Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: TR/Dropper.gen in C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 02.08.2010, 23:35   #1
Sloth
 
TR/Dropper.gen in C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb - Standard

TR/Dropper.gen in C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb



Guten Tag

ich bin hier weil mein Avira einen Trojaner entdeckt hatt und ich diesen aber auch nach mehreren versuchen nicht gelöscht bekomme und hoffe das mir eine Fach-wissende nette Person helfen kann.

Hier ist der Bericht von dem letzten Scan mit Avira:
Code:
ATTFilter
Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Montag, 2. August 2010  04:37

Es wird nach 2664759 Virenstämmen gesucht.

Lizenznehmer   : Avira AntiVir Personal - FREE Antivirus
Seriennummer   : 0000149996-ADJIE-0000001
Plattform      : Windows Vista
Windowsversion : (plain)  [6.1.7600]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : WINDOWS-6B4ZKFF

Versionsinformationen:
BUILD.DAT      : 9.0.0.422     21701 Bytes  09.03.2010 10:23:00
AVSCAN.EXE     : 9.0.3.10     466689 Bytes  13.10.2009 10:26:28
AVSCAN.DLL     : 9.0.3.0       49409 Bytes  13.02.2009 11:04:10
LUKE.DLL       : 9.0.3.2      209665 Bytes  20.02.2009 10:35:44
LUKERES.DLL    : 9.0.2.0       13569 Bytes  26.01.2009 09:41:59
VBASE000.VDF   : 7.10.0.0   19875328 Bytes  06.11.2009 06:35:52
VBASE001.VDF   : 7.10.1.0    1372672 Bytes  19.11.2009 14:32:30
VBASE002.VDF   : 7.10.3.1    3143680 Bytes  20.01.2010 14:32:39
VBASE003.VDF   : 7.10.3.75    996864 Bytes  26.01.2010 14:32:42
VBASE004.VDF   : 7.10.4.203   1579008 Bytes  05.03.2010 15:55:46
VBASE005.VDF   : 7.10.6.82   2494464 Bytes  15.04.2010 04:09:09
VBASE006.VDF   : 7.10.7.218   2294784 Bytes  02.06.2010 18:31:26
VBASE007.VDF   : 7.10.9.165   4840960 Bytes  23.07.2010 19:55:09
VBASE008.VDF   : 7.10.9.166      2048 Bytes  23.07.2010 19:55:09
VBASE009.VDF   : 7.10.9.167      2048 Bytes  23.07.2010 19:55:09
VBASE010.VDF   : 7.10.9.168      2048 Bytes  23.07.2010 19:55:09
VBASE011.VDF   : 7.10.9.169      2048 Bytes  23.07.2010 19:55:09
VBASE012.VDF   : 7.10.9.170      2048 Bytes  23.07.2010 19:55:09
VBASE013.VDF   : 7.10.9.198    157696 Bytes  26.07.2010 19:39:34
VBASE014.VDF   : 7.10.9.255    997888 Bytes  29.07.2010 19:41:08
VBASE015.VDF   : 7.10.10.0      2048 Bytes  29.07.2010 19:41:09
VBASE016.VDF   : 7.10.10.1      2048 Bytes  29.07.2010 19:41:09
VBASE017.VDF   : 7.10.10.2      2048 Bytes  29.07.2010 19:41:09
VBASE018.VDF   : 7.10.10.3      2048 Bytes  29.07.2010 19:41:09
VBASE019.VDF   : 7.10.10.4      2048 Bytes  29.07.2010 19:41:10
VBASE020.VDF   : 7.10.10.5      2048 Bytes  29.07.2010 19:41:10
VBASE021.VDF   : 7.10.10.6      2048 Bytes  29.07.2010 19:41:10
VBASE022.VDF   : 7.10.10.7      2048 Bytes  29.07.2010 19:41:10
VBASE023.VDF   : 7.10.10.8      2048 Bytes  29.07.2010 19:41:10
VBASE024.VDF   : 7.10.10.9      2048 Bytes  29.07.2010 19:41:11
VBASE025.VDF   : 7.10.10.10      2048 Bytes  29.07.2010 19:41:12
VBASE026.VDF   : 7.10.10.11      2048 Bytes  29.07.2010 19:41:12
VBASE027.VDF   : 7.10.10.12      2048 Bytes  29.07.2010 19:41:12
VBASE028.VDF   : 7.10.10.13      2048 Bytes  29.07.2010 19:41:13
VBASE029.VDF   : 7.10.10.14      2048 Bytes  29.07.2010 19:41:14
VBASE030.VDF   : 7.10.10.15      2048 Bytes  29.07.2010 19:41:14
VBASE031.VDF   : 7.10.10.26    136192 Bytes  01.08.2010 02:03:45
Engineversion  : 8.2.4.32 
AEVDF.DLL      : 8.1.2.1      106868 Bytes  29.07.2010 19:42:37
AESCRIPT.DLL   : 8.1.3.42    1364347 Bytes  29.07.2010 19:42:35
AESCN.DLL      : 8.1.6.1      127347 Bytes  13.05.2010 16:30:34
AESBX.DLL      : 8.1.3.1      254324 Bytes  24.04.2010 14:01:36
AERDL.DLL      : 8.1.8.2      614772 Bytes  20.07.2010 19:42:37
AEPACK.DLL     : 8.2.3.3      471414 Bytes  29.07.2010 19:42:17
AEOFFICE.DLL   : 8.1.1.8      201081 Bytes  21.07.2010 19:40:05
AEHEUR.DLL     : 8.1.2.10    2830711 Bytes  29.07.2010 19:42:10
AEHELP.DLL     : 8.1.13.2     242039 Bytes  20.07.2010 19:41:13
AEGEN.DLL      : 8.1.3.18     393589 Bytes  29.07.2010 19:41:26
AEEMU.DLL      : 8.1.2.0      393588 Bytes  24.04.2010 14:01:34
AECORE.DLL     : 8.1.16.2     192887 Bytes  20.07.2010 19:41:01
AEBB.DLL       : 8.1.1.0       53618 Bytes  24.04.2010 14:01:33
AVWINLL.DLL    : 9.0.0.3       18177 Bytes  12.12.2008 07:47:56
AVPREF.DLL     : 9.0.3.0       44289 Bytes  26.08.2009 14:13:59
AVREP.DLL      : 8.0.0.7      159784 Bytes  01.03.2010 14:32:57
AVREG.DLL      : 9.0.0.0       36609 Bytes  07.11.2008 14:25:04
AVARKT.DLL     : 9.0.0.3      292609 Bytes  24.03.2009 14:05:37
AVEVTLOG.DLL   : 9.0.0.7      167169 Bytes  30.01.2009 09:37:04
SQLITE3.DLL    : 3.6.1.0      326401 Bytes  28.01.2009 14:03:49
SMTPLIB.DLL    : 9.2.0.25      28417 Bytes  02.02.2009 07:21:28
NETNT.DLL      : 9.0.0.0       11521 Bytes  07.11.2008 14:41:21
RCIMAGE.DLL    : 9.0.0.25    2438913 Bytes  15.05.2009 14:35:17
RCTEXT.DLL     : 9.0.73.0      87297 Bytes  13.10.2009 11:19:29

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: c:\program files\avira\antivir desktop\sysscan.avp
Protokollierung.......................: niedrig
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, M:, 
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: mittel

Beginn des Suchlaufs: Montag, 2. August 2010  04:37

Der Suchlauf nach versteckten Objekten wird begonnen.
Es wurden '31514' Objekte überprüft, '0' versteckte Objekte wurden gefunden.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wuauclt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'InputPersonalization.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SwitchBoard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NMIndexingService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'javaw.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ObjectDock.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TeaTimer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ICQ.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'OctoshapeClient.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Bridge.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DTLite.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NMIndexStoreSvr.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCC.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Babylon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'acrotray.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WTMKM.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'DivXUpdate.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'RtHDVCpl.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'WUDFHost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'MOM.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'VCDDaemon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TrueImageMonitor.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'fpassist.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TimounterMonitor.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'schedhlp.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDWinSec.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'atwtusb.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'atwtusb.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TrueImageTryStartService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'IoctlSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NBService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'explorer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'KMService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'srvany.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'dwm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TabTip.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wisptis.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'conhost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'java.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'ICQ Service.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wrapper.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'schedul2.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wisptis.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'audiodg.exe' - '0' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '1' Modul(e) wurden durchsucht
Es wurden '78' Prozesse mit '78' Modulen durchsucht

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD1
    [INFO]      Es wurde kein Virus gefunden!
    [INFO]      Bitte starten Sie den Suchlauf erneut mit Administratorrechten
Masterbootsektor HD2
    [INFO]      Es wurde kein Virus gefunden!
    [INFO]      Bitte starten Sie den Suchlauf erneut mit Administratorrechten
Masterbootsektor HD3
    [INFO]      Es wurde kein Virus gefunden!
    [INFO]      Bitte starten Sie den Suchlauf erneut mit Administratorrechten
Masterbootsektor HD4
    [INFO]      Es wurde kein Virus gefunden!
    [INFO]      Bitte starten Sie den Suchlauf erneut mit Administratorrechten
Masterbootsektor HD5
    [INFO]      Es wurde kein Virus gefunden!
    [INFO]      Bitte starten Sie den Suchlauf erneut mit Administratorrechten

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'M:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '45' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
C:\hiberfil.sys
    [WARNUNG]   Die Datei konnte nicht geöffnet werden!
    [HINWEIS]   Bei dieser Datei handelt es sich um eine Windows Systemdatei.
    [HINWEIS]   Es ist in Ordnung, dass diese Datei für die Suche nicht geöffnet werden kann.
C:\pagefile.sys
    [WARNUNG]   Die Datei konnte nicht geöffnet werden!
    [HINWEIS]   Bei dieser Datei handelt es sich um eine Windows Systemdatei.
    [HINWEIS]   Es ist in Ordnung, dass diese Datei für die Suche nicht geöffnet werden kann.
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
    [FUND]      Ist das Trojanische Pferd TR/Dropper.Gen
C:\Windows\System32\drivers\sptd.sys
    [WARNUNG]   Die Datei konnte nicht geöffnet werden!
Beginne mit der Suche in 'M:\' <Volume>

Beginne mit der Desinfektion:
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
    [FUND]      Ist das Trojanische Pferd TR/Dropper.Gen
    [WARNUNG]   Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26004
    [WARNUNG]   Die Quelldatei konnte nicht gefunden werden.
    [HINWEIS]   Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
    [WARNUNG]   Fehler in der ARK Library
    [HINWEIS]   Die Datei wurde zum Löschen nach einem Neustart markiert.


Ende des Suchlaufs: Montag, 2. August 2010  06:28
Benötigte Zeit:  1:47:48 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  35453 Verzeichnisse wurden überprüft
 914362 Dateien wurden geprüft
      1 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      0 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      3 Dateien konnten nicht durchsucht werden
 914358 Dateien ohne Befall
   6047 Archive wurden durchsucht
      4 Warnungen
      3 Hinweise
  31514 Objekte wurden beim Rootkitscan durchsucht
      0 Versteckte Objekte wurden gefunden
         
Nach dem Scan hatte mich Avira aufgefordert einen Neustart zu machen um denn Trojaner zu entfernen.

Jedoch war er bei nächsten Scan immer noch da. Das ganze habe ich mehr als 3 mal gemacht und habe Avira auch als Administrator gestartet.

Weiterhin habe ich noch diese Scan durfgeführt in dem denken dass diese für euch nützlich sein könnten.
-OTL
Code:
ATTFilter
OTL logfile created on: 02.08.2010 23:56:45 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Privat\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 58,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 260,69 Gb Total Space | 113,53 Gb Free Space | 43,55% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 205,07 Gb Total Space | 156,80 Gb Free Space | 76,46% Space Free | Partition Type: NTFS
 
Computer Name: WINDOWS-6B4ZKFF
Current User Name: Privat
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\Mozilla Firefox 4.0 Beta 2\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox 4.0 Beta 2\plugin-container.exe (Mozilla Corporation)
PRC - C:\Users\Privat\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\KMService.exe ()
PRC - C:\Windows\System32\srvany.exe ()
PRC - C:\Programme\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.)
PRC - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Programme\Java\jre6\bin\javaw.exe (Sun Microsystems, Inc.)
PRC - C:\Windows\System32\java.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Adobe\Adobe Bridge CS5\Bridge.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Windows\System32\atwtusb.exe ()
PRC - C:\Windows\System32\WTMKM.exe ()
PRC - C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wisptis.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Users\Privat\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
PRC - C:\Programme\C2TN\C2TN\wrapper.exe ()
PRC - C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Programme\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe ()
PRC - C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
PRC - C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Programme\Stardock\ObjectDock\ObjectDock.exe (Stardock)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Privat\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Programme\Babylon\Babylon-Pro\captlib.dll (Babylon Ltd.)
MOD - C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
MOD - C:\Programme\Stardock\ObjectDock\DockShellHook.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (KMService) -- C:\Windows\System32\srvany.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (WTService) -- C:\Windows\System32\atwtusb.exe ()
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (osppsvc) -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (C2TNServer) -- C:\Program Files\C2TN\C2TN\wrapper.exe ()
SRV - (TryAndDecideService) -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe ()
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (XDva289) -- C:\Windows\System32\XDva289.sys File not found
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (tifsfilter) -- C:\Windows\System32\drivers\tifsfilt.sys (Acronis)
DRV - (timounter) -- C:\Windows\system32\DRIVERS\timntr.sys (Acronis)
DRV - (snapman) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis)
DRV - (tdrpman) -- C:\Windows\system32\DRIVERS\tdrpman.sys (Acronis)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (vhidmini) -- C:\Windows\System32\drivers\walvhid.sys (Windows (R) Win 7 DDK provider)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (moufiltr) -- C:\Windows\System32\drivers\moufiltr.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (adfs) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (amdide) -- C:\Windows\system32\DRIVERS\amdide.sys (Advanced Micro Devices)
DRV - (rt61x86) -- C:\Windows\System32\drivers\netr61.sys (Ralink Technology Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programme\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/home?AF=475
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programme\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "M2Bar Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "ht**://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=475"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "**w.google.de"
FF - prefs.js..extensions.enabledItems: DTToolb*****lbarnet.com:1.1.1.0014
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..extensions.enabledItems: {0df41d51-d5ab-4f8a-941f-0d1ed6596bc7}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: {5f83fae0-74bd-cc1f-1129-c822d6a4471a}:4.6.6.8
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {d47a9f51-8281-43fa-f450-f28ef8735e9a}:2.0.3
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1
FF - prefs.js..extensions.enabledItems: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}:2.6.0.15
FF - prefs.js..keyword.URL: "****://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010.05.21 20:35:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.08 21:40:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: M:\Neuer Ordner\Desktop II\Mozilla Firefox\components [2010.07.28 16:06:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: M:\Neuer Ordner\Desktop II\Mozilla Firefox\plugins [2010.07.27 12:55:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b2\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 2\components [2010.07.28 16:48:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b2\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 2\plugins
 
[2010.02.22 18:49:47 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\mozilla\Extensions
[2010.07.28 02:10:47 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\mozilla\Firefox\Profiles\uqss2p1b.default\extensions
[2010.03.01 00:12:10 | 000,000,000 | ---D | M] (M2Bar Toolbar) -- C:\Users\Privat\AppData\Roaming\mozilla\Firefox\Profiles\uqss2p1b.default\extensions\{0df41d51-d5ab-4f8a-941f-0d1ed6596bc7}
[2010.07.15 01:00:13 | 000,000,000 | ---D | M] (myBabylon English Toolbar) -- C:\Users\Privat\AppData\Roaming\mozilla\Firefox\Profiles\uqss2p1b.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
[2010.07.10 23:27:18 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Privat\AppData\Roaming\mozilla\Firefox\Profiles\uqss2p1b.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.05.18 12:09:05 | 000,000,000 | ---D | M] (Pixlr Grabber) -- C:\Users\Privat\AppData\Roaming\mozilla\Firefox\Profiles\uqss2p1b.default\extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}
[2010.07.08 20:11:47 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\mozilla\Firefox\Profiles\uqss2p1b.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.03.01 00:03:39 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\mozilla\Firefox\Profiles\uqss2p1b.default\extensions\DTToolbar@toolbarnet.com
[2010.02.13 20:48:12 | 000,000,913 | ---- | M] () -- C:\Users\Privat\AppData\Roaming\Mozilla\FireFox\Profiles\uqss2p1b.default\searchplugins\conduit.xml
[2010.03.01 00:03:34 | 000,002,055 | ---- | M] () -- C:\Users\Privat\AppData\Roaming\Mozilla\FireFox\Profiles\uqss2p1b.default\searchplugins\daemon-search.xml
[2010.02.20 21:30:42 | 000,000,694 | ---- | M] () -- C:\Users\Privat\AppData\Roaming\Mozilla\FireFox\Profiles\uqss2p1b.default\searchplugins\icq-search.xml
[2010.02.23 07:39:01 | 000,000,961 | ---- | M] () -- C:\Users\Privat\AppData\Roaming\Mozilla\FireFox\Profiles\uqss2p1b.default\searchplugins\icqplugin-1.xml
[2010.03.24 16:36:28 | 000,000,950 | ---- | M] () -- C:\Users\Privat\AppData\Roaming\Mozilla\FireFox\Profiles\uqss2p1b.default\searchplugins\icqplugin-2.xml
[2010.03.27 12:50:02 | 000,000,950 | ---- | M] () -- C:\Users\Privat\AppData\Roaming\Mozilla\FireFox\Profiles\uqss2p1b.default\searchplugins\icqplugin-3.xml
[2010.06.23 14:54:29 | 000,000,950 | ---- | M] () -- C:\Users\Privat\AppData\Roaming\Mozilla\FireFox\Profiles\uqss2p1b.default\searchplugins\icqplugin-4.xml
[2010.06.28 01:07:36 | 000,000,950 | ---- | M] () -- C:\Users\Privat\AppData\Roaming\Mozilla\FireFox\Profiles\uqss2p1b.default\searchplugins\icqplugin-5.xml
[2010.07.15 09:35:12 | 000,000,950 | ---- | M] () -- C:\Users\Privat\AppData\Roaming\Mozilla\FireFox\Profiles\uqss2p1b.default\searchplugins\icqplugin-6.xml
[2010.07.25 15:06:17 | 000,000,950 | ---- | M] () -- C:\Users\Privat\AppData\Roaming\Mozilla\FireFox\Profiles\uqss2p1b.default\searchplugins\icqplugin-7.xml
[2008.07.10 14:07:28 | 000,000,944 | ---- | M] () -- C:\Users\Privat\AppData\Roaming\Mozilla\FireFox\Profiles\uqss2p1b.default\searchplugins\icqplugin.xml
[2010.03.27 12:49:30 | 000,000,266 | ---- | M] () -- C:\Users\Privat\AppData\Roaming\Mozilla\FireFox\Profiles\uqss2p1b.default\searchplugins\Search.xml
[2010.03.27 18:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npContribute.dll
 
O1 HOSTS File: ([2010.04.07 21:33:54 | 000,001,285 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com:443
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 192.150.18.108
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com 
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programme\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programme\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programme\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programme\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (myBabylon English Toolbar) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - C:\Programme\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [MacrokeyManager] C:\Windows\System32\WTMKM.exe ()
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKCU..\Run: [AdobeBridge] C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe (Adobe Systems, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [FeedBuster] C:\Program Files\Alnera\FeedBuster\FeedBuster.exe File not found
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\Privat\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Programme\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Se&nd to OneNote - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O13 - gopher Prefix: missing
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab (Java Plug-in 1.5.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Users\Privat\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Privat\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4be2b013-24b5-11df-9ee8-00248c2acaac}\Shell - "" = AutoRun
O33 - MountPoints2\{4be2b013-24b5-11df-9ee8-00248c2acaac}\Shell\AutoRun\command - "" = I:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.02 06:35:14 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2010.08.02 04:51:11 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Privat\Desktop\OTL.exe
[2010.08.02 04:18:21 | 000,000,000 | ---D | C] -- C:\Users\Privat\AppData\Roaming\Malwarebytes
[2010.08.02 04:18:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.02 04:18:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.02 04:18:10 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.08.02 04:18:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.01 08:23:01 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2010.08.01 08:23:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.08.01 08:12:54 | 000,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
[2010.07.28 16:41:33 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox 4.0 Beta 2
[2010.07.24 00:14:06 | 000,000,000 | ---D | C] -- C:\Users\Privat\Desktop\onionhead-291109
[2010.07.24 00:03:12 | 000,000,000 | ---D | C] -- C:\Programme\ICQ-SmileyPackGen
[2010.07.21 23:59:26 | 000,000,000 | ---D | C] -- C:\Programme\RapidShareManager
[2010.07.15 01:00:47 | 000,000,000 | ---D | C] -- C:\Users\Privat\AppData\Local\Babylon
[2010.07.15 01:00:14 | 000,000,000 | ---D | C] -- C:\Programme\Conduit
[2010.07.15 01:00:13 | 000,000,000 | ---D | C] -- C:\Programme\myBabylon_English
[2010.07.15 01:00:11 | 000,000,000 | ---D | C] -- C:\Programme\Babylon
[2010.07.15 00:59:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2010.07.15 00:59:58 | 000,000,000 | ---D | C] -- C:\Users\Privat\AppData\Roaming\Babylon
[2010.07.14 11:04:45 | 000,000,000 | ---D | C] -- C:\Users\Privat\AppData\Local\Octoshape
[2010.07.09 02:15:08 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010.07.09 02:15:08 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010.07.09 02:15:08 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010.07.09 02:12:15 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010.07.09 01:53:57 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Sync Framework
[2010.07.09 01:52:36 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Visual Studio 8
[2010.07.09 01:51:56 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Analysis Services
[2010.07.09 00:57:35 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010.07.09 00:57:33 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010.07.09 00:57:32 | 000,133,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecpkg.sys
[2010.07.09 00:57:30 | 002,326,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.07.09 00:57:28 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2010.07.09 00:57:28 | 000,507,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2010.07.09 00:57:28 | 000,442,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2010.07.09 00:57:27 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010.07.09 00:57:24 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010.07.09 00:57:22 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2010.07.09 00:57:22 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010.07.09 00:57:22 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2010.07.09 00:57:22 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010.07.09 00:57:22 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010.07.09 00:57:21 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010.07.09 00:57:19 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.07.09 00:57:17 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.07.09 00:57:16 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010.07.09 00:57:16 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.07.09 00:57:16 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.07.09 00:57:16 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.07.09 00:57:15 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010.07.09 00:57:15 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010.07.09 00:57:14 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.07.09 00:57:14 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.07.09 00:57:14 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.07.09 00:57:13 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010.07.09 00:57:13 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010.07.09 00:57:13 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010.07.09 00:57:13 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010.07.09 00:57:13 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010.07.09 00:57:13 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010.07.09 00:57:12 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010.07.09 00:57:12 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010.07.09 00:57:10 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.07.09 00:56:58 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.07.09 00:56:58 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.07.09 00:56:58 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.07.09 00:45:10 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Synchronization Services
[2010.07.09 00:45:08 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DESIGNER
[2010.07.09 00:44:50 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010.07.09 00:44:50 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET
[2010.07.09 00:44:50 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft SQL Server Compact Edition
[2010.07.09 00:43:38 | 000,000,000 | ---D | C] -- C:\Users\Privat\AppData\Local\Microsoft Help
[2010.07.09 00:43:32 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office
[2010.07.09 00:43:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010.07.09 00:42:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2010.07.08 22:36:13 | 000,000,000 | ---D | C] -- C:\Users\Privat\Documents\Fragmente
[2010.07.08 21:40:40 | 000,045,392 | R--- | C] (Adobe Systems Inc) -- C:\Windows\System32\AdobePDF.dll
[2010.07.08 21:40:40 | 000,022,872 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\System32\AdobePDFUI.dll
[2010.07.06 20:12:26 | 000,000,000 | ---D | C] -- C:\Programme\Activision
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.02 23:57:01 | 007,077,888 | -HS- | M] () -- C:\Users\Privat\NTUSER.DAT
[2010.08.02 12:19:47 | 000,010,288 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.02 12:19:47 | 000,010,288 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.02 06:30:55 | 000,000,432 | ---- | M] () -- C:\Windows\win.ini
[2010.08.02 06:30:46 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.02 06:30:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.02 06:30:38 | 1609,965,568 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.02 06:29:20 | 001,310,574 | -H-- | M] () -- C:\Users\Privat\AppData\Local\IconCache.db
[2010.08.02 04:18:15 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.01 11:23:32 | 000,000,181 | ---- | M] () -- C:\Windows\wininit.ini
[2010.08.01 08:23:12 | 000,001,216 | ---- | M] () -- C:\Users\Privat\Desktop\Spybot - Search & Destroy.lnk
[2010.07.31 23:03:11 | 000,003,964 | ---- | M] () -- C:\Users\Privat\Desktop\Stammbaumv1.ged
[2010.07.31 23:03:10 | 000,003,964 | ---- | M] () -- C:\Users\Privat\Desktop\Stammbaumv1.ged.backup
[2010.07.31 05:43:49 | 000,000,802 | ---- | M] () -- C:\Users\Public\Desktop\Ages!.lnk
[2010.07.28 16:48:42 | 000,002,077 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 2.lnk
[2010.07.28 02:46:44 | 001,539,546 | ---- | M] () -- C:\Users\Privat\Desktop\B e w e r b u n g2.docx
[2010.07.28 02:45:36 | 000,370,158 | ---- | M] () -- C:\Users\Privat\Desktop\Bewerbung - Fachpraktikum (1).pdf
[2010.07.27 12:55:45 | 000,000,946 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.07.24 00:32:29 | 000,000,556 | ---- | M] () -- C:\Users\Privat\Desktop\currentversion.ini
[2010.07.24 00:23:39 | 002,161,802 | ---- | M] () -- C:\newsmilies.zip
[2010.07.24 00:03:13 | 000,000,722 | ---- | M] () -- C:\Users\Privat\Desktop\ICQ6.5 SmileyPackGen.lnk
[2010.07.23 23:43:08 | 000,000,132 | ---- | M] () -- C:\Users\Privat\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010.07.23 23:41:31 | 000,000,132 | ---- | M] () -- C:\Users\Privat\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010.07.18 06:45:23 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Privat\Desktop\OTL.exe
[2010.07.15 01:00:17 | 000,001,103 | ---- | M] () -- C:\Users\Public\Desktop\Babylon.lnk
[2010.07.13 17:50:33 | 001,568,256 | ---- | M] () -- C:\Users\Privat\Desktop\Bewerbung - E.ON.doc
[2010.07.09 13:08:42 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.07.09 12:59:02 | 001,480,600 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.07.09 12:59:02 | 000,647,128 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.07.09 12:59:02 | 000,609,896 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.07.09 12:59:02 | 000,127,206 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.07.09 12:59:02 | 000,104,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.07.09 11:53:28 | 000,114,272 | ---- | M] () -- C:\Users\Privat\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.07.09 11:50:36 | 003,787,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.07.09 00:52:46 | 000,151,552 | ---- | M] () -- C:\Windows\KMService.exe
[2010.07.09 00:52:46 | 000,008,192 | ---- | M] () -- C:\Windows\System32\srvany.exe
[2010.07.08 21:40:02 | 000,001,997 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat 9 Pro Extended.lnk
[2010.07.08 18:02:25 | 000,051,819 | ---- | M] () -- C:\Users\Privat\Desktop\Merkblatt zur Fachpraktischen Ausbildung.pdf
[2010.07.07 16:27:33 | 000,078,881 | ---- | M] () -- C:\Users\Privat\Desktop\Vereinbarung zur Fachpraktischen Ausbildung.pdf
[2010.07.07 15:45:20 | 000,253,937 | ---- | M] () -- C:\Users\Privat\Desktop\Bewerbung - Ausbildung zum Industriekaufmann.pdf
[2010.07.06 23:02:37 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty Modern Warfare 2 SP.lnk
[2010.07.06 23:02:37 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty Modern Warfare 2 MP.lnk
[2010.07.05 14:11:00 | 002,807,254 | ---- | M] () -- C:\Users\Privat\Desktop\P1000095.BMP
 
========== Files Created - No Company Name ==========
 
[2010.08.02 04:18:15 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.01 11:23:32 | 000,000,181 | ---- | C] () -- C:\Windows\wininit.ini
[2010.08.01 08:23:12 | 000,001,216 | ---- | C] () -- C:\Users\Privat\Desktop\Spybot - Search & Destroy.lnk
[2010.07.31 06:01:27 | 000,003,964 | ---- | C] () -- C:\Users\Privat\Desktop\Stammbaumv1.ged.backup
[2010.07.31 06:01:27 | 000,003,964 | ---- | C] () -- C:\Users\Privat\Desktop\Stammbaumv1.ged
[2010.07.31 05:43:49 | 000,000,802 | ---- | C] () -- C:\Users\Public\Desktop\Ages!.lnk
[2010.07.28 16:41:38 | 000,002,077 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 2.lnk
[2010.07.28 02:45:32 | 000,370,158 | ---- | C] () -- C:\Users\Privat\Desktop\Bewerbung - Fachpraktikum (1).pdf
[2010.07.28 02:19:12 | 001,539,546 | ---- | C] () -- C:\Users\Privat\Desktop\B e w e r b u n g2.docx
[2010.07.24 00:23:34 | 002,161,802 | ---- | C] () -- C:\newsmilies.zip
[2010.07.24 00:03:20 | 000,000,556 | ---- | C] () -- C:\Users\Privat\Desktop\currentversion.ini
[2010.07.24 00:03:13 | 000,000,722 | ---- | C] () -- C:\Users\Privat\Desktop\ICQ6.5 SmileyPackGen.lnk
[2010.07.24 00:02:52 | 001,868,662 | ---- | C] () -- C:\Users\Privat\Desktop\installer.exe
[2010.07.23 23:43:08 | 000,000,132 | ---- | C] () -- C:\Users\Privat\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010.07.23 23:41:31 | 000,000,132 | ---- | C] () -- C:\Users\Privat\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010.07.22 00:01:53 | 2337,865,728 | ---- | C] () -- C:\Users\Privat\Desktop\win7-32bit.iso
[2010.07.15 01:00:01 | 000,001,103 | ---- | C] () -- C:\Users\Public\Desktop\Babylon.lnk
[2010.07.09 00:53:33 | 000,151,552 | ---- | C] () -- C:\Windows\KMService.exe
[2010.07.09 00:53:33 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2010.07.08 21:40:02 | 000,001,997 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat 9 Pro Extended.lnk
[2010.07.08 18:02:25 | 000,051,819 | ---- | C] () -- C:\Users\Privat\Desktop\Merkblatt zur Fachpraktischen Ausbildung.pdf
[2010.07.07 17:06:37 | 001,568,256 | ---- | C] () -- C:\Users\Privat\Desktop\Bewerbung - E.ON.doc
[2010.07.07 16:27:33 | 000,078,881 | ---- | C] () -- C:\Users\Privat\Desktop\Vereinbarung zur Fachpraktischen Ausbildung.pdf
[2010.07.07 15:45:20 | 000,253,937 | ---- | C] () -- C:\Users\Privat\Desktop\Bewerbung - Ausbildung zum Industriekaufmann.pdf
[2010.07.06 23:02:37 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty Modern Warfare 2 SP.lnk
[2010.07.06 23:02:37 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty Modern Warfare 2 MP.lnk
[2010.07.05 14:12:04 | 002,807,254 | ---- | C] () -- C:\Users\Privat\Desktop\P1000095.BMP
[2010.06.17 22:09:02 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.05.25 16:06:57 | 000,180,224 | ---- | C] () -- C:\Windows\System32\ATWTINK.DLL
[2010.05.25 16:06:56 | 000,010,513 | ---- | C] () -- C:\Windows\System32\Default_3.ini
[2010.05.25 16:06:56 | 000,010,251 | ---- | C] () -- C:\Windows\System32\Default_2.ini
[2010.05.25 16:06:56 | 000,009,868 | ---- | C] () -- C:\Windows\System32\Default_1.ini
[2010.05.25 16:06:56 | 000,008,229 | ---- | C] () -- C:\Windows\aiptbl.ini
[2010.05.25 16:06:56 | 000,000,738 | ---- | C] () -- C:\Windows\System32\MKProfile.ini
[2010.05.16 21:37:55 | 000,000,032 | ---- | C] () -- C:\Windows\tdlp32.ini
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.03.01 00:03:05 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010.02.21 11:25:20 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2010.02.20 22:05:25 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.02.16 18:58:52 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.01.05 15:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
< End of report >
         

Alt 02.08.2010, 23:36   #2
Sloth
 
TR/Dropper.gen in C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb - Standard

TR/Dropper.gen in C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb



extra
Code:
ATTFilter
OTL logfile created on: 02.08.2010 23:56:45 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\Privat\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 45,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 58,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 260,69 Gb Total Space | 113,53 Gb Free Space | 43,55% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive M: | 205,07 Gb Total Space | 156,80 Gb Free Space | 76,46% Space Free | Partition Type: NTFS
 
Computer Name: WINDOWS-6B4ZKFF
Current User Name: Privat
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\Mozilla Firefox 4.0 Beta 2\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox 4.0 Beta 2\plugin-container.exe (Mozilla Corporation)
PRC - C:\Users\Privat\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\KMService.exe ()
PRC - C:\Windows\System32\srvany.exe ()
PRC - C:\Programme\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.)
PRC - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
PRC - C:\Programme\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Programme\Microsoft Office\Office14\OUTLOOK.EXE (Microsoft Corporation)
PRC - C:\Programme\Java\jre6\bin\javaw.exe (Sun Microsystems, Inc.)
PRC - C:\Windows\System32\java.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Adobe\Adobe Bridge CS5\Bridge.exe (Adobe Systems, Inc.)
PRC - C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Windows\System32\atwtusb.exe ()
PRC - C:\Windows\System32\WTMKM.exe ()
PRC - C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Windows\System32\wisptis.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\ink\TabTip.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Programme\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Users\Privat\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
PRC - C:\Programme\C2TN\C2TN\wrapper.exe ()
PRC - C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Programme\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe ()
PRC - C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
PRC - C:\Programme\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Programme\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Programme\Stardock\ObjectDock\ObjectDock.exe (Stardock)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Privat\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Programme\Babylon\Babylon-Pro\captlib.dll (Babylon Ltd.)
MOD - C:\Programme\Common Files\microsoft shared\ink\tiptsf.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
MOD - C:\Programme\Stardock\ObjectDock\DockShellHook.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (KMService) -- C:\Windows\System32\srvany.exe ()
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (WTService) -- C:\Windows\System32\atwtusb.exe ()
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (osppsvc) -- C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ICQ Service) -- C:\Programme\ICQ6Toolbar\ICQ Service.exe ()
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (C2TNServer) -- C:\Program Files\C2TN\C2TN\wrapper.exe ()
SRV - (TryAndDecideService) -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe ()
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (XDva289) -- C:\Windows\System32\XDva289.sys File not found
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (tifsfilter) -- C:\Windows\System32\drivers\tifsfilt.sys (Acronis)
DRV - (timounter) -- C:\Windows\system32\DRIVERS\timntr.sys (Acronis)
DRV - (snapman) -- C:\Windows\system32\DRIVERS\snapman.sys (Acronis)
DRV - (tdrpman) -- C:\Windows\system32\DRIVERS\tdrpman.sys (Acronis)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atipmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (ElbyCDIO) -- C:\Windows\System32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (vhidmini) -- C:\Windows\System32\drivers\walvhid.sys (Windows (R) Win 7 DDK provider)
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (moufiltr) -- C:\Windows\System32\drivers\moufiltr.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (adfs) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\system32\DRIVERS\AtiPcie.sys (ATI Technologies Inc.)
DRV - (amdide) -- C:\Windows\system32\DRIVERS\amdide.sys (Advanced Micro Devices)
DRV - (rt61x86) -- C:\Windows\System32\drivers\netr61.sys (Ralink Technology Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programme\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/home?AF=475
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programme\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "M2Bar Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "h***://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=475"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: DTToolbar*toolbarnet.com:1.1.1.0014
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5
FF - prefs.js..extensions.enabledItems: {0df41d51-d5ab-4f8a-941f-0d1ed6596bc7}:2.5.6.0
FF - prefs.js..extensions.enabledItems: {B13721C7-F507-4982-B2E5-502A71474FED}:2.2.0.102
FF - prefs.js..extensions.enabledItems: {5f83fae0-74bd-cc1f-1129-c822d6a4471a}:4.6.6.8
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.1
FF - prefs.js..extensions.enabledItems: {d47a9f51-8281-43fa-f450-f28ef8735e9a}:2.0.3
FF - prefs.js..extensions.enabledItems: {01A8CA0A-4C96-465b-A49B-65C46FAD54F9}:6.0
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.1
FF - prefs.js..extensions.enabledItems: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}:2.6.0.15
FF - prefs.js..keyword.URL: "h***://search.icq.com/search/afe_results.php?ch_id=afex&q="
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2010.05.21 20:35:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.08 21:40:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: M:\Neuer Ordner\Desktop II\Mozilla Firefox\components [2010.07.28 16:06:25 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: M:\Neuer Ordner\Desktop II\Mozilla Firefox\plugins [2010.07.27 12:55:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b2\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 2\components [2010.07.28 16:48:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b2\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 2\plugins
 
[2010.02.22 18:49:47 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\mozilla\Extensions
[2010.07.28 02:10:47 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\mozilla\Firefox\Profiles\uqss2p1b.default\extensions
[2010.03.01 00:12:10 | 000,000,000 | ---D | M] (M2Bar Toolbar) -- C:\Users\Privat\AppData\Roaming\mozilla\Firefox\Profiles\uqss2p1b.default\extensions\{0df41d51-d5ab-4f8a-941f-0d1ed6596bc7}
[2010.07.15 01:00:13 | 000,000,000 | ---D | M] (myBabylon English Toolbar) -- C:\Users\Privat\AppData\Roaming\mozilla\Firefox\Profiles\uqss2p1b.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
[2010.07.10 23:27:18 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Privat\AppData\Roaming\mozilla\Firefox\Profiles\uqss2p1b.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.05.18 12:09:05 | 000,000,000 | ---D | M] (Pixlr Grabber) -- C:\Users\Privat\AppData\Roaming\mozilla\Firefox\Profiles\uqss2p1b.default\extensions\{d47a9f51-8281-43fa-f450-f28ef8735e9a}
[2010.07.08 20:11:47 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\mozilla\Firefox\Profiles\uqss2p1b.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2010.03.01 00:03:39 | 000,000,000 | ---D | M] -- C:\Users\Privat\AppData\Roaming\mozilla\Firefox\Profiles\uqss2p1b.default\extensions\DTToolbar@toolbarnet.com
[2010.02.13 20:48:12 | 000,000,913 | ---- | M] () -- C:\Users\Privat\AppData\Roaming\Mozilla\FireFox\Profiles\uqss2p1b.default\searchplugins\conduit.xml
[2010.03.01 00:03:34 | 000,002,055 | ---- | M] () -- C:\Users\Privat\AppData\Roaming\Mozilla\FireFox\Profiles\uqss2p1b.default\searchplugins\daemon-search.xml
[2010.02.20 21:30:42 | 000,000,694 | ---- | M] () -- C:\Users\Privat\AppData\Roaming\Mozilla\FireFox\Profiles\uqss2p1b.default\searchplugins\icq-search.xml
[2010.02.23 07:39:01 | 000,000,961 | ---- | M] () -- C:\Users\Privat\AppData\Roaming\Mozilla\FireFox\Profiles\uqss2p1b.default\searchplugins\icqplugin-1.xml
[2010.03.24 16:36:28 | 000,000,950 | ---- | M] () -- C:\Users\Privat\AppData\Roaming\Mozilla\FireFox\Profiles\uqss2p1b.default\searchplugins\icqplugin-2.xml
[2010.03.27 12:50:02 | 000,000,950 | ---- | M] () -- C:\Users\Privat\AppData\Roaming\Mozilla\FireFox\Profiles\uqss2p1b.default\searchplugins\icqplugin-3.xml
[2010.06.23 14:54:29 | 000,000,950 | ---- | M] () -- C:\Users\Privat\AppData\Roaming\Mozilla\FireFox\Profiles\uqss2p1b.default\searchplugins\icqplugin-4.xml
[2010.06.28 01:07:36 | 000,000,950 | ---- | M] () -- C:\Users\Privat\AppData\Roaming\Mozilla\FireFox\Profiles\uqss2p1b.default\searchplugins\icqplugin-5.xml
[2010.07.15 09:35:12 | 000,000,950 | ---- | M] () -- C:\Users\Privat\AppData\Roaming\Mozilla\FireFox\Profiles\uqss2p1b.default\searchplugins\icqplugin-6.xml
[2010.07.25 15:06:17 | 000,000,950 | ---- | M] () -- C:\Users\Privat\AppData\Roaming\Mozilla\FireFox\Profiles\uqss2p1b.default\searchplugins\icqplugin-7.xml
[2008.07.10 14:07:28 | 000,000,944 | ---- | M] () -- C:\Users\Privat\AppData\Roaming\Mozilla\FireFox\Profiles\uqss2p1b.default\searchplugins\icqplugin.xml
[2010.03.27 12:49:30 | 000,000,266 | ---- | M] () -- C:\Users\Privat\AppData\Roaming\Mozilla\FireFox\Profiles\uqss2p1b.default\searchplugins\Search.xml
[2010.03.27 18:06:04 | 000,067,032 | ---- | M] (Adobe Systems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npContribute.dll
 
O1 HOSTS File: ([2010.04.07 21:33:54 | 000,001,285 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com:443
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 192.150.18.108
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com 
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Programme\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Babylon IE plugin) - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Programme\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programme\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Programme\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (myBabylon English Toolbar) - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Programme\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Programme\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (myBabylon English Toolbar) - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} - C:\Programme\myBabylon_English\tbmyBa.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe (Babylon Ltd.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [MacrokeyManager] C:\Windows\System32\WTMKM.exe ()
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [VirtualCloneDrive] C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe (Elaborate Bytes AG)
O4 - HKCU..\Run: [AdobeBridge] C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe (Adobe Systems, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [FeedBuster] C:\Program Files\Alnera\FeedBuster\FeedBuster.exe File not found
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ7.0\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\Privat\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Privat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk = C:\Programme\Stardock\ObjectDock\ObjectDock.exe (Stardock)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Se&nd to OneNote - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Translate this web page with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O8 - Extra context menu item: Translate with Babylon - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Programme\ICQ7.0\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Programme\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O13 - gopher Prefix: missing
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab (BDSCANONLINE Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_01-windows-i586.cab (Java Plug-in 1.5.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\System32\acaptuser32.dll (Adobe Systems, Inc.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O24 - Desktop WallPaper: C:\Users\Privat\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Privat\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{4be2b013-24b5-11df-9ee8-00248c2acaac}\Shell - "" = AutoRun
O33 - MountPoints2\{4be2b013-24b5-11df-9ee8-00248c2acaac}\Shell\AutoRun\command - "" = I:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (MACHINE BootExecut) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.02 06:35:14 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2010.08.02 04:51:11 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\Privat\Desktop\OTL.exe
[2010.08.02 04:18:21 | 000,000,000 | ---D | C] -- C:\Users\Privat\AppData\Roaming\Malwarebytes
[2010.08.02 04:18:12 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.02 04:18:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.02 04:18:10 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.08.02 04:18:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.01 08:23:01 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2010.08.01 08:23:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2010.08.01 08:12:54 | 000,000,000 | ---D | C] -- C:\Windows\BDOSCAN8
[2010.07.28 16:41:33 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox 4.0 Beta 2
[2010.07.24 00:14:06 | 000,000,000 | ---D | C] -- C:\Users\Privat\Desktop\onionhead-291109
[2010.07.24 00:03:12 | 000,000,000 | ---D | C] -- C:\Programme\ICQ-SmileyPackGen
[2010.07.21 23:59:26 | 000,000,000 | ---D | C] -- C:\Programme\RapidShareManager
[2010.07.15 01:00:47 | 000,000,000 | ---D | C] -- C:\Users\Privat\AppData\Local\Babylon
[2010.07.15 01:00:14 | 000,000,000 | ---D | C] -- C:\Programme\Conduit
[2010.07.15 01:00:13 | 000,000,000 | ---D | C] -- C:\Programme\myBabylon_English
[2010.07.15 01:00:11 | 000,000,000 | ---D | C] -- C:\Programme\Babylon
[2010.07.15 00:59:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2010.07.15 00:59:58 | 000,000,000 | ---D | C] -- C:\Users\Privat\AppData\Roaming\Babylon
[2010.07.14 11:04:45 | 000,000,000 | ---D | C] -- C:\Users\Privat\AppData\Local\Octoshape
[2010.07.09 02:15:08 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010.07.09 02:15:08 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010.07.09 02:15:08 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010.07.09 02:12:15 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browserchoice.exe
[2010.07.09 01:53:57 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Sync Framework
[2010.07.09 01:52:36 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Visual Studio 8
[2010.07.09 01:51:56 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Analysis Services
[2010.07.09 00:57:35 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2010.07.09 00:57:33 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\lsasrv.dll
[2010.07.09 00:57:32 | 000,133,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ksecpkg.sys
[2010.07.09 00:57:30 | 002,326,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.07.09 00:57:28 | 001,320,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CertEnroll.dll
[2010.07.09 00:57:28 | 000,507,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2010.07.09 00:57:28 | 000,442,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2010.07.09 00:57:27 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2010.07.09 00:57:24 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010.07.09 00:57:22 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll
[2010.07.09 00:57:22 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\psisdecd.dll
[2010.07.09 00:57:22 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll
[2010.07.09 00:57:22 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax
[2010.07.09 00:57:22 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax
[2010.07.09 00:57:21 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2010.07.09 00:57:19 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\t2embed.dll
[2010.07.09 00:57:17 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.07.09 00:57:16 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2010.07.09 00:57:16 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.07.09 00:57:16 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.07.09 00:57:16 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.07.09 00:57:15 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\avifil32.dll
[2010.07.09 00:57:15 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mciavi32.dll
[2010.07.09 00:57:14 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.07.09 00:57:14 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.07.09 00:57:14 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2010.07.09 00:57:13 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc.dll
[2010.07.09 00:57:13 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_isv.dll
[2010.07.09 00:57:13 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_isv.exe
[2010.07.09 00:57:13 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate.exe
[2010.07.09 00:57:13 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp_isv.dll
[2010.07.09 00:57:13 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\secproc_ssp.dll
[2010.07.09 00:57:12 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp.exe
[2010.07.09 00:57:12 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RMActivate_ssp_isv.exe
[2010.07.09 00:57:10 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2010.07.09 00:56:58 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010.07.09 00:56:58 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fontsub.dll
[2010.07.09 00:56:58 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010.07.09 00:45:10 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Synchronization Services
[2010.07.09 00:45:08 | 000,000,000 | ---D | C] -- C:\Programme\Common Files\DESIGNER
[2010.07.09 00:44:50 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010.07.09 00:44:50 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft.NET
[2010.07.09 00:44:50 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft SQL Server Compact Edition
[2010.07.09 00:43:38 | 000,000,000 | ---D | C] -- C:\Users\Privat\AppData\Local\Microsoft Help
[2010.07.09 00:43:32 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft Office
[2010.07.09 00:43:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010.07.09 00:42:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2010.07.08 22:36:13 | 000,000,000 | ---D | C] -- C:\Users\Privat\Documents\Fragmente
[2010.07.08 21:40:40 | 000,045,392 | R--- | C] (Adobe Systems Inc) -- C:\Windows\System32\AdobePDF.dll
[2010.07.08 21:40:40 | 000,022,872 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\System32\AdobePDFUI.dll
[2010.07.06 20:12:26 | 000,000,000 | ---D | C] -- C:\Programme\Activision
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.02 23:57:01 | 007,077,888 | -HS- | M] () -- C:\Users\Privat\NTUSER.DAT
[2010.08.02 12:19:47 | 000,010,288 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.02 12:19:47 | 000,010,288 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.02 06:30:55 | 000,000,432 | ---- | M] () -- C:\Windows\win.ini
[2010.08.02 06:30:46 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.02 06:30:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.02 06:30:38 | 1609,965,568 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.02 06:29:20 | 001,310,574 | -H-- | M] () -- C:\Users\Privat\AppData\Local\IconCache.db
[2010.08.02 04:18:15 | 000,000,979 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.01 11:23:32 | 000,000,181 | ---- | M] () -- C:\Windows\wininit.ini
[2010.08.01 08:23:12 | 000,001,216 | ---- | M] () -- C:\Users\Privat\Desktop\Spybot - Search & Destroy.lnk
[2010.07.31 23:03:11 | 000,003,964 | ---- | M] () -- C:\Users\Privat\Desktop\Stammbaumv1.ged
[2010.07.31 23:03:10 | 000,003,964 | ---- | M] () -- C:\Users\Privat\Desktop\Stammbaumv1.ged.backup
[2010.07.31 05:43:49 | 000,000,802 | ---- | M] () -- C:\Users\Public\Desktop\Ages!.lnk
[2010.07.28 16:48:42 | 000,002,077 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 2.lnk
[2010.07.28 02:46:44 | 001,539,546 | ---- | M] () -- C:\Users\Privat\Desktop\B e w e r b u n g2.docx
[2010.07.28 02:45:36 | 000,370,158 | ---- | M] () -- C:\Users\Privat\Desktop\Bewerbung - Fachpraktikum (1).pdf
[2010.07.27 12:55:45 | 000,000,946 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010.07.24 00:32:29 | 000,000,556 | ---- | M] () -- C:\Users\Privat\Desktop\currentversion.ini
[2010.07.24 00:23:39 | 002,161,802 | ---- | M] () -- C:\newsmilies.zip
[2010.07.24 00:03:13 | 000,000,722 | ---- | M] () -- C:\Users\Privat\Desktop\ICQ6.5 SmileyPackGen.lnk
[2010.07.23 23:43:08 | 000,000,132 | ---- | M] () -- C:\Users\Privat\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010.07.23 23:41:31 | 000,000,132 | ---- | M] () -- C:\Users\Privat\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010.07.18 06:45:23 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\Privat\Desktop\OTL.exe
[2010.07.15 01:00:17 | 000,001,103 | ---- | M] () -- C:\Users\Public\Desktop\Babylon.lnk
[2010.07.13 17:50:33 | 001,568,256 | ---- | M] () -- C:\Users\Privat\Desktop\Bewerbung - E.ON.doc
[2010.07.09 13:08:42 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2010.07.09 12:59:02 | 001,480,600 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.07.09 12:59:02 | 000,647,128 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.07.09 12:59:02 | 000,609,896 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.07.09 12:59:02 | 000,127,206 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.07.09 12:59:02 | 000,104,214 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.07.09 11:53:28 | 000,114,272 | ---- | M] () -- C:\Users\Privat\AppData\Local\GDIPFONTCACHEV1.DAT
[2010.07.09 11:50:36 | 003,787,040 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.07.09 00:52:46 | 000,151,552 | ---- | M] () -- C:\Windows\KMService.exe
[2010.07.09 00:52:46 | 000,008,192 | ---- | M] () -- C:\Windows\System32\srvany.exe
[2010.07.08 21:40:02 | 000,001,997 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Acrobat 9 Pro Extended.lnk
[2010.07.08 18:02:25 | 000,051,819 | ---- | M] () -- C:\Users\Privat\Desktop\Merkblatt zur Fachpraktischen Ausbildung.pdf
[2010.07.07 16:27:33 | 000,078,881 | ---- | M] () -- C:\Users\Privat\Desktop\Vereinbarung zur Fachpraktischen Ausbildung.pdf
[2010.07.07 15:45:20 | 000,253,937 | ---- | M] () -- C:\Users\Privat\Desktop\Bewerbung - Ausbildung zum Industriekaufmann.pdf
[2010.07.06 23:02:37 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty Modern Warfare 2 SP.lnk
[2010.07.06 23:02:37 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty Modern Warfare 2 MP.lnk
[2010.07.05 14:11:00 | 002,807,254 | ---- | M] () -- C:\Users\Privat\Desktop\P1000095.BMP
 
========== Files Created - No Company Name ==========
 
[2010.08.02 04:18:15 | 000,000,979 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.01 11:23:32 | 000,000,181 | ---- | C] () -- C:\Windows\wininit.ini
[2010.08.01 08:23:12 | 000,001,216 | ---- | C] () -- C:\Users\Privat\Desktop\Spybot - Search & Destroy.lnk
[2010.07.31 06:01:27 | 000,003,964 | ---- | C] () -- C:\Users\Privat\Desktop\Stammbaumv1.ged.backup
[2010.07.31 06:01:27 | 000,003,964 | ---- | C] () -- C:\Users\Privat\Desktop\Stammbaumv1.ged
[2010.07.31 05:43:49 | 000,000,802 | ---- | C] () -- C:\Users\Public\Desktop\Ages!.lnk
[2010.07.28 16:41:38 | 000,002,077 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 2.lnk
[2010.07.28 02:45:32 | 000,370,158 | ---- | C] () -- C:\Users\Privat\Desktop\Bewerbung - Fachpraktikum (1).pdf
[2010.07.28 02:19:12 | 001,539,546 | ---- | C] () -- C:\Users\Privat\Desktop\B e w e r b u n g2.docx
[2010.07.24 00:23:34 | 002,161,802 | ---- | C] () -- C:\newsmilies.zip
[2010.07.24 00:03:20 | 000,000,556 | ---- | C] () -- C:\Users\Privat\Desktop\currentversion.ini
[2010.07.24 00:03:13 | 000,000,722 | ---- | C] () -- C:\Users\Privat\Desktop\ICQ6.5 SmileyPackGen.lnk
[2010.07.24 00:02:52 | 001,868,662 | ---- | C] () -- C:\Users\Privat\Desktop\installer.exe
[2010.07.23 23:43:08 | 000,000,132 | ---- | C] () -- C:\Users\Privat\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010.07.23 23:41:31 | 000,000,132 | ---- | C] () -- C:\Users\Privat\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010.07.22 00:01:53 | 2337,865,728 | ---- | C] () -- C:\Users\Privat\Desktop\win7-32bit.iso
[2010.07.15 01:00:01 | 000,001,103 | ---- | C] () -- C:\Users\Public\Desktop\Babylon.lnk
[2010.07.09 00:53:33 | 000,151,552 | ---- | C] () -- C:\Windows\KMService.exe
[2010.07.09 00:53:33 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2010.07.08 21:40:02 | 000,001,997 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Acrobat 9 Pro Extended.lnk
[2010.07.08 18:02:25 | 000,051,819 | ---- | C] () -- C:\Users\Privat\Desktop\Merkblatt zur Fachpraktischen Ausbildung.pdf
[2010.07.07 17:06:37 | 001,568,256 | ---- | C] () -- C:\Users\Privat\Desktop\Bewerbung - E.ON.doc
[2010.07.07 16:27:33 | 000,078,881 | ---- | C] () -- C:\Users\Privat\Desktop\Vereinbarung zur Fachpraktischen Ausbildung.pdf
[2010.07.07 15:45:20 | 000,253,937 | ---- | C] () -- C:\Users\Privat\Desktop\Bewerbung - Ausbildung zum Industriekaufmann.pdf
[2010.07.06 23:02:37 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty Modern Warfare 2 SP.lnk
[2010.07.06 23:02:37 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty Modern Warfare 2 MP.lnk
[2010.07.05 14:12:04 | 002,807,254 | ---- | C] () -- C:\Users\Privat\Desktop\P1000095.BMP
[2010.06.17 22:09:02 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.05.25 16:06:57 | 000,180,224 | ---- | C] () -- C:\Windows\System32\ATWTINK.DLL
[2010.05.25 16:06:56 | 000,010,513 | ---- | C] () -- C:\Windows\System32\Default_3.ini
[2010.05.25 16:06:56 | 000,010,251 | ---- | C] () -- C:\Windows\System32\Default_2.ini
[2010.05.25 16:06:56 | 000,009,868 | ---- | C] () -- C:\Windows\System32\Default_1.ini
[2010.05.25 16:06:56 | 000,008,229 | ---- | C] () -- C:\Windows\aiptbl.ini
[2010.05.25 16:06:56 | 000,000,738 | ---- | C] () -- C:\Windows\System32\MKProfile.ini
[2010.05.16 21:37:55 | 000,000,032 | ---- | C] () -- C:\Windows\tdlp32.ini
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2010.03.01 00:03:05 | 000,691,696 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010.02.21 11:25:20 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2010.02.20 22:05:25 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2010.02.16 18:58:52 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009.01.05 15:44:10 | 000,000,453 | ---- | C] () -- C:\Windows\bdoscandellang.ini
< End of report >
         
-Hijack This
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:03:27, on 03.08.2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
C:\Program Files\FreePDF_XP\fpassist.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\System32\WTMKM.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\Babylon\Babylon-Pro\Babylon.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\Privat\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files\ICQ7.0\ICQ.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 2\firefox.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 2\plugin-container.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Users\Privat\Desktop\OTL.exe
C:\Windows\notepad.exe
C:\Windows\notepad.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/home?AF=475
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h***://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) -  - (no file)
R3 - URLSearchHook: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
O1 - Hosts: ::1 localhost
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyBa.dll
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [MacrokeyManager] WTMKM.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
O4 - HKCU\..\Run: [FeedBuster] "C:\Program Files\Alnera\FeedBuster\FeedBuster.exe"
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [AdobeBridge] "C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe" -stealth
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\Privat\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.0\ICQ.exe" silent loginmode=4
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: C2TN.lnk = C:\Program Files\C2TN\C2TN\StartClient.exe
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe
O9 - Extra button: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7 - {88EB38EF-4D2C-436D-ABD3-56B232674062} - C:\Program Files\ICQ7.0\ICQ.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - hxxp://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: C2TNServer - Unknown owner - C:\Program Files\C2TN\C2TN\wrapper.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
O23 - Service: WTService - Unknown owner - C:\Windows\system32\atwtusb.exe

--
End of file - 14643 bytes
         
-Malwarebytes
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
ww*.malwarebytes.org

Datenbank Version: 4378

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

02.08.2010 04:28:35
mbam-log-2010-08-02 (04-28-35).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 146422
Laufzeit: 6 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 3
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 9
Infizierte Dateien: 43

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{5c026fd8-4021-75c5-673f-f6b4d1c16a04} (Adware.LoudMo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\flv direct player (Adware.BHO.FL) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AppDataLow\HavingFunOnline (Adware.BHO.FL) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
C:\Program Files\FLV Direct Player (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Button (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\ComboBox (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Menu (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\SysButton (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Window (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Direct Player (Adware.FLVPlayer) -> Quarantined and deleted successfully.

Infizierte Dateien:
C:\Program Files\FLV Direct Player\downloading.swf (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\dskinliteu.dll (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\FLVPlayer.exe (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\player.dat (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\preload.swf (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\uninstall.exe (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin.xml (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Button\button_default.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Button\button_disable.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Button\button_down.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Button\button_hot.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Button\button_normal.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\ComboBox\combobox_buttonDown.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\ComboBox\combobox_buttonHot.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\ComboBox\combobox_buttonNor.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\ComboBox\edit_back.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Menu\menubg.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Menu\menuItem_arrow.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Menu\menuItem_check.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Menu\menuitem_select.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Menu\menuItem_seperator.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_close_down.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_close_hot.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_close_nor.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_max_down.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_max_hot.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_max_nor.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_min_down.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_min_hot.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_min_nor.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_restore_down.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_restore_hot.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\SysButton\sys_restore_nor.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Window\BottomBorder.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Window\downarrow.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Window\LeftBorder.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Window\Logo.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Window\main.ico (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Window\RightBorder.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\Program Files\FLV Direct Player\SkinDirectFLV\skin\Window\TitlePattern.bmp (Adware.BHO.FL) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Direct Player\FLV Direct Player.lnk (Adware.FLVPlayer) -> Quarantined and deleted successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Direct Player\Uninstall FLV Direct Player.lnk (Adware.FLVPlayer) -> Quarantined and deleted successfully.
C:\Users\Privat\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\.url (Malware.Trace) -> Quarantined and deleted successfully.
         
Ich hoffe man kann damit etwas anfangen.
Ich bedanke mich schonmal für jede hilfe

und wünsch eine schöne Nacht.
__________________


Alt 05.08.2010, 18:31   #3
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Dropper.gen in C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb - Standard

TR/Dropper.gen in C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb



Zitat:
Art des Suchlaufs: Quick-Scan
Bitte einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!
__________________
__________________

Alt 05.08.2010, 22:12   #4
Sloth
 
TR/Dropper.gen in C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb - Standard

TR/Dropper.gen in C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb



Vielen dank, dass du dich meinem Problem annimmst.

Malwarebytes Vollscan:
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4394

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

05.08.2010 20:55:11
mbam-log-2010-08-05 (20-55-11).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|M:\|)
Durchsuchte Objekte: 418151
Laufzeit: 1 Stunde(n), 22 Minute(n), 15 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         

Alt 05.08.2010, 22:13   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Dropper.gen in C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb - Standard

TR/Dropper.gen in C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb



Das ist das falsche Log!

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 05.08.2010, 22:16   #6
Sloth
 
TR/Dropper.gen in C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb - Standard

TR/Dropper.gen in C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb



hab ich auch gemerkt
hab das richtige rein editiert

Alt 05.08.2010, 22:20   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
TR/Dropper.gen in C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb - Standard

TR/Dropper.gen in C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb



Zitat:
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
Was sollen diese Einträge in der Hosts-Datei? Warum hast Du die da drin?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu TR/Dropper.gen in C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
0 bytes, 0x00000001, adblock, analysis, antivir, audiodg.exe, avg, avgntflt.sys, avira, bho, c:\windows\kmservice.exe, call of duty, ccc.exe, components, conduit, conhost.exe, corp./icp, desktop, document, dwm.exe, error, excel, excel.exe, fehler, firefox.exe, fontcache, hängen, jusched.exe, location, logfile, mom.exe, mozilla, nicht gefunden, nt.dll, nvstor.sys, oldtimer, otl logfile, otl.exe, programdata, prozesse, quelldatei, realtek, registry, safer networking, scan, search the web, searchplugins, security, server, services.exe, start menu, starten, studio, svchost.exe, taskhost.exe, tr/dropper.gen, trojaner, versteckte objekte, verweise, virus gefunden, visual studio, warnung, webcheck, windows, wuauclt.exe



Ähnliche Themen: TR/Dropper.gen in C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb


  1. Data Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\ProgramData\SecurityUtility\SecurityUtility32.dll
    Plagegeister aller Art und deren Bekämpfung - 27.08.2015 (1)
  2. WINDOWS 7: C:\PROGRA~2\SEARCH~2\SEARCH~1\bin\VC32LO~1.DLL - ungültiges Bild
    Log-Analyse und Auswertung - 01.04.2015 (11)
  3. C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL ist entweder nicht für die Ausführung unter Windows vorgesehen...
    Plagegeister aller Art und deren Bekämpfung - 16.03.2015 (17)
  4. Windows 7 : Fehlermeldung : Bad Image C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL
    Plagegeister aller Art und deren Bekämpfung - 15.03.2015 (11)
  5. : ungültiges Bild (C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL) Windows 7
    Log-Analyse und Auswertung - 15.03.2015 (19)
  6. C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\VC32LO~1.DLL ist entweder nicht für die Ausführung unter Windows vorgesehe
    Plagegeister aller Art und deren Bekämpfung - 06.02.2015 (5)
  7. Microsoft integriert Data Loss Prevention in Cloud- und Office-Produkte
    Nachrichten - 29.10.2014 (0)
  8. Delta Search und Babylon search - Malware durch Freeware, Windows Vista
    Plagegeister aller Art und deren Bekämpfung - 16.07.2013 (37)
  9. Trojan.Agent/Gen-Downloader in C:\PROGRAMDATA\NVIDIA\UPDATUS\DOWNLOAD\24479DC7\UPDATUS.10032098_RUNASUSER.EXE und C:\PROGRAMDATA\NVIDIA\UPDA
    Log-Analyse und Auswertung - 14.09.2012 (10)
  10. AntiVir: Trojaner TR/Trash.gen7; C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
    Plagegeister aller Art und deren Bekämpfung - 05.07.2012 (2)
  11. Fund von TR/Dropper.Gen durch Antivir in C:\Programme\Microsoft Office\Office12\WINWORD.EX
    Log-Analyse und Auswertung - 06.05.2012 (1)
  12. SpybotFunde coolwww.search.smartsearch - microsoft.windowssecurityCenter_disabled
    Plagegeister aller Art und deren Bekämpfung - 26.02.2012 (1)
  13. Morlin: TR/Dropper.gen in C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb
    Plagegeister aller Art und deren Bekämpfung - 10.01.2011 (1)
  14. "muxyi.exe" und Fehler bei Rechte zu "C:\ProgramData\Microsoft\Windows"
    Plagegeister aller Art und deren Bekämpfung - 08.01.2011 (5)
  15. HTML/silly.sys in C:/ProgramData/Micros./Search/Data/App./Win./tmp.edb
    Plagegeister aller Art und deren Bekämpfung - 17.07.2010 (3)
  16. SystemProc\lsass.ece | ProgramData\ds32gt32.dll |ProgramData\dskquoto32.dll | uvm.
    Plagegeister aller Art und deren Bekämpfung - 06.06.2010 (10)
  17. AntiVir meldet Trojaner TR/Crypt.XPACK.Gen in C:\ProgramData\Microsoft\Search\Data\Ap
    Plagegeister aller Art und deren Bekämpfung - 18.09.2009 (1)

Zum Thema TR/Dropper.gen in C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb - Guten Tag ich bin hier weil mein Avira einen Trojaner entdeckt hatt und ich diesen aber auch nach mehreren versuchen nicht gelöscht bekomme und hoffe das mir eine Fach-wissende nette - TR/Dropper.gen in C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb...
Archiv
Du betrachtest: TR/Dropper.gen in C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.