip.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\phar_histprot.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_webproxy.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_video.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_tabloids.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_socialnetworks.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_searchengines.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_regionaltlds.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_pornography.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_onlineshop.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_onlinepay.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_onlinedating.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_news.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_im.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_illegal.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_hate.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_games.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_gambling.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | M] () -- C:\Windows\System32\pc_drugs.dat
[2010.05.12 12:11:01 | 003,648,320 | ---- | M] (AVM Gmbh) -- C:\Users\roadrunner1405\Desktop\AVM_TAPI_Services_for_FRITZ!Box.exe
[2010.05.12 11:38:29 | 000,001,606 | ---- | M] () -- C:\Users\roadrunner1405\Desktop\Überweisungen.rtf
[2010.05.10 20:33:58 | 000,171,136 | RHS- | M] () -- C:\loadmgr
[2010.05.10 20:21:27 | 002,779,605 | -H-- | M] () -- C:\Users\roadrunner1405\AppData\Local\IconCache.db
[2010.05.10 14:56:07 | 000,072,784 | ---- | M] (BitDefender LLC) -- C:\Windows\System32\drivers\BdfNdisf6.sys
[2010.05.10 14:05:30 | 000,000,112 | ---- | M] () -- C:\ProgramData\ge8aaiu.dat
[2010.05.07 21:28:18 | 000,000,194 | ---- | M] () -- C:\Users\roadrunner1405\AppData\Roaming\default.rss
[2010.05.07 21:11:01 | 000,002,853 | ---- | M] () -- C:\ProgramData\hQrLb0N2.PIF
[2010.05.07 21:03:39 | 000,068,610 | ---- | M] () -- C:\ProgramData\hQrLb0N2.exe
[2010.05.04 20:43:59 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\OV9655S.SET
[2010.05.04 12:39:56 | 000,000,036 | ---- | M] () -- C:\Users\roadrunner1405\AppData\Local\housecall.guid.cache
[2010.05.04 12:05:39 | 000,000,042 | ---- | M] () -- C:\Windows\System32\RegistryEasy.lie
[2010.04.27 19:59:24 | 000,001,844 | ---- | M] () -- C:\Users\roadrunner1405\Desktop\UseNeXT.lnk
[2010.04.27 16:27:19 | 000,002,644 | ---- | M] () -- C:\Users\roadrunner1405\Documents\C64 Files.lnk
[2010.04.27 15:59:43 | 000,002,179 | ---- | M] () -- C:\Users\Public\Documents\C64 Files.lnk
[2010.04.27 13:25:05 | 000,079,676 | ---- | M] () -- C:\Users\Public\Documents\Fingerprint Backup.fpbak
[2010.04.26 15:58:12 | 000,256,512 | ---- | M] () -- C:\Windows\PEV.exe
[2010.04.26 09:25:22 | 009,179,345 | ---- | M] () -- C:\Users\roadrunner1405\Desktop\Elton John & Kiki Dee - Don't Go Breaking My Heart (Long Ultrasound Version).mp3
[2010.04.25 23:15:42 | 000,001,926 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.04.25 23:03:56 | 037,102,791 | ---- | M] () -- C:\Firefox 3.6.3 (de) - 2010-04-25.pcv
[2010.04.25 10:38:15 | 009,627,278 | ---- | M] () -- C:\Users\roadrunner1405\Desktop\02.David Bisbal & K'naan - Waving Flag (Sud Africa 2010).mp3
[2010.04.24 00:01:15 | 002,950,726 | ---- | M] () -- C:\Users\roadrunner1405\Desktop\zinn.pdf
[2010.04.23 16:59:54 | 001,044,480 | R--- | M] (eHelp Corporation.) -- C:\Windows\System32\roboex32.dll
[2010.04.23 16:59:54 | 000,049,152 | R--- | M] (Blue Sky Software Corporation.) -- C:\Windows\System32\inetwh32.dll
 
========== Files Created - No Company Name ==========
 
[2010.05.19 15:31:28 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010.05.19 15:31:28 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010.05.19 15:31:28 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010.05.19 15:31:28 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010.05.19 15:31:28 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010.05.19 15:26:37 | 000,021,368 | ---- | C] () -- C:\Users\roadrunner1405\Desktop\cc_20100519_152631.reg
[2010.05.19 14:55:13 | 003,691,277 | R--- | C] () -- C:\Users\roadrunner1405\Desktop\ComboFix.exe
[2010.05.17 18:06:32 | 000,016,946 | ---- | C] () -- C:\Users\roadrunner1405\Desktop\996389782_2.jpg
[2010.05.13 10:22:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\phar_unmip.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\phar_histprot.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_webproxy.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_video.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_tabloids.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_socialnetworks.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_searchengines.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_regionaltlds.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_pornography.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlineshop.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlinepay.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_onlinedating.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_news.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_im.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_illegal.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_hate.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_games.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_gambling.dat
[2010.05.13 10:22:10 | 000,000,000 | ---- | C] () -- C:\Windows\System32\pc_drugs.dat
[2010.05.12 11:38:29 | 000,001,606 | ---- | C] () -- C:\Users\roadrunner1405\Desktop\Überweisungen.rtf
[2010.05.11 13:22:04 | 735,221,760 | ---- | C] () -- C:\Users\roadrunner1405\Desktop\xcopy-cfever2.avi
[2010.05.11 13:21:29 | 731,799,552 | ---- | C] () -- C:\Users\roadrunner1405\Desktop\0ptimus-nimido-xvid.avi
[2010.05.10 20:33:58 | 000,171,136 | RHS- | C] () -- C:\loadmgr
[2010.05.07 21:11:01 | 000,002,853 | ---- | C] () -- C:\ProgramData\hQrLb0N2.PIF
[2010.05.07 20:56:00 | 000,003,584 | ---- | C] () -- C:\Users\roadrunner1405\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.05.05 10:44:16 | 000,000,112 | ---- | C] () -- C:\ProgramData\ge8aaiu.dat
[2010.05.05 10:44:12 | 000,068,610 | ---- | C] () -- C:\ProgramData\hQrLb0N2.exe
[2010.05.04 20:43:59 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\OV9655S.SET
[2010.05.04 12:39:56 | 000,000,036 | ---- | C] () -- C:\Users\roadrunner1405\AppData\Local\housecall.guid.cache
[2010.05.04 12:05:39 | 000,000,042 | ---- | C] () -- C:\Windows\System32\RegistryEasy.lie
[2010.04.27 19:59:24 | 000,001,844 | ---- | C] () -- C:\Users\roadrunner1405\Desktop\UseNeXT.lnk
[2010.04.27 16:00:06 | 000,002,644 | ---- | C] () -- C:\Users\roadrunner1405\Documents\C64 Files.lnk
[2010.04.27 16:00:06 | 000,002,179 | ---- | C] () -- C:\Users\Public\Documents\C64 Files.lnk
[2010.04.27 13:25:04 | 000,079,676 | ---- | C] () -- C:\Users\Public\Documents\Fingerprint Backup.fpbak
[2010.04.26 22:06:45 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2010.04.26 22:06:45 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2010.04.26 22:06:45 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2010.04.26 22:06:45 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2010.04.26 09:31:00 | 009,179,345 | ---- | C] () -- C:\Users\roadrunner1405\Desktop\Elton John & Kiki Dee - Don't Go Breaking My Heart (Long Ultrasound Version).mp3
[2010.04.25 23:15:42 | 000,001,926 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.04.25 23:03:32 | 037,102,791 | ---- | C] () -- C:\Firefox 3.6.3 (de) - 2010-04-25.pcv
[2010.04.25 12:22:22 | 000,167,936 | ---- | C] () -- C:\Windows\System32\CoreAACDecoder.ax
[2010.04.25 10:39:39 | 009,627,278 | ---- | C] () -- C:\Users\roadrunner1405\Desktop\02.David Bisbal & K'naan - Waving Flag (Sud Africa 2010).mp3
[2010.04.24 00:00:56 | 002,950,726 | ---- | C] () -- C:\Users\roadrunner1405\Desktop\zinn.pdf
[2010.03.29 22:58:31 | 000,005,152 | ---- | C] () -- C:\Windows\System32\drivers\io.sys
[2010.03.29 22:58:16 | 000,046,592 | ---- | C] () -- C:\Windows\System32\io.dll
[2010.03.29 22:58:16 | 000,046,592 | ---- | C] () -- C:\Windows\io.dll
[2010.03.22 20:21:33 | 000,005,248 | ---- | C] () -- C:\Windows\System32\drivers\giveio.sys
[2010.03.16 22:00:00 | 000,110,080 | ---- | C] () -- C:\Windows\System32\nLame.dll
[2010.03.16 22:00:00 | 000,023,040 | ---- | C] () -- C:\Windows\System32\auth.dll
[2010.01.07 16:59:34 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.01.03 20:28:18 | 000,012,800 | ---- | C] () -- C:\Windows\System32\drivers\ntiopnp.sys
[2010.01.03 20:28:18 | 000,011,392 | ---- | C] () -- C:\Windows\System32\drivers\ntiomin.sys
[2009.12.24 01:57:48 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.11.25 22:03:24 | 000,000,121 | ---- | C] () -- C:\Windows\bdagent.INI
[2009.11.15 21:59:42 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2009.10.25 19:53:40 | 000,009,728 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2009.10.18 11:27:51 | 000,000,141 | ---- | C] () -- C:\Windows\Altair.INI
[2009.09.11 12:40:56 | 000,000,097 | ---- | C] () -- C:\Windows\WirelessFTP.INI
[2009.09.09 12:47:20 | 000,000,184 | ---- | C] () -- C:\Windows\KTEL.INI
[2009.09.05 15:06:38 | 000,281,760 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2009.09.05 15:06:38 | 000,025,888 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2009.08.25 15:58:27 | 001,736,704 | ---- | C] () -- C:\Windows\System32\Tsp1.dll
[2009.08.25 15:56:55 | 000,106,496 | ---- | C] () -- C:\Windows\System32\bioapi100.dll
[2009.08.25 15:56:54 | 000,143,360 | ---- | C] () -- C:\Windows\System32\bioapi_mds300.dll
[2009.08.25 15:24:35 | 000,000,227 | ---- | C] () -- C:\Windows\hbcikrnl.ini
[2009.08.25 14:04:37 | 000,000,069 | ---- | C] () -- C:\Windows\wininit.ini
[2009.08.23 23:43:26 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.23 00:06:50 | 000,000,000 | ---- | C] () -- C:\Windows\tosOBEX.INI
[2009.08.22 18:35:04 | 000,515,328 | ---- | C] () -- C:\Windows\System32\drivers\USBGENE1.sys
[2009.08.22 18:35:04 | 000,232,704 | ---- | C] () -- C:\Windows\System32\drivers\USBGENE0.sys
[2009.08.22 17:25:05 | 000,266,240 | ---- | C] () -- C:\Windows\System32\EMSC.dll
[2009.08.16 11:08:36 | 000,178,176 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.05.29 16:52:26 | 000,204,800 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.05.29 16:47:06 | 000,881,664 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2009.01.15 13:45:34 | 000,181,248 | ---- | C] () -- C:\Windows\System32\txmlutil.dll
[2008.09.12 16:21:02 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2007.08.16 15:17:50 | 000,143,360 | ---- | C] () -- C:\Windows\System32\nsldap32v50.dll
[2007.02.05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2007.01.31 14:50:32 | 000,913,408 | ---- | C] () -- C:\Windows\System32\xreglib.dll
[2007.01.31 13:09:46 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_pt.dll
[2007.01.31 13:09:26 | 000,077,824 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHT.dll
[2007.01.31 13:09:06 | 000,077,824 | ---- | C] () -- C:\Windows\System32\Internationalization_ko.dll
[2007.01.31 13:08:46 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_es.dll
[2007.01.31 13:08:26 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Internationalization_ru.dll
[2007.01.31 13:08:06 | 000,081,920 | ---- | C] () -- C:\Windows\System32\Internationalization_ja.dll
[2007.01.31 13:07:46 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_it.dll
[2007.01.31 13:07:26 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_de.dll
[2007.01.31 13:07:04 | 000,094,208 | ---- | C] () -- C:\Windows\System32\Internationalization_fr.dll
[2007.01.31 13:06:46 | 000,073,728 | ---- | C] () -- C:\Windows\System32\Internationalization_zh-CHS.dll
[2007.01.30 17:43:20 | 000,237,568 | ---- | C] () -- C:\Windows\System32\AmRes_en.dll
[2007.01.30 17:37:10 | 000,253,952 | ---- | C] () -- C:\Windows\System32\AmRes_de.dll
[2007.01.30 17:37:08 | 000,253,952 | ---- | C] () -- C:\Windows\System32\AmRes_es.dll
[2007.01.30 17:37:08 | 000,217,088 | ---- | C] () -- C:\Windows\System32\AmRes_zh-CHS.dll
[2007.01.30 17:37:06 | 000,253,952 | ---- | C] () -- C:\Windows\System32\AmRes_it.dll
[2007.01.30 17:37:06 | 000,253,952 | ---- | C] () -- C:\Windows\System32\AmRes_fr.dll
[2007.01.30 17:37:04 | 000,266,240 | ---- | C] () -- C:\Windows\System32\AmRes_ru.dll
[2007.01.30 17:37:04 | 000,233,472 | ---- | C] () -- C:\Windows\System32\AmRes_ja.dll
[2007.01.30 17:37:02 | 000,241,664 | ---- | C] () -- C:\Windows\System32\AmRes_ko.dll
[2007.01.30 17:37:02 | 000,212,992 | ---- | C] () -- C:\Windows\System32\AmRes_zh-CHT.dll
[2007.01.30 17:37:00 | 000,237,568 | ---- | C] () -- C:\Windows\System32\AmRes_pt-BR.dll
[2007.01.02 09:14:20 | 000,835,584 | ---- | C] () -- C:\Windows\System32\DemoLicense.dll
[2006.12.05 13:05:04 | 000,114,688 | ---- | C] () -- C:\Windows\System32\TosBtAcc.dll
[2005.12.21 16:57:04 | 000,024,576 | ---- | C] () -- C:\Windows\System32\nsldappr32v50.dll
[2005.12.21 16:54:34 | 000,040,960 | ---- | C] () -- C:\Windows\System32\nsldapssl32v50.dll
[2005.07.22 21:30:18 | 000,065,536 | ---- | C] () -- C:\Windows\System32\TosCommAPI.dll
[2004.09.10 12:34:00 | 000,917,504 | ---- | C] () -- C:\Windows\System32\lmgr10.dll
[2004.09.10 12:34:00 | 000,057,344 | ---- | C] () -- C:\Windows\System32\ADsSecurity.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:CB0AACC9
< End of report >
         

Alt 19.05.2010, 17:03   #5
roadrunner14
 
Firefox öffnet bei suche in Google mehrmals falsche links  vor dem richtigen - Standard

Firefox öffnet bei suche in Google mehrmals falsche links vor dem richtigen



hier die log Extras

Code:
ATTFilter
OTL Extras logfile created on: 19.05.2010 16:55:08 - Run 1
OTL by OldTimer - Version 3.2.4.1     Folder = C:\Users\roadrunner1405\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): c:\pagefile.sys 5000 5000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232,88 Gb Total Space | 9,88 Gb Free Space | 4,24% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ROADRUNNER-NB
Current User Name: roadrunner1405
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\Windows\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = Reg Error: Key error.] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
wsffile [open] -- %SystemRoot%\System32\CScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.1 Build #2096 Banner Remover 1.0
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP540_series" = Canon MP540 series MP Drivers
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{121A64FD-6D62-40A1-BDE3-F9A590A2B96B}" = Intel(R) Mobile Utility (T)
"{131A2659-99A9-4A89-B012-22A898EAE9DA}" = EMBASSY Security Center Lite
"{196B7B22-A476-4906-B4D5-C587103A2A5A}" = SweetIM for Messenger 3.0
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{2e6dc16e-eeda-4278-aafa-021e7f925a16}" = Nero 9 Trial
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2FFE93F0-BB72-4E52-8761-354D1AAA9387}" = Sony Ericsson PC Suite 6.009.00
"{30BBEF79-9C46-4063-93C0-2FD4FF862C24}" = W83L5X8
"{31E8F586-4EF7-4500-844D-BA8756474FF1}" = Windows Automated Installation Kit
"{329304C3-75E2-4648-BCF3-86CDAF08567F}" = Xirrus Wi-Fi Inspector
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{37C8899D-FD70-481F-94AA-1F1B08765E22}" = Acronis True Image Home
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}" = Genesys PC Camera Device
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{449A16C4-83B3-426C-AA4A-00A34E80C093}" = Smart Battery
"{4664D722-33D1-4B4A-A317-1E64178B7A97}" = BitDefender Internet Security 2010
"{52210D57-0B1F-4681-90DD-8659DF4BCC40}" = Moorhuhn Remake
"{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5FAFB6EB-B749-4D96-88CD-CBF7AD39A78C}" = C64 Forever
"{616A9B24-448B-4DF3-926A-C4141FCD692C}_is1" = Hijack Hunter 1.7
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{63988D27-DA4D-4C1E-99C6-50F1CF5D4A2A}" = Fingerprint Sensor Minimum Install
"{63B9224A-89C9-44E6-8252-5F2F73A71C54}" = StarMoney
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6415406D-3026-4A32-91B9-422B87EEC446}_is1" = Versione 2.3
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F7C27E1-63B5-4149-93B2-CDAEE27974A8}" = Wave Infrastructure Installer
"{71BFC818-0CED-42D6-9C87-5142918957EE}" = ICQ7.1
"{725F7446-EAC3-4279-97EF-5A5F6A9F6BF8}" = STMicroelectronics TPM Software Package
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74292F90-895A-4FC6-A692-9641532B1B63}" = ArcSoft TotalMedia 3.5
"{74B58083-B5B9-46a5-847C-248F97FF2A56}" = Topfield Tools
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{77C1B8D7-1283-48A4-BD79-79FA37064A13}" = Lenovo Fingerprint Software
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{7A27764B-5434-4DAA-BD43-3ACF4FFCD7FE}" = SweetIM Toolbar for Internet Explorer 3.8
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8686D4FE-62EF-46FB-B9FD-00679EB381FF}_is1" = Trojan Killer 2.0
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{879C52A2-FF9A-4CB5-BB74-B0DA994ABB2A}" = StarMoney
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C0CAA7A-3272-4991-A808-2C7559DE3409}" = Win7codecs
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0015-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}_PROR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}_PROR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0407-0000-0000000FF1CE}_PROR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{94DF3F23-B26F-42EF-8BC5-55EFE3F02D8F}" = Winbond TPM Device Driver
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A618BB0D-8B88-45FF-83CD-783B4AE59AA0}" = NTRU TCG Software Stack
"{A7EDFF3B-C518-4A66-A0DE-8D625481BE56}" = StarMoney 7.0 
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{ABBA2EA4-740E-4052-902B-9CA70B081E3F}" = Embassy Security Center
"{AC61C594-5F86-4BE9-ABAF-763C6A8E2302}" = Silent Hunter 5
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader
"{B7588D45-AFDC-4C93-9E2E-A100F3554B64}" = Microsoft Fix it Center
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B90E5EBE-DF18-44D5-9D18-689ADEE9DA6C}" = Intel(R) PROSet/Wireless WiFi-Software
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DDD0A758-F44C-47D3-8E88-692FFF775127}" = Intel(R) PRO Network Connections 12.3.31.0
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E6095BEA-8C97-4342-B771-13BB72AC1D88}" = biolsp patch
"{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FBE5AA96-22F0-4C4A-8E92-4BE3498D4CCB}" = Media Go
"{FBEC50B7-537C-4A0E-8B0B-F7A8F8BF13CE}" = upekmsi
"{FEF06E73-A519-4510-8CF3-B66041B91D8A}" = EMSC
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Alive DVD Ripper_is1" = Alive DVD Ripper (version 3.2.6.2)
"a-squared Free_is1" = a-squared Free 4.5
"CCleaner" = CCleaner
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"CPUCooL" = CPUCooL (remove only)
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"Easy WiFi Radar" = Easy WiFi Radar 1.0.5
"ENTERPRISE" = Microsoft Office Enterprise 2007
"H264WebCam 3.68_is1" = H264WebCam ver3.68
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HECI" = Intel(R) Management Engine Interface
"HijackThis" = HijackThis 2.0.2
"ICQToolbar" = ICQ Toolbar
"InstallShield_{07D618CD-B016-438A-ADC9-A75BD23F85CE}" = Wave Support Software
"InstallShield_{131A2659-99A9-4A89-B012-22A898EAE9DA}" = EMBASSY Security Center Lite
"InstallShield_{329304C3-75E2-4648-BCF3-86CDAF08567F}" = Xirrus Wi-Fi Inspector
"InstallShield_{449A16C4-83B3-426C-AA4A-00A34E80C093}" = Smart Battery
"InstallShield_{53333479-6A52-4816-8497-5C52B67ED339}" = EMBASSY Security Setup
"InstallShield_{D1E829E9-88B8-47C6-A75E-0D40E2C09D50}" = Secure Update
"InstallShield_{E738A392-F690-4A9D-808E-7BAF80E0B398}" = ESC Home Page Plugin
"JDownloader" = JDownloader
"MESOL" = Intel(R) Active Management Technology Device Software
"MozBackup" = MozBackup 1.4.9
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"Mozilla Thunderbird (3.0.5)" = Mozilla Thunderbird (3.0.5)
"phonostar3RadioPlayer_is1" = phonostar-Player Version 3.01.1
"ProInst" = Intel PROSet Wireless
"PROR" = Microsoft Office Professional 2007-Testversion
"PROSetDX" = Intel(R) PRO Network Connections 12.3.31.0
"ratDVD" = ratDVD 0.78.1444
"Registry Easy_is1" = Registry Easy v5.6
"TeamViewer 5" = TeamViewer 5
"The KMPlayer" = The KMPlayer (remove only)
"TopfHDRW" = TopfHDRead/Write V0.20
"Trojan Remover_is1" = Trojan Remover 6.8.1
"TuneUp Utilities" = TuneUp Utilities
"TVWiz" = Intel(R) TV Wizard
"UltraISO_is1" = UltraISO Premium V8.65
"Unlocker" = Unlocker 1.8.9
"Update Service" = Update Service
"UseNeXT_is1" = UseNeXT
"VLC media player" = VLC media player 1.0.0
"vLite_is1" = vLite
"Willem Eprom PCB50 Version 0.98D10_is1" = EPROM PCB50a(0.98D10)
"WinAce Archiver" = WinAce Archiver
"WinRAR archiver" = WinRAR
"X3TerranConflict_is1" = X3 Terran Conflict v1.0.1
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{F4BAE02E-749C-4A69-9794-FD7019FD8820}" = klickTel OEM Frühjahr 2009
"f018cf21c0452c64" = AVM FRITZ!Box USB-Fernanschluss
 
========== Last 10 Event Log Errors ==========
 
Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!
 
< End of report >
         


Alt 19.05.2010, 19:32   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Firefox öffnet bei suche in Google mehrmals falsche links  vor dem richtigen - Standard

Firefox öffnet bei suche in Google mehrmals falsche links vor dem richtigen



Malwarebytes vergessen?
__________________
--> Firefox öffnet bei suche in Google mehrmals falsche links vor dem richtigen

Alt 19.05.2010, 19:56   #7
roadrunner14
 
Firefox öffnet bei suche in Google mehrmals falsche links  vor dem richtigen - Standard

Firefox öffnet bei suche in Google mehrmals falsche links vor dem richtigen



Zitat:
Zitat von cosinus Beitrag anzeigen
Malwarebytes vergessen?
Jau. Ist mir entfallen. Habs mal laufen lassen und es wurden 4 Rootkits gefunden und entfernt.

Zitat:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4117

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

19.05.2010 19:53:46
mbam-log-2010-05-19 (19-53-46).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 147179
Laufzeit: 11 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 4
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Alt 19.05.2010, 19:59   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Firefox öffnet bei suche in Google mehrmals falsche links  vor dem richtigen - Standard

Firefox öffnet bei suche in Google mehrmals falsche links vor dem richtigen



Ich wollte aber einen Vollscan sehen...
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 19.05.2010, 20:05   #9
roadrunner14
 
Firefox öffnet bei suche in Google mehrmals falsche links  vor dem richtigen - Standard

Firefox öffnet bei suche in Google mehrmals falsche links vor dem richtigen



Oh mann, ich werd alt. Kommt gleich.

Alt 19.05.2010, 22:24   #10
roadrunner14
 
Firefox öffnet bei suche in Google mehrmals falsche links  vor dem richtigen - Standard

Firefox öffnet bei suche in Google mehrmals falsche links vor dem richtigen



So hier das log

Zitat:
Malwarebytes' Anti-Malware 1.46
Malwarebytes

Datenbank Version: 4117

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

19.05.2010 22:12:42
mbam-log-2010-05-19 (22-12-42).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 343769
Laufzeit: 2 Stunde(n), 4 Minute(n), 33 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Alt 20.05.2010, 09:36   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Firefox öffnet bei suche in Google mehrmals falsche links  vor dem richtigen - Standard

Firefox öffnet bei suche in Google mehrmals falsche links vor dem richtigen



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
IE - HKLM\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll (SweetIM Technologies Ltd.)
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaulturl: "http://search.live.com/results.aspx?FORM=IEFM1&q="
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"
FF - prefs.js..keyword.URL: "http://search.sweetim.com/search.asp?src=2&q="
FF - prefs.js..network.proxy.autoconfig_url: "http://nurago29.pop-hannover.net/gacela2/gacela2_pilot0903/autoproxyconfig.php?id=10901&type=FF&version=2.1.16"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.3&q="
[2010.05.10 14:05:30 | 000,000,112 | ---- | M] () -- C:\ProgramData\ge8aaiu.dat
[2010.05.07 21:11:01 | 000,002,853 | ---- | M] () -- C:\ProgramData\hQrLb0N2.PIF
[2010.05.07 21:03:39 | 000,068,610 | ---- | M] () -- C:\ProgramData\hQrLb0N2.exe
[2010.05.04 20:43:59 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\OV9655S.SET
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann auf den Button Run Fixes!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.05.2010, 10:29   #12
roadrunner14
 
Firefox öffnet bei suche in Google mehrmals falsche links  vor dem richtigen - Standard

Firefox öffnet bei suche in Google mehrmals falsche links vor dem richtigen



Habs grad laufen lassen.

Die eine Datei ließ sich nicht löschen. Hab es eben nochmal von Hand versucht. Ging nicht. Der sagt ich hätte nicht genügend Rechte. Er will Administrator-Rechte. Mein Benutzerkonto ist Administrator und die Kontensteuerung ist abgeschaltet.

Zitat:
All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Programme\ICQ6Toolbar\ICQToolBar.dll moved successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Programme\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{EEE6C35D-6118-11DC-9C72-001320C79847} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}\ deleted successfully.
C:\Programme\SweetIM\Toolbars\Internet Explorer\mgHelper.dll moved successfully.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "hxxp://search.live.com/results.aspx?FORM=IEFM1&q=" removed from browser.search.defaulturl
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: false removed from browser.search.suggest.enabled
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://start.icq.com/" removed from browser.startup.homepage
Prefs.js: "hxxp://search.sweetim.com/search.asp?src=2&q=" removed from keyword.URL
Prefs.js: "hxxp://nurago29.pop-hannover.net/gacela2/gacela2_pilot0903/autoproxyconfig.php?id=10901&type=FF&version=2.1.16" removed from network.proxy.autoconfig_url
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.3&q=" removed from sweetim.toolbar.previous.keyword.URL
C:\ProgramData\ge8aaiu.dat moved successfully.
C:\ProgramData\hQrLb0N2.PIF moved successfully.
File move failed. C:\ProgramData\hQrLb0N2.exe scheduled to be moved on reboot.
C:\Windows\System32\drivers\OV9655S.SET moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Classic .NET AppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: roadrunner1405
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 90411 bytes
->Java cache emptied: 12118620 bytes
->FireFox cache emptied: 92249854 bytes
->Flash cache emptied: 1551 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 100,00 mb


OTL by OldTimer - Version 3.2.4.1 log created on 05202010_102004

Files\Folders moved on Reboot...
File move failed. C:\ProgramData\hQrLb0N2.exe scheduled to be moved on reboot.
File move failed. C:\Windows\temp\atchksrv.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Alt 20.05.2010, 10:34   #13
roadrunner14
 
Firefox öffnet bei suche in Google mehrmals falsche links  vor dem richtigen - Standard

Firefox öffnet bei suche in Google mehrmals falsche links vor dem richtigen



Hab die Datei hQrLb0N2.exe mal mit Unlocker gelöscht. Starte nochmal neu obs dann weg ist. Die war schonmal da und wurde automatisch gestartet. Es wurde zwar nicht als Virus erkannt damals, aber sie tauchte immer wieder auf nach dem löschen. Momentan läd er sie zumindest nicht mehr im Autostart.

Alt 20.05.2010, 11:22   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Firefox öffnet bei suche in Google mehrmals falsche links  vor dem richtigen - Standard

Firefox öffnet bei suche in Google mehrmals falsche links vor dem richtigen



Na, dann mach mal nen Durchgang mit CF bitte (neue cofi.exe runterladen!!):

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 20.05.2010, 13:44   #15
roadrunner14
 
Firefox öffnet bei suche in Google mehrmals falsche links  vor dem richtigen - Standard

Firefox öffnet bei suche in Google mehrmals falsche links vor dem richtigen



hier das log:

Code:
ATTFilter
ComboFix 10-05-17.05 - roadrunner1405 20.05.2010  11:50:07.2.2 - x86
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.49.1031.18.2006.713 [GMT 2:00]
ausgeführt von:: c:\users\roadrunner1405\Desktop\cofi.exe
.
Die folgenden Dateien wurden während des Laufs deaktiviert:
c:\program files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\leaktests.m32


((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\htmlres115_de.dll
c:\windows\system32\htmlres115_en.dll
c:\windows\system32\htmlres115_es.dll
c:\windows\system32\htmlres115_fr.dll
c:\windows\system32\htmlres115_it.dll
c:\windows\system32\htmlres115_jp.dll
c:\windows\system32\htmlres115_nl.dll
c:\windows\system32\htmlres115_pl.dll
c:\windows\system32\htmlres115_pt.dll
c:\windows\system32\htmlres115_ru.dll
c:\windows\system32\htmlres115_sv.dll
c:\windows\system32\libOCAHelper-3-1.dll
c:\windows\system32\libOCAHelperw-3-1.dll
c:\windows\system32\libOCASecurityw-2-0.dll
c:\windows\system32\nsclient115.dll
c:\windows\system32\nsclient115w.dll
c:\windows\system32\stringres115_de.dll
c:\windows\system32\stringres115_en.dll
c:\windows\system32\stringres115_es.dll
c:\windows\system32\stringres115_fr.dll
c:\windows\system32\stringres115_it.dll
c:\windows\system32\stringres115_jp.dll
c:\windows\system32\stringres115_nl.dll
c:\windows\system32\stringres115_pl.dll
c:\windows\system32\stringres115_pt.dll
c:\windows\system32\stringres115_ru.dll
c:\windows\system32\stringres115_sv.dll
c:\program files\BitDefender\BitDefender 2010\Active Virus Control\midas32-v2_60\leaktests.m32 . . . . Nicht in der Lage zu löschen

.
(((((((((((((((((((((((   Dateien erstellt von 2010-04-20 bis 2010-05-20  ))))))))))))))))))))))))))))))
.

2010-05-20 10:00 . 2010-05-20 11:18	--------	d-----w-	c:\users\roadrunner1405\AppData\Local\temp
2010-05-20 10:00 . 2010-05-20 10:00	--------	d-----w-	c:\users\Public\AppData\Local\temp
2010-05-20 10:00 . 2010-05-20 10:00	--------	d-----w-	c:\users\Gast\AppData\Local\temp
2010-05-20 10:00 . 2010-05-20 10:00	--------	d-----w-	c:\users\Default\AppData\Local\temp
2010-05-20 10:00 . 2010-05-20 10:00	--------	d-----w-	c:\users\Classic .NET AppPool\AppData\Local\temp
2010-05-20 08:20 . 2010-05-20 08:20	--------	d-----w-	C:\_OTL
2010-05-19 17:38 . 2010-05-19 17:38	--------	d-----w-	c:\users\roadrunner1405\AppData\Roaming\Malwarebytes
2010-05-19 17:38 . 2010-04-29 10:19	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-19 17:38 . 2010-05-19 17:38	--------	d-----w-	c:\programdata\Malwarebytes
2010-05-19 17:38 . 2010-04-29 10:19	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-05-19 17:37 . 2010-05-19 17:38	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-05-19 14:17 . 2010-03-04 07:33	740864	----a-w-	c:\windows\system32\inetcomm.dll
2010-05-19 13:22 . 2010-05-19 13:22	--------	d-----w-	c:\program files\CCleaner
2010-05-19 12:24 . 2010-05-19 12:24	--------	d-----w-	c:\programdata\F-Secure
2010-05-17 12:28 . 2010-05-17 12:28	--------	d-----w-	c:\program files\SweetIM
2010-05-17 12:28 . 2010-05-17 12:28	--------	d-----w-	c:\programdata\SweetIM
2010-05-15 15:03 . 2010-05-15 15:33	--------	d-----w-	c:\program files\ICQ7.1
2010-05-10 19:17 . 2009-10-10 02:57	12800	----a-w-	c:\windows\system32\drivers\sffp_sd.sys
2010-05-10 19:17 . 2009-10-10 02:31	84992	----a-w-	c:\windows\system32\drivers\sdbus.sys
2010-05-10 18:42 . 2009-12-11 07:44	133720	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2010-05-10 18:42 . 2009-12-11 07:38	1037312	----a-w-	c:\windows\system32\lsasrv.dll
2010-05-10 18:42 . 2009-09-26 05:58	194488	----a-w-	c:\windows\system32\drivers\fvevol.sys
2010-05-07 19:15 . 2010-05-07 19:15	--------	d-----w-	c:\program files\The KMPlayer
2010-05-07 19:02 . 2010-05-07 19:02	--------	d-----w-	c:\users\roadrunner1405\AppData\Local\ratDVD
2010-05-07 19:02 . 2010-05-07 19:02	--------	d-----w-	c:\program files\ratDVD
2010-05-07 13:32 . 2010-05-07 13:32	--------	d-----w-	c:\users\roadrunner1405\AppData\Local\Diagnostics
2010-05-05 10:56 . 2010-05-05 10:56	--------	d-----w-	c:\programdata\eBay
2010-05-05 10:56 . 2010-05-05 10:56	--------	d-----w-	c:\program files\eBay
2010-05-04 10:12 . 2010-05-04 10:12	--------	d-----w-	c:\users\roadrunner1405\AppData\Local\FixItCenter
2010-05-04 09:58 . 2010-05-04 09:58	--------	d-----w-	c:\windows\CheckSur
2010-05-04 09:50 . 2010-05-04 09:50	--------	d-----w-	c:\windows\MATS
2010-05-04 09:50 . 2010-05-04 09:50	--------	d-----w-	c:\program files\Microsoft Fix it Center
2010-05-03 22:44 . 2010-05-04 10:06	--------	d-----w-	c:\program files\Registry Easy
2010-05-03 17:18 . 2010-05-03 17:18	--------	d-----w-	c:\program files\Trend Micro
2010-04-28 06:28 . 2010-04-28 08:34	--------	d-----w-	c:\program files\a-squared Free
2010-04-27 13:59 . 2010-04-27 13:59	--------	d-----w-	c:\programdata\Cloanto
2010-04-27 13:59 . 2010-04-27 13:59	--------	d-----w-	c:\program files\Common Files\Cloanto
2010-04-27 13:59 . 2010-04-27 13:59	--------	d-----w-	c:\program files\Cloanto
2010-04-27 10:25 . 2010-04-01 13:11	30024	----a-w-	c:\windows\system32\uxtuneup.dll
2010-04-27 10:10 . 2010-04-01 13:17	30536	----a-w-	c:\windows\system32\TURegOpt.exe
2010-04-27 10:09 . 2010-04-27 10:25	--------	d-----w-	c:\program files\TuneUp Utilities 2010
2010-04-27 10:07 . 2010-04-27 10:07	--------	d-sh--w-	c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-04-27 09:45 . 2010-05-10 16:00	--------	d-----w-	c:\program files\Unlocker
2010-04-26 20:35 . 2010-04-30 08:19	--------	d-----w-	c:\program files\GridinSoft Trojan Killer
2010-04-26 20:13 . 2010-04-26 20:13	--------	d-----w-	c:\program files\QSoft
2010-04-26 20:12 . 2010-04-26 20:12	--------	d-----w-	c:\program files\NoVirusThanks
2010-04-26 20:06 . 2006-06-19 10:01	69632	----a-w-	c:\windows\system32\ztvcabinet.dll
2010-04-26 20:06 . 2006-05-25 12:52	162304	----a-w-	c:\windows\system32\ztvunrar36.dll
2010-04-26 20:06 . 2005-08-25 22:50	77312	----a-w-	c:\windows\system32\ztvunace26.dll
2010-04-26 20:06 . 2003-02-02 17:06	153088	----a-w-	c:\windows\system32\UNRAR3.dll
2010-04-26 20:06 . 2002-03-05 22:00	75264	----a-w-	c:\windows\system32\unacev2.dll
2010-04-26 20:06 . 2010-04-26 21:12	--------	d-----w-	c:\program files\Trojan Remover
2010-04-26 20:06 . 2010-04-26 20:06	--------	d-----w-	c:\users\roadrunner1405\AppData\Roaming\Simply Super Software
2010-04-26 20:06 . 2010-04-26 20:06	--------	d-----w-	c:\programdata\Simply Super Software
2010-04-26 09:00 . 2010-04-26 09:01	--------	d-----w-	C:\ZL_DB_CCcam_SoftCam_Control
2010-04-25 21:15 . 2010-04-25 21:15	--------	d-----w-	c:\users\roadrunner1405\AppData\Local\Mozilla
2010-04-25 10:22 . 2010-04-25 12:30	--------	d-----w-	c:\program files\WindowsServices
2010-04-25 10:22 . 2010-04-25 10:22	--------	d-----w-	c:\program files\TimHillOne
2010-04-24 11:05 . 2010-04-24 11:05	--------	d-----w-	c:\program files\PGWARE
2010-04-23 14:59 . 2010-04-23 14:59	49152	----a-r-	c:\windows\system32\inetwh32.dll
2010-04-23 14:59 . 2010-04-23 14:59	1044480	----a-r-	c:\windows\system32\roboex32.dll

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-20 11:19 . 2009-08-23 17:48	--------	d-----w-	c:\users\roadrunner1405\AppData\Roaming\Skype
2010-05-20 10:07 . 2010-03-23 19:33	4194304	----a-w-	c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2010-05-20 09:46 . 2009-10-07 08:26	--------	d-----w-	c:\users\roadrunner1405\AppData\Roaming\ICQ
2010-05-20 08:25 . 2009-08-23 17:50	--------	d-----w-	c:\users\roadrunner1405\AppData\Roaming\skypePM
2010-05-20 08:22 . 2010-05-20 08:22	0	----a-w-	c:\windows\system32\drivers\OV9655S.SET
2010-05-20 08:20 . 2009-10-07 08:26	--------	d-----w-	c:\program files\ICQ6Toolbar
2010-05-19 14:21 . 2009-08-27 09:04	--------	d-----w-	c:\programdata\Microsoft Help
2010-05-19 14:20 . 2009-07-14 02:37	--------	d-----w-	c:\program files\Windows Mail
2010-05-19 09:00 . 2010-01-07 12:02	2300696	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2010-05-19 09:00 . 2010-05-19 09:00	42776	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-05-18 20:08 . 2010-03-15 12:49	--------	d-----w-	c:\users\roadrunner1405\AppData\Roaming\UseNeXT
2010-05-16 18:02 . 2009-10-08 20:42	--------	d-----w-	c:\program files\Mozilla Thunderbird 3.0 Beta 3
2010-05-15 21:44 . 2010-03-10 10:02	--------	d-----w-	c:\program files\JDownloader
2010-05-15 16:24 . 2009-07-14 04:52	--------	d-----w-	c:\program files\Windows Sidebar
2010-05-15 15:23 . 2009-10-07 08:26	--------	d-----w-	c:\programdata\ICQ
2010-05-10 18:09 . 2009-08-23 17:45	--------	d-----r-	c:\program files\Skype
2010-05-10 16:00 . 2009-08-22 15:25	--------	d-----w-	c:\program files\Smart Battery
2010-05-10 16:00 . 2009-08-22 15:41	--------	d-----w-	c:\program files\Lenovo Fingerprint Software
2010-05-10 12:56 . 2009-10-19 15:04	72784	----a-w-	c:\windows\system32\drivers\BdfNdisf6.sys
2010-05-07 19:13 . 2009-09-11 19:05	--------	d-----w-	c:\users\roadrunner1405\AppData\Roaming\vlc
2010-04-28 06:45 . 2009-10-18 08:40	--------	d-----w-	c:\program files\FileZilla FTP Client
2010-04-27 17:59 . 2010-03-15 12:43	--------	d-----w-	c:\program files\UseNeXT
2010-04-27 10:14 . 2009-08-22 21:46	--------	d-----w-	c:\program files\TuneUp Utilities 2009
2010-04-27 10:08 . 2009-08-22 21:46	--------	d-----w-	c:\programdata\TuneUp Software
2010-04-02 08:46 . 2009-08-22 15:12	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-04-02 08:45 . 2009-10-24 14:45	--------	d-----w-	c:\program files\DAEMON Tools Toolbar
2010-04-02 08:42 . 2010-04-02 08:42	--------	d-----w-	c:\program files\Xirrus
2010-04-01 14:13 . 2010-04-01 14:13	--------	d-----w-	c:\program files\Common Files\Skype
2010-04-01 13:43 . 2009-07-24 10:26	291352	----a-w-	c:\windows\system32\drivers\bdfsfltr.sys
2010-04-01 13:11 . 2009-08-22 21:48	21320	----a-w-	c:\windows\system32\authuitu.dll
2010-03-29 21:06 . 2010-03-29 21:06	--------	d-----w-	c:\program files\EPROM50
2010-03-29 20:58 . 2010-03-29 20:58	5152	----a-w-	c:\windows\system32\drivers\io.sys
2010-03-25 18:39 . 2010-03-25 18:38	--------	d-----w-	c:\program files\ICQ-Banner-Remover
2010-03-25 09:27 . 2010-04-25 21:32	1107264	----a-w-	c:\users\roadrunner1405\AppData\Roaming\Mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
2010-03-24 18:17 . 2010-03-24 08:04	952768	----a-w-	c:\programdata\Adobe\Reader\9.3\ARM\30963\AdobeARM.exe
2010-03-24 18:17 . 2010-03-24 08:04	70584	----a-w-	c:\programdata\Adobe\Reader\9.3\ARM\30963\AdobeExtractFiles.dll
2010-03-24 18:17 . 2010-03-24 08:04	326056	----a-w-	c:\programdata\Adobe\Reader\9.3\ARM\30963\ReaderUpdater.exe
2010-03-24 18:17 . 2010-03-24 08:04	326056	----a-w-	c:\programdata\Adobe\Reader\9.3\ARM\30963\AcrobatUpdater.exe
2010-03-23 19:33 . 2009-10-22 16:20	739082	----a-w-	c:\windows\system32\perfh007.dat
2010-03-23 19:33 . 2009-10-22 16:20	153070	----a-w-	c:\windows\system32\perfc007.dat
2010-03-23 19:32 . 2010-03-23 19:32	--------	d-----w-	c:\program files\CMAK
2010-03-23 09:54 . 2010-03-23 09:54	--------	d-----w-	c:\program files\RMClock
2010-03-22 18:04 . 2010-03-22 18:04	--------	d-----w-	c:\program files\CPUCooL
2010-03-18 15:58 . 2010-03-18 15:58	101248	----a-w-	c:\windows\system32\drivers\avmaura.sys
2010-03-18 12:22 . 2010-03-18 11:08	28672	----a-w-	c:\windows\system32\AF15BDAEX.dll
2010-03-18 12:22 . 2010-03-18 11:08	126	----a-w-	c:\windows\system32\AF15IRTBL.bin
2010-03-18 12:22 . 2010-03-18 11:08	483200	----a-w-	c:\windows\system32\drivers\AF15BDA.sys
2010-03-17 09:35 . 2010-04-25 21:32	309248	----a-w-	c:\users\roadrunner1405\AppData\Roaming\Mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
2010-03-15 13:04 . 2009-08-25 12:02	34	----a-w-	c:\programdata\StarMoney 7.0\profil\sfmsm.dll
2010-03-10 10:01 . 2010-03-10 10:01	411368	----a-w-	c:\windows\system32\deploytk.dll
2010-03-08 21:33 . 2010-04-14 07:57	427520	----a-w-	c:\windows\system32\vbscript.dll
2010-02-28 19:23 . 2009-09-05 13:06	281760	----a-w-	c:\windows\system32\drivers\atksgt.sys
2010-02-28 19:23 . 2009-09-05 13:06	25888	----a-w-	c:\windows\system32\drivers\lirsgt.sys
2010-02-28 18:30 . 2010-02-28 18:30	48648	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2010-02-28 18:30 . 2010-02-06 17:47	1170240	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2010-02-27 12:07 . 2010-04-14 07:57	3899280	----a-w-	c:\windows\system32\ntoskrnl.exe
2010-02-27 12:07 . 2010-04-14 07:57	3954568	----a-w-	c:\windows\system32\ntkrnlpa.exe
2010-02-27 07:32 . 2010-04-14 07:57	221696	----a-w-	c:\windows\system32\drivers\mrxsmb10.sys
2010-02-27 07:32 . 2010-04-14 07:57	95744	----a-w-	c:\windows\system32\drivers\mrxsmb20.sys
2010-02-27 07:32 . 2010-04-14 07:57	123392	----a-w-	c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 07:56 . 2010-03-30 17:57	977920	----a-w-	c:\windows\system32\wininet.dll
2010-02-22 16:58 . 2010-03-11 14:09	1733152	----a-w-	c:\windows\system32\RtkPgExt.dll
2010-02-22 16:58 . 2010-03-11 14:09	57888	----a-w-	c:\windows\system32\RtkCoInst.dll
2010-02-22 16:58 . 2010-03-11 14:09	371232	----a-w-	c:\windows\system32\RtkApoApi.dll
2010-02-22 16:58 . 2010-03-11 14:09	2649120	----a-w-	c:\windows\system32\RtkAPO.dll
2010-02-22 16:23 . 2010-03-11 14:09	3022944	----a-w-	c:\windows\system32\drivers\RTKVHDA.sys
2010-02-20 16:47 . 2010-01-07 12:02	1170240	----a-w-	c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-06-10 21:26 . 2009-07-14 02:04	9633792	--sha-r-	c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42	396800	--sha-w-	c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
Code:
ATTFilter
<pre>
c:\program files\Acronis\TrueImageHome\timountermonitor .exe
c:\program files\Acronis\TrueImageHome\TrueImageMonitor .exe
c:\program files\Adobe\Reader 9.0\Reader\reader_sl .exe
c:\program files\Common Files\Acronis\Schedule2\schedhlp .exe
c:\program files\Common Files\Adobe\ARM\1.0\adobearm .exe
c:\program files\Intel\AMT\atchk .exe
c:\program files\Lenovo Fingerprint Software\fpapp .exe
c:\program files\Microsoft Office\Office12\groovemonitor .exe
c:\program files\PGWARE\SuperRam\superramtray .exe
c:\program files\QSoft\Autorun Kicker\_autorunkicker .exe
c:\program files\Skype\Phone\skype .exe
c:\program files\Smart Battery\smbtray .exe
c:\program files\Trojan Remover\trjscan .exe
c:\program files\Unlocker\UnlockerAssistant  .exe
c:\program files\Windows Sidebar\sidebar .exe
</pre>
         
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}] 2010-03-18 14:06 1361208 ----a-r- c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-03-18 1361208] [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:\program files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2010-03-18 1361208] [HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar.1] [HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}] [HKEY_CLASSES_ROOT\SWEETIE.IEToolbar] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-06 26102056] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BDAgent"="c:\program files\BitDefender\BitDefender 2010\bdagent.exe" [2010-04-01 1123360] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2010\IEShow.exe" [2009-10-19 71152] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-02-22 8522272] "MsmqIntCert"="mqrt.dll" [2009-07-14 152064] "igfxTray Module"="c:\windows\System32\igfxtray.exe" [2009-09-23 141848] "hkcmd Module"="c:\windows\System32\hkcmd.exe" [2009-09-23 173592] "persistence Module"="c:\windows\System32\igfxpers.exe" [2009-09-23 150552] "SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2010-04-14 111928] " Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952] c:\users\roadrunner1405\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Mozilla Firefox.lnk - c:\program files\Mozilla Firefox\firefox.exe [2010-4-25 910296] Mozilla Thunderbird 3.0 Beta 3.lnk - c:\program files\Mozilla Thunderbird 3.0 Beta 3\thunderbird.exe [2009-10-8 11959472] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "DisableCAD"= 1 (0x1) [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Authentication Packages REG_MULTI_SZ msv1_0 wvauth Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys] @="FSFilter System Recovery" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^TMMonitor.lnk] backup=c:\windows\pss\TMMonitor.lnk.CommonStartup backupExtension=.CommonStartup [HKLM\~\startupfolder\C:^Users^roadrunner1405^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^klickTel OEM Frühjahr 2009 - Schnellstarter.lnk] backup=c:\windows\pss\klickTel OEM Frühjahr 2009 - Schnellstarter.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe [N/A] [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service] 2009-10-10 12:32 203264 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EmbassySecurityCheck] 2007-04-16 08:13 71232 ----a-w- c:\program files\Wave Systems Corp\Embassy Security Setup\EmbassySecurityCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds] 2009-09-23 17:30 173592 ----a-w- c:\windows\System32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] 2009-06-04 17:03 186904 ----a-w- c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2009-09-23 17:30 141848 ----a-w- c:\windows\System32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence] 2009-09-23 17:30 150552 ----a-w- c:\windows\System32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\phonostarTimer] 2009-09-28 09:01 36864 ----a-w- c:\program files\phonostar-Player\phonostarTimer.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe] 2009-11-11 14:11 287800 ----a-r- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite] 2009-09-24 13:41 434176 ----a-w- c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-03-10 10:01 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TODO_ _File description_] c:\program files\Smart Battery\smbtray.exe [N/A] R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-10-24 721904] R2 StarMoney 7.0 OnlineUpdate;StarMoney 7.0 OnlineUpdate;c:\program files\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [2009-09-11 528904] R3 AF9035BDA;AF9035 BDA Devices;c:\windows\system32\Drivers\AF9035BDA.sys [2009-07-13 199168] R3 Arrakis3;BitDefender Arrakis Server;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2009-10-19 183880] R3 MatSvc;Microsoft Fix it Supportcenter;c:\program files\Microsoft Fix it Center\Matsvc.exe [2010-04-10 266544] R3 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112] R3 WMSVC;Webverwaltungsdienst;c:\windows\system32\inetsrv\wmsvc.exe [2009-07-14 9728] R4 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408] S0 KeyAgent;KeyAgent; [x] S0 snapman378;Acronis Snapshots Manager (Build 378);c:\windows\system32\DRIVERS\snman378.sys [2009-08-22 134272] S0 stmtpm;STM TPM Service;c:\windows\system32\DRIVERS\stm_tpm.sys [2007-07-05 21504] S0 tdrpman124;Acronis Try&Decide and Restore Points filter (build 124);c:\windows\system32\DRIVERS\tdrpm124.sys [2009-08-22 950848] S1 BdfNdisf;BitDefender Firewall NDIS 6 Filter Driver;c:\windows\system32\DRIVERS\BdfNdisf6.sys [2010-05-10 72784] S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-05-10 79952] S1 ntiomin;ntiomin; [x] S2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [2010-04-28 1872320] S2 Apache2.2;Apache2.2;c:\xampp\apache\bin\httpd.exe [2009-11-20 29416] S2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2010\bdvedisk.sys [2010-05-10 85128] S2 ftpsvc;Microsoft-FTP-Dienst;c:\windows\system32\svchost.exe [2009-07-14 20992] S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992] S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520] S2 io.sys;IO.DLL Driver;c:\windows\system32\drivers\io.sys [2010-03-29 5152] S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-02-11 172328] S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2010-04-01 1050440] S2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [2007-07-27 1489688] S3 avmaura;AVM USB-Fernanschluss;c:\windows\system32\DRIVERS\avmaura.sys [2010-03-18 101248] S3 BDFM;BDFM;c:\windows\system32\DRIVERS\bdfm.sys [2010-02-17 153448] S3 DCamUSBGene;GenesysLogic USB2.0 PC Camera;c:\windows\system32\DRIVERS\usbgene.sys [2007-06-26 131584] S3 netw5v32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows Vista 32-Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2010-01-13 6628352] S3 PsxDrv;PsxDrv;c:\windows\system32\drivers\psxdrv.sys [2009-07-13 9216] S3 seehcri;Sony Ericsson seehcri Device Driver;c:\windows\system32\DRIVERS\seehcri.sys [2008-01-09 27632] S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2009-11-09 25088] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064] S3 wbms_vista_x86;Winbond Memory Stick Controller;c:\windows\system32\Drivers\wbms_vista_x86.SYS [2007-06-26 52224] S3 wbsdmmc;Winbond SD/MMC Controller;c:\windows\system32\DRIVERS\wbsdmmc_vista_x86.sys [2007-04-20 44544] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HsfXAudioService REG_MULTI_SZ HsfXAudioService bdx REG_MULTI_SZ scan ftpsvc REG_MULTI_SZ ftpsvc iissvcs REG_MULTI_SZ w3svc was apphost REG_MULTI_SZ apphostsvc ipripsvc REG_MULTI_SZ iprip LPDService REG_MULTI_SZ LPDSVC HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . . ------- Zusätzlicher Suchlauf ------- . uStart Page = IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe LSP: c:\windows\system32\biolsp.dll FF - ProfilePath - c:\users\roadrunner1405\AppData\Roaming\Mozilla\Firefox\Profiles\jx3wb3ha.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - FF - component: c:\program files\BitDefender\BitDefender 2010\bdaphffext\components\bdaphff2.dll FF - component: c:\program files\BitDefender\BitDefender 2010\bdaphffext\components\bdaphff3.6.dll FF - component: c:\program files\BitDefender\BitDefender 2010\bdaphffext\components\bdaphff3.dll FF - component: c:\users\roadrunner1405\AppData\Roaming\Mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{7378B8C2-FC38-41b8-A8C9-875D1F5B0A24}\components\NativeComponent.dll FF - component: c:\users\roadrunner1405\AppData\Roaming\Mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\fb_add_on@avm.de\components\FB_AddOn.dll FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll FF - plugin: c:\program files\Sony\Media Go\npmediago.dll FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nppl3260.dll FF - plugin: c:\program files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\Win7codecs\rm\browser\plugins\nppl3260.dll FF - plugin: c:\program files\Win7codecs\rm\browser\plugins\nprpjplug.dll FF - plugin: c:\users\roadrunner1405\AppData\Roaming\Mozilla\Firefox\Profiles\jx3wb3ha.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ ---- FIREFOX Richtlinien ---- FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 FF - user.js: network.http.max-persistent-connections-per-server - 4 c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); . ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, hxxp://www.gmer.net device: opened successfully user: MBR read successfully called modules: >>UNKNOWN [0x8303A000]<< >>UNKNOWN [0x89BCE000]<< >>UNKNOWN [0x89BBD000]<< >>UNKNOWN [0x84525000]<< >>UNKNOWN [0x83003000]<< kernel: MBR read successfully detected MBR rootkit hooks: IoDeviceObjectType -> DumpProcedure -> 0xd46a624f SecurityProcedure -> 0x8587d5f0 QueryNameProcedure -> 0x8587c280 user & kernel MBR OK ************************************************************************** . --------------------- Gesperrte Registrierungsschluessel --------------------- [HKEY_USERS\.Default\Software\SetID\Internal] @Denied: (A 2) (LocalSystem) "DATA"="<settings expireTime=\"0\" productStatus=\"1\" obSize=\"0\" InstallIS=\"2145870353\" isSubsc=\"0\" version=\"12.0.1\" timeDiff=\"1\" oldDevice=\"\" authStatus_is=\"0\" />" "Device"="xrnJucq8yLy6z8fMzszNusjHvM8=" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000001 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- - - - - - - - > 'lsass.exe'(788) c:\windows\system32\wvauth.DLL c:\windows\system32\biolsp.dll - - - - - - - > 'Explorer.exe'(7824) c:\program files\SweetIM\Messenger\mgAdaptersProxy.dll . ------------------------ Weitere laufende Prozesse ------------------------ . c:\windows\system32\psxss.exe c:\program files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe c:\program files\BitDefender\BitDefender 2010\vsserv.exe c:\windows\system32\WLANExt.exe c:\windows\system32\conhost.exe c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\program files\Common Files\Acronis\Schedule2\schedul2.exe c:\program files\Intel\AMT\atchksrv.exe c:\windows\system32\inetsrv\inetinfo.exe c:\program files\Intel\AMT\LMS.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\windows\system32\mqsvc.exe c:\xampp\mysql\bin\mysqld.exe c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe c:\windows\System32\tcpsvcs.exe c:\windows\System32\snmp.exe c:\program files\TeamViewer\Version5\TeamViewer.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE c:\program files\Intel\WiFi\bin\EvtEng.exe c:\windows\system32\mqtgsvc.exe c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe c:\windows\system32\UI0Detect.exe c:\windows\system32\taskhost.exe c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe c:\program files\BitDefender\BitDefender 2010\seccenter.exe c:\windows\system32\conhost.exe c:\windows\system32\igfxsrvc.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Skype\Plugin Manager\skypePM.exe c:\windows\servicing\TrustedInstaller.exe . ************************************************************************** . Zeit der Fertigstellung: 2010-05-20 13:23:30 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2010-05-20 11:23 ComboFix2.txt 2010-05-19 14:06 Vor Suchlauf: 14 Verzeichnis(se), 12.956.110.848 Bytes frei Nach Suchlauf: 15 Verzeichnis(se), 12.717.944.832 Bytes frei - - End Of File - - 291C6112E5BBE955D814E21BE98998C0
[/QUOTE]

Antwort

Themen zu Firefox öffnet bei suche in Google mehrmals falsche links vor dem richtigen
bitdefender, defender, ebay, falsche, falsche links, firefox, google, jahre, komplett, links, malware, neue, neuen, probleme, programme, prüfen, schonmal, spyware, suche, tab, tab öffnen, tan, windows, windows 7, windows 7 ultimate, öffnen, öffnet



Ähnliche Themen: Firefox öffnet bei suche in Google mehrmals falsche links vor dem richtigen


  1. Links aus Google Suche rufen falsche Seite auf!
    Plagegeister aller Art und deren Bekämpfung - 24.09.2013 (11)
  2. Google Suche falsche Ergebnisse unter Firefox 20
    Plagegeister aller Art und deren Bekämpfung - 14.04.2013 (22)
  3. Falsche Links in Google-Suche
    Log-Analyse und Auswertung - 14.11.2012 (13)
  4. Google öffnet falsche Links und Yahoo mail geht bei Firefox nicht
    Log-Analyse und Auswertung - 30.09.2011 (1)
  5. Firefox öffnet falsche Seiten über die Google suche
    Log-Analyse und Auswertung - 17.05.2011 (1)
  6. Google öffnet falsche Links (und fake MS Removal Tool)
    Plagegeister aller Art und deren Bekämpfung - 04.04.2011 (17)
  7. Firefox öffnet falsche Links, Schadsoftware?
    Log-Analyse und Auswertung - 19.01.2011 (1)
  8. Firefox leitet auf falsche google-Links weiter und öffnet sich selbst in Popups neu.
    Plagegeister aller Art und deren Bekämpfung - 04.12.2010 (6)
  9. Firefox Öffnet in Google falsche Links und öffnet spontan Websites in neuem Tab
    Plagegeister aller Art und deren Bekämpfung - 28.11.2010 (5)
  10. Firefox langsam, öffnet automatisch links, falsche Weiterleitung bei google suche
    Log-Analyse und Auswertung - 24.11.2010 (17)
  11. Firefox Öffnet in Google falsche Links + Spotan Werbeseiten
    Plagegeister aller Art und deren Bekämpfung - 18.05.2010 (28)
  12. Google öffnet falsche links
    Plagegeister aller Art und deren Bekämpfung - 23.12.2009 (26)
  13. Firefox öffnet falsche links
    Log-Analyse und Auswertung - 26.06.2009 (1)
  14. firefox / google öffnet falsche links
    Log-Analyse und Auswertung - 04.05.2009 (3)
  15. Google öffnet falsche Links
    Log-Analyse und Auswertung - 05.10.2008 (4)
  16. Falsche Links nach Google Suche. Brauche Hilfe!
    Plagegeister aller Art und deren Bekämpfung - 08.08.2008 (7)
  17. Internet Explorer öffnet nach Google-Suche falsche Internetseiten
    Plagegeister aller Art und deren Bekämpfung - 08.04.2007 (3)

Zum Thema Firefox öffnet bei suche in Google mehrmals falsche links vor dem richtigen - Hallo! Ich hab Probleme mit meinem Laptop. Seit einiger Zeit ruft Firefox falsche links auf. Wenn ich Google benutze und will ein Suchergebnis in einem neuen Tab öffnen, dann kommt - Firefox öffnet bei suche in Google mehrmals falsche links vor dem richtigen...
Archiv
Du betrachtest: Firefox öffnet bei suche in Google mehrmals falsche links vor dem richtigen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.