Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Finger verbrannt an Online-Pornos? "XXX : (Titel der Webseite)" in der IE und Firefox-Leiste

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 14.11.2010, 12:08   #1
HansHampel
 
Finger verbrannt an Online-Pornos? "XXX : (Titel der Webseite)" in der IE und Firefox-Leiste - Standard

Finger verbrannt an Online-Pornos? "XXX : (Titel der Webseite)" in der IE und Firefox-Leiste



Hallo Zusammen,

habe ein Problem: In der Titelleiste meines Browsers (sowohl IE als auch Firefox) taucht die Bezeichnung XXX vor dem Namen der Webseite auf. Beispiel: "XXX : ebay.de". Leider finde ich die Ursache nicht, um das Problem zu beheben bzw. es zumindest zu unterbinden.

Es gab bereits einen ähnlichen Post hier im Forum. Der User "Shadow" hat empfohlen über das Add-On "Titelbar Tweak-Plus" die Info zurückzusetzten. Leider funktioniert dieser Tipp nur bedingt. So bleibt die Titelleiste zwar leer, aber Tabs haben noch die Bezeichnung XXX vorneweg. ...und außerdem ist das Problem nur "vertuscht" - irgendeinen Sch... hab ich schließlich auf meinen PC geladen und muss in der Angst leben, dass morgen meine Daten weg/ zerstört sind.


Hier der Link zum angesprochenen Thread:

http://www.trojaner-board.de/90275-3...eutet-das.html


Hat einer von Euch einen Experten-Tipp für mich?
Bereits an dieser Stelle: Danke für Eure Hilfe!


Mfg, HansHampel

Alt 14.11.2010, 15:04   #2
markusg
/// Malware-holic
 
Finger verbrannt an Online-Pornos? "XXX : (Titel der Webseite)" in der IE und Firefox-Leiste - Standard

Finger verbrannt an Online-Pornos? "XXX : (Titel der Webseite)" in der IE und Firefox-Leiste



ootl:
Systemscan mit OTL
download otl:
http://filepony.de/download-otl/

Doppelklick auf die OTL.exe
(user von Windows 7 und Vista: Rechtsklick als Administrator ausführen)
1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
2. Hake an "scan all users"
3. Unter "Extra Registry wähle:
"Use Safelist" "LOP Check" "Purity Check"
4. Kopiere in die Textbox:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
5. Klicke "Scan"
6. 2 reporte werden erstellt:
OTL.Txt
Extras.Txt
beide posten.
__________________

__________________

Alt 14.11.2010, 16:44   #3
HansHampel
 
Finger verbrannt an Online-Pornos? "XXX : (Titel der Webseite)" in der IE und Firefox-Leiste - Standard

Finger verbrannt an Online-Pornos? "XXX : (Titel der Webseite)" in der IE und Firefox-Leiste



Hallo Markusg,

danke für deine Hilfestellung.

Hier der erste Report:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 14.11.2010 16:29:39 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1.023,00 Mb Total Physical Memory | 114,00 Mb Available Physical Memory | 11,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 60,00% Paging File free
Paging file location(s): C:\pagefile.sys 1024 1024 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,25 Gb Total Space | 12,48 Gb Free Space | 33,50% Space Free | Partition Type: NTFS
 
Computer Name: C9956PCH | User Name: DE046036 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\WEB.DE\LiveUpdate\m2LUTray.exe (mquadr.at software engineering und consulting GmbH)
PRC - C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090417-1727\soffice.exe ()
PRC - C:\Program Files\C4ebreg\isamtray.exe (IBM Corp.)
PRC - C:\Program Files\C4ebreg\c4ebreg.exe (IBM Corp.)
PRC - c:\sdwork\issimsvc.exe (IBM Corp.)
PRC - C:\Program Files\IBM\My Help\MyHelp.exe ()
PRC - C:\Program Files\IBM\My Help\plugins\com.ibm.myhelp.common_1.4.19\pmonmh.exe ()
PRC - C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\WINDOWS\wrtService.exe ()
PRC - C:\Program Files\IBM\My Help\jre\bin\myhelpw.exe (IBM)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe (Lenovo )
PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )
PRC - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )
PRC - C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
PRC - C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
PRC - C:\Program Files\Lenovo\NPDIRECT\tpfnf7sp.exe (Lenovo Group Limited)
PRC - C:\WINDOWS\system32\bmwebcfg.exe (Bytemobile, Inc.)
PRC - C:\WINDOWS\system32\TpShocks.exe (Lenovo.)
PRC - C:\WINDOWS\system32\TPHDEXLG.exe (Lenovo.)
PRC - C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo)
PRC - C:\Program Files\IBM\Infoprint Select\ipnotify.exe ()
PRC - C:\Program Files\AT&T Network Client\NetCfgSv.EXE (AT&T)
PRC - C:\Program Files\IBM\tivoli\dcd\client\ISSI\_jvm\jre\bin\java.exe (IBM)
PRC - C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe ()
PRC - C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe (symantec)
PRC - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe (Symantec Corporation)
PRC - C:\Program Files\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\TpKmpSvc.exe ()
PRC - C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
PRC - C:\WINDOWS\system32\acs.exe ()
PRC - C:\Program Files\IBM\Personal Communications\PCS_AGNT.EXE (IBM Corporation)
PRC - C:\WINDOWS\system32\drivers\trcboot.exe (IBM Corporation)
PRC - C:\WINDOWS\system32\drivers\ldlcserv.exe (IBM Corporation)
PRC - C:\Program Files\IBM\Personal Communications\tpam.exe ()
PRC - C:\notes\ntmulti.exe (IBM Corp)
PRC - C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe ()
PRC - C:\WINDOWS\system32\cmd.exe (Microsoft Corporation)
PRC - C:\Program Files\IBM\Bluetooth Software\BTTray.exe (WIDCOMM, Inc.)
PRC - C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe (WIDCOMM, Inc.)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\SynTPFcs.dll (Synaptics, Inc.)
MOD - C:\WINDOWS\system32\cabinet.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\winsta.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\wtsapi32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (ISAMsmt) -- C:\Program Files\C4ebreg\isamsmt.exe File not found
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (ISAMSvc) -- C:\Program Files\c4ebreg\c4ebreg.exe (IBM Corp.)
SRV - (ISSIMon) -- c:\sdwork\issimsvc.exe (IBM Corp.)
SRV - (ICQ Service) -- C:\Program Files\ICQ6Toolbar\ICQ Service.exe ()
SRV - (WRTService) -- C:\WINDOWS\wrtService.exe ()
SRV - (DCDClient-ISSI) IBM DCD Standard Client (DCDClient-ISSI) -- C:\Program Files\IBM\tivoli\dcd\client\ISSI\cds\CDSWinSrv.exe ()
SRV - (AcSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe (Lenovo )
SRV - (AcPrfMgrSvc) -- C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe (Lenovo )
SRV - (bmwebcfg) -- C:\WINDOWS\System32\bmwebcfg.exe (Bytemobile, Inc.)
SRV - (TPHDEXLGSVC) -- C:\WINDOWS\system32\TPHDEXLG.exe (Lenovo.)
SRV - (IBMPMSVC) -- C:\WINDOWS\system32\ibmpmsvc.exe (Lenovo)
SRV - (NetCfgSvr) -- C:\Program Files\AT&T Network Client\NetCfgSv.EXE (AT&T)
SRV - (SavRoam) -- c:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (Symantec AntiVirus) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (DefWatch) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (SymSecurePort) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe (Symantec Corporation)
SRV - (ISSVC) -- C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe (Symantec Corporation)
SRV - (LiveUpdate) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE (Symantec Corporation)
SRV - (SNDSrvc) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (ccSetMgr) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (ccProxy) -- C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (TpKmpSVC) -- C:\WINDOWS\system32\TpKmpSvc.exe ()
SRV - (SPBBCSvc) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (ACS) -- C:\WINDOWS\system32\acs.exe ()
SRV - (AppnNode) -- C:\WINDOWS\system32\drivers\appnnode.exe (IBM Corporation)
SRV - (TrcBoot) -- C:\WINDOWS\system32\drivers\trcboot.exe (IBM Corporation)
SRV - (ldlcserv) -- C:\WINDOWS\system32\drivers\ldlcserv.exe (IBM Corporation)
SRV - (Multi-user Cleanup Service) -- C:\notes\ntmulti.exe (IBM Corp)
SRV - (btwdins) -- C:\Program Files\IBM\Bluetooth Software\bin\btwdins.exe (WIDCOMM, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NAVEX15) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101113.003\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101113.003\NAVENG.SYS (Symantec Corporation)
DRV - (SYMIDSCO) -- C:\Program Files\Common Files\Symantec Shared\SymcData\scfidsdefs\20101105.001\SymIDSCo.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (PMEM) -- C:\WINDOWS\system32\drivers\PMEMNT.SYS (Microsoft Corporation)
DRV - (G3GRUMDM) -- C:\WINDOWS\system32\drivers\g3grumdm.sys (Option N.V.)
DRV - (G3GRUSER) -- C:\WINDOWS\system32\drivers\g3gruser.sys (Option N.V.)
DRV - (TSMAPIP) -- C:\WINDOWS\system32\drivers\TSMAPIP.SYS ()
DRV - (tcpipBM) -- C:\WINDOWS\System32\drivers\tcpipBM.sys (Bytemobile, Inc.)
DRV - (IBMTPCHK) -- C:\WINDOWS\system32\drivers\IBMBLDID.sys ()
DRV - (Shockprf) -- C:\WINDOWS\System32\DRIVERS\Apsx86.sys (Lenovo.)
DRV - (TPDIGIMN) -- C:\WINDOWS\System32\DRIVERS\ApsHM86.sys (Lenovo.)
DRV - (IBMPMDRV) -- C:\WINDOWS\system32\drivers\ibmpmdrv.sys (Lenovo.)
DRV - (SymEvent) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SAVRT) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys (Symantec Corporation)
DRV - (SAVRTPEL) -- C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (SYMREDRV) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMIDS) -- C:\WINDOWS\System32\Drivers\SYMIDS.SYS (Symantec Corporation)
DRV - (SYMNDIS) -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS (Symantec Corporation)
DRV - (SYMFW) -- C:\WINDOWS\System32\Drivers\SYMFW.SYS (Symantec Corporation)
DRV - (SYMDNS) -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS (Symantec Corporation)
DRV - (Smapint) -- C:\WINDOWS\system32\drivers\SMAPINT.SYS (Microsoft Corporation)
DRV - (TDSMAPI) -- C:\WINDOWS\system32\drivers\TDSMAPI.SYS ()
DRV - (agnfilt) -- C:\WINDOWS\system32\drivers\agnfilt.sys (AT&T)
DRV - (AR5211) -- C:\WINDOWS\system32\drivers\ar5211.sys (Atheros Communications, Inc.)
DRV - (SPBBCDrv) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (ANC) -- C:\WINDOWS\system32\drivers\ANC.sys (IBM Corp.)
DRV - (iastor) -- C:\WINDOWS\System32\Drivers\iaStor.sys (Intel Corporation)
DRV - (Appn) -- C:\WINDOWS\System32\drivers\appn.sys (IBM Corporation)
DRV - (AppnBase) -- C:\WINDOWS\System32\drivers\AppnBase.sys (IBM Corporation)
DRV - (pdlncfwk) -- C:\WINDOWS\System32\drivers\pdlncfwk.sys (IBM Corporation)
DRV - (AppnApi) -- C:\WINDOWS\System32\drivers\appnapi.sys (IBM Corporation)
DRV - (IBM_LLC2) -- C:\WINDOWS\system32\drivers\llc2.sys (IBM Corporation)
DRV - (pdlnacom) -- C:\WINDOWS\System32\drivers\pdlnacom.sys (IBM Corporation)
DRV - (pdlndlpb) -- C:\WINDOWS\System32\drivers\pdlndlpb.sys (IBM Corporation)
DRV - (pdlnemap) -- C:\WINDOWS\System32\drivers\pdlnemap.sys (IBM Corporation)
DRV - (pdlndsdl) -- C:\WINDOWS\System32\drivers\pdlndsdl.sys (IBM Corporation)
DRV - (pdlnshay) -- C:\WINDOWS\System32\drivers\pdlnshay.sys (IBM Corporation)
DRV - (pdlndldl) IBM Enterprise Extender (HPR/IP) -- C:\WINDOWS\System32\drivers\pdlndldl.sys (IBM Corporation)
DRV - (pdlnsx25) -- C:\WINDOWS\System32\drivers\pdlnsx25.sys (IBM Corporation)
DRV - (pdlnsv25) -- C:\WINDOWS\System32\drivers\pdlnsv25.sys (IBM Corporation)
DRV - (pdlndqll) -- C:\WINDOWS\System32\drivers\pdlndqll.sys (IBM Corporation)
DRV - (pdlndtdl) -- C:\WINDOWS\System32\drivers\pdlndtdl.sys (IBM Corporation)
DRV - (pdlnecfg) -- C:\WINDOWS\System32\drivers\pdlnecfg.sys (IBM Corporation)
DRV - (Anydlc) -- C:\WINDOWS\System32\drivers\anydlc.sys (IBM Corporation)
DRV - (pdlnafac) -- C:\WINDOWS\System32\drivers\pdlnafac.sys (IBM Corporation)
DRV - (KLOGNT) -- C:\WINDOWS\System32\drivers\klognt.sys (IBM Corporation)
DRV - (pdlnslea) -- C:\WINDOWS\System32\drivers\pdlnslea.sys (IBM Corporation)
DRV - (pdlnatcm) -- C:\WINDOWS\System32\drivers\pdlnatcm.sys (IBM Corporation)
DRV - (pdlnepkt) -- C:\WINDOWS\System32\drivers\pdlnepkt.sys (IBM Corporation)
DRV - (pdlndoem) -- C:\WINDOWS\System32\drivers\pdlndoem.sys (IBM Corporation)
DRV - (pdlnatdl) -- C:\WINDOWS\System32\drivers\pdlnatdl.sys (IBM Corporation)
DRV - (pdlndint) -- C:\WINDOWS\System32\drivers\pdlndint.sys (IBM Corporation)
DRV - (pdlnemsg) -- C:\WINDOWS\System32\drivers\pdlnemsg.sys (IBM Corporation)
DRV - (pdlnctdl) -- C:\WINDOWS\System32\drivers\pdlnctdl.sys (IBM Corporation)
DRV - (NsTrcNT) -- C:\WINDOWS\System32\drivers\nstrcnt.sys (IBM Corporation)
DRV - (pdlnebas) -- C:\WINDOWS\System32\drivers\pdlnebas.sys (IBM Corporation)
DRV - (pdlncbas) -- C:\WINDOWS\System32\drivers\pdlncbas.sys (IBM Corporation)
DRV - (TPHKDRV) -- C:\WINDOWS\system32\drivers\TPHKDRV.sys (IBM Corporation)
DRV - (EGATHDRV) -- C:\WINDOWS\system32\egathdrv.sys (IBM Corporation)
DRV - (TPPWR) -- C:\WINDOWS\system32\drivers\TPPWR.SYS (IBM Corp.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (NSCIRDA) -- C:\WINDOWS\system32\drivers\nscirda.sys (National Semiconductor Corporation)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (agnwifi) -- C:\WINDOWS\system32\drivers\agnwifi.sys (AT&T)
DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (WIDCOMM, Inc.)
DRV - (avpnnic) -- C:\WINDOWS\system32\drivers\avpnnic.sys (AT&T)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://w3.ibm.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://w3.ibm.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = w3-501.ibm.com;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.hiergehtslos.de"
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: @TitlebarTweaksPlus:10.03.07
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
FF - prefs.js..network.proxy.no_proxies_on: "w3-501.ibm.com,localho,t,127.0.0.1,*.local"
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.11.14 11:29:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.11.14 11:29:43 | 000,000,000 | ---D | M]
 
[2009.02.18 09:04:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2008.05.07 14:22:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\eclipse1\extensions
[2010.11.14 11:35:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3krtlxqp.default\extensions
[2010.11.14 11:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3krtlxqp.default\extensions\@TitlebarTweaksPlus
[2010.11.14 11:34:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3krtlxqp.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.11.14 11:35:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009.11.30 12:32:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009.02.13 13:19:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\IBM-cck@firefox-extensions.ibm.com
[2009.02.13 13:19:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\IBM-cck@firefox-extensions.ibm.com\chrome
[2009.02.13 13:19:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\IBM-cck@firefox-extensions.ibm.com\components
[2009.02.13 13:19:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\IBM-cck@firefox-extensions.ibm.com\defaults
[2009.02.13 13:19:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\IBM-cck@firefox-extensions.ibm.com\platform
[2009.02.13 13:19:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\IBM-cck@firefox-extensions.ibm.com\searchplugins
 
O1 HOSTS File: ([2004.08.04 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKCU\..\Toolbar\ShellBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ACTray] C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe (Lenovo )
O4 - HKLM..\Run: [ACWLIcon] C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe (Lenovo )
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [BLOG] C:\Program Files\ThinkPad\Utilities\BATLOGEX.DLL ()
O4 - HKLM..\Run: [BMMGAG] C:\Program Files\ThinkPad\Utilities\PWRMONIT.DLL (IBM Corp.)
O4 - HKLM..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE ()
O4 - HKLM..\Run: [BMMMONWND] C:\Program Files\ThinkPad\Utilities\BATINFEX.DLL ()
O4 - HKLM..\Run: [C4EBReg] C:\Program Files\c4ebreg\c4ebreg.exe (IBM Corp.)
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [ipmcmu] c:\Program Files\IBM\IPM Client Migration Utility\ipmcmu.exe (IBM)
O4 - HKLM..\Run: [Isamtray] C:\Program Files\c4ebreg\isamtray.exe (IBM Corp.)
O4 - HKLM..\Run: [ISSI Service] c:\sdwork\issimsvc.exe (IBM Corp.)
O4 - HKLM..\Run: [KernelFaultCheck]  File not found
O4 - HKLM..\Run: [MyHelpService] C:\Program Files\IBM\My Help\workspace\service\delayStart.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [pmonmh] C:\Program Files\IBM\My Help\plugins\\com.ibm.myhelp.common_1.4.19/pmonmh.exe ()
O4 - HKLM..\Run: [stgclean] c:\sdwork\w32main2.exe (IBM Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [TP4EX] C:\WINDOWS\System32\TP4EX.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [Tpam.exe] C:\Program Files\IBM\Personal Communications\tpam.exe ()
O4 - HKLM..\Run: [TPFNF7] C:\Program Files\Lenovo\NPDIRECT\TPFNF7SP.exe (Lenovo Group Limited)
O4 - HKLM..\Run: [TPHOTKEY] C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe ()
O4 - HKLM..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe (Lenovo)
O4 - HKLM..\Run: [TpShocks] C:\WINDOWS\System32\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: [vptray] C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [WEB.DE Update] C:\Program Files\WEB.DE\LiveUpdate\m2LUTray.exe (mquadr.at software engineering und consulting GmbH)
O4 - HKCU..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [MobileConnect.EXE] C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
O4 - HKCU..\Run: [NetSP - restore settings on power failure] C:\Program Files\AT&T Network Client\NetSP.exe (AT&T)
O4 - HKCU..\Run: [SODCPreLoad] C:\Program Files\IBM\Lotus\Symphony\framework\shared\eclipse\plugins\com.ibm.productivity.tools.base.app.win32_3.5.0.20090417-1727\preload.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnce: [DLFiles] C:\Program Files\IBM\checker\dlfiles.exe (                                                                                                                )
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BTTray.lnk = C:\Program Files\IBM\Bluetooth Software\BTTray.exe (WIDCOMM, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Infoprint Select Notification.lnk = C:\Program Files\IBM\Infoprint Select\ipnotify.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Lotus QuickStart.lnk = C:\lotus\wordpro\ltsstart.exe (Lotus Development Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDevMgrUpdate = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\IBM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\IBM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O15 - HKCU\..Trusted Domains: ibm.com ([]* in Local intranet)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189037145890 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1194968075000 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {8C28EFD7-767B-11D1-844B-0060972DC2AC} https://w3-03.ibm.com/Hyperion/zeroadmin/component/Brio.Insight.en.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} hxxp:// (Java Plug-in 1.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ACNotify: DllName - ACNotify.dll - C:\Program Files\ThinkPad\ConnectUtilities\ACNotify.dll (Lenovo )
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O20 - Winlogon\Notify\atmgrtok: DllName - atmgrtok.dll - C:\Program Files\IBM\Personal Communications\atmgrtok.dll (IBM Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O20 - Winlogon\Notify\pcsinst: DllName - pcsinst.dll - C:\WINDOWS\System32\pcsinst.dll (IBM Corporation)
O20 - Winlogon\Notify\tpfnf2: DllName - notifyf2.dll - C:\WINDOWS\System32\notifyf2.dll ()
O20 - Winlogon\Notify\tphotkey: DllName - tphklock.dll - C:\WINDOWS\System32\tphklock.dll ()
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005.04.04 18:44:20 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.11.14 16:14:17 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{1CAD5672-4524-4B57-9E7F-6A36F9CA770A}
[2010.11.14 16:13:58 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{C8C85F7C-4429-4C76-9B3A-5624D2EF7FE4}
[2010.11.14 16:13:58 | 000,000,000 | ---D | C] -- C:\Program Files\WEB.DE
[2010.11.14 16:12:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010.11.14 16:06:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PackageAware
[2010.11.14 00:21:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Copy of DIPLOMARBEIT
[2010.11.13 23:56:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\vlc
[2010.11.13 23:55:29 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010.10.23 12:45:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010.10.23 12:45:31 | 001,871,872 | ---- | C] (Nufsoft) -- C:\WINDOWS\Water_Illusion.scr
[2010.10.23 12:45:29 | 000,000,000 | ---D | C] -- C:\Program Files\Nufsoft
[2010.10.17 12:23:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\DIPLOMARBEIT
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.11.14 16:13:58 | 000,001,156 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Amazon.de.lnk
[2010.11.14 16:13:58 | 000,001,152 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\eBay.lnk
[2010.11.14 16:01:00 | 000,001,210 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2088734446-1004758327-376871634-500UA.job
[2010.11.14 15:48:00 | 000,001,096 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.11.14 15:11:06 | 000,000,510 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2010.11.14 14:33:10 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010.11.14 10:13:19 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010.11.14 10:13:15 | 000,001,092 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.11.14 10:11:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.11.14 00:29:56 | 000,000,040 | ---- | M] () -- C:\WINDOWS\System32\profile.dat
[2010.11.13 23:56:22 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010.11.13 23:55:40 | 000,011,776 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.13 23:44:54 | 733,693,952 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\fle-hoamte9a.avi
[2010.11.13 17:01:00 | 000,001,158 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2088734446-1004758327-376871634-500Core.job
[2010.11.09 21:28:07 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Google Chrome.lnk
[2010.11.09 21:28:07 | 000,002,322 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010.11.08 16:53:47 | 000,430,408 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010.11.08 16:53:47 | 000,068,226 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010.11.04 11:15:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010.11.03 10:21:45 | 000,000,040 | ---- | M] () -- C:\WINDOWS\System32\mscandc.ini
[2010.11.01 18:30:53 | 000,312,828 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Kabel_Deutschland.jpg
[2010.10.23 12:45:38 | 000,000,484 | ---- | M] () -- C:\WINDOWS\WaterIllusion.ini
[2010.10.23 12:45:13 | 004,010,042 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\WISetup_4_20.exe
[2010.10.23 12:41:50 | 000,293,200 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SoftonicDownloader_fuer_water-illusion-screensaver.exe
[2010.10.22 19:23:56 | 000,032,457 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\winmail.zip
[2010.10.22 19:23:27 | 000,095,638 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\winmail.dat
[2010.10.18 16:40:18 | 000,466,478 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Ticket_Paris.pdf
[2010.10.16 16:17:06 | 000,089,704 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Immatrikulationsbescheinigung Alex.pdf
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.11.14 16:13:58 | 000,001,156 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Amazon.de.lnk
[2010.11.14 16:13:58 | 000,001,152 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\eBay.lnk
[2010.11.14 00:22:57 | 733,693,952 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\fle-hoamte9a.avi
[2010.11.13 23:56:22 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010.11.01 18:30:21 | 000,312,828 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Kabel_Deutschland.jpg
[2010.10.23 12:45:07 | 004,010,042 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\WISetup_4_20.exe
[2010.10.23 12:41:43 | 000,293,200 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SoftonicDownloader_fuer_water-illusion-screensaver.exe
[2010.10.22 19:23:56 | 000,032,457 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\winmail.zip
[2010.10.22 19:23:27 | 000,095,638 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\winmail.dat
[2010.10.18 16:40:18 | 000,466,478 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Ticket_Paris.pdf
[2010.10.16 16:17:06 | 000,089,704 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Immatrikulationsbescheinigung Alex.pdf
[2009.04.17 13:19:32 | 000,000,040 | ---- | C] () -- C:\WINDOWS\System32\mscandc.ini
[2008.07.23 10:14:16 | 000,000,074 | ---- | C] () -- C:\WINDOWS\brioqplg.ini
[2008.07.23 10:14:05 | 000,032,389 | ---- | C] () -- C:\WINDOWS\bqformat.ini
[2008.05.29 13:31:42 | 000,000,156 | ---- | C] () -- C:\WINDOWS\System32\wrtservice.ini
[2008.04.15 12:51:38 | 000,004,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\IBMBLDID.sys
[2008.04.15 12:50:32 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\tphklock.dll
[2008.04.15 12:50:31 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\notifyf2.dll
[2008.04.07 06:29:57 | 000,011,776 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.04.03 17:06:18 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.04.02 15:46:04 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2008.04.02 15:45:57 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2008.04.02 14:13:26 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2008.04.02 14:13:26 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2008.04.02 14:11:55 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\FPCALL.dll
[2008.04.02 14:10:50 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\SynTPCoI.dll
[2008.04.02 14:09:10 | 000,012,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\TSMAPIP.SYS
[2008.04.02 14:08:37 | 000,009,343 | ---- | C] () -- C:\WINDOWS\System32\drivers\TDSMAPI.SYS
[2007.11.13 22:01:37 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007.10.25 15:45:18 | 000,079,260 | R--- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceManager.xml.rc4
[2007.10.01 17:16:00 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\CallSimReader.dll
[2007.10.01 17:15:54 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\SimReader.dll
[2007.09.19 11:39:40 | 000,020,270 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DeviceInstaller.xml
[2007.09.05 20:27:31 | 000,002,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2006.07.17 21:30:20 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2006.01.24 01:55:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2005.04.27 10:53:10 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\pwdmon.dll
[2005.04.05 20:59:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\pcsmig.INI
[2005.04.05 20:45:55 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\pdresrc.dll
[2005.04.05 20:45:51 | 000,552,960 | ---- | C] () -- C:\WINDOWS\System32\pdclntif.dll
[2005.04.05 20:45:51 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\pdprDlg.dll
[2005.04.05 20:45:51 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\selnt.dll
[2005.04.05 20:45:51 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\IBMMenu.dll
[2005.04.04 20:42:47 | 000,000,299 | RH-- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005.04.04 19:36:58 | 000,004,324 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004.08.04 06:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004.01.20 20:16:56 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\btbip.dll
[2004.01.20 20:03:24 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\btsendto_ie.dll
[2004.01.20 20:02:40 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\btsendto_wab.dll
[2004.01.20 19:57:32 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2003.04.08 01:00:00 | 000,222,928 | ---- | C] () -- C:\WINDOWS\System32\lobas09.dll
[2003.04.08 01:00:00 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\lotrn13.dll
[2003.04.08 01:00:00 | 000,031,008 | ---- | C] () -- C:\WINDOWS\System32\ivtrn09.dll
[2003.04.08 01:00:00 | 000,014,928 | ---- | C] () -- C:\WINDOWS\System32\wingen.drv
[2003.04.08 01:00:00 | 000,000,462 | ---- | C] () -- C:\WINDOWS\lodbf13.ini
[2003.04.08 01:00:00 | 000,000,058 | ---- | C] () -- C:\WINDOWS\loss613.ini
[2003.04.08 01:00:00 | 000,000,058 | ---- | C] () -- C:\WINDOWS\loss09.ini
[2003.04.08 01:00:00 | 000,000,038 | ---- | C] () -- C:\WINDOWS\loidp13.ini
[2002.11.20 05:25:16 | 000,000,484 | ---- | C] () -- C:\WINDOWS\WaterIllusion.ini
[2001.11.14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll
[1998.10.01 01:00:00 | 001,708,032 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[1997.06.18 01:00:00 | 000,022,016 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[1997.06.18 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\HLINKPRX.DLL
 
========== LOP Check ==========
 
[2009.01.13 08:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Centra
[2010.10.31 19:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IBM
[2010.09.22 18:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ICQ
[2009.03.23 10:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\RKA
[2009.01.13 08:24:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Saba
[2008.04.03 11:53:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Vodafone
[2008.10.10 08:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\webex
[2008.04.02 14:16:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AGNS
[2009.07.29 12:59:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2005.04.05 20:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBM
[2008.04.16 13:13:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBMERS
[2009.11.30 12:31:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2007.02.20 22:46:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IGS
[2010.11.14 16:03:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009.12.02 13:32:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2009.03.12 11:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010.11.14 16:14:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{1CAD5672-4524-4B57-9E7F-6A36F9CA770A}
[2009.04.26 13:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010.11.14 16:14:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{C8C85F7C-4429-4C76-9B3A-5624D2EF7FE4}
[2010.11.14 15:11:06 | 000,000,510 | ---- | M] () -- C:\WINDOWS\Tasks\At1.job
[2008.04.02 14:10:15 | 000,000,314 | ---- | M] () -- C:\WINDOWS\Tasks\BMMTask.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
[2009.05.21 19:08:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008.04.02 14:16:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AGNS
[2009.06.11 15:49:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2008.06.05 18:20:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009.07.29 12:59:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2009.01.24 14:02:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2010.11.13 20:59:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2005.04.05 20:53:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBM
[2008.04.16 13:13:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IBMERS
[2009.11.30 12:31:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2007.02.20 22:46:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IGS
[2008.04.03 11:48:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2010.11.14 16:13:07 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2007.03.05 23:08:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2010.11.14 16:03:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009.12.02 13:32:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone
[2005.08.18 16:04:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009.03.12 11:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010.11.14 16:14:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{1CAD5672-4524-4B57-9E7F-6A36F9CA770A}
[2009.04.26 13:14:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010.11.14 16:14:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{C8C85F7C-4429-4C76-9B3A-5624D2EF7FE4}
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2010.07.19 08:26:00 | 002,816,447 | ---- | M] (WEB.DE                                                                                                                                                                                                                                                                                                      ) -- C:\Documents and Settings\All Users\Application Data\{1CAD5672-4524-4B57-9E7F-6A36F9CA770A}\WEB.DE-Update.exe
[2009.02.04 12:56:14 | 000,075,112 | ---- | M] (GEAR Software, Inc.) -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\DifXInstall32.exe
[2010.07.19 09:57:34 | 002,841,130 | ---- | M] (WEB.DE                                                                                                                                                                                                                                                                                                      ) -- C:\Documents and Settings\All Users\Application Data\{C8C85F7C-4429-4C76-9B3A-5624D2EF7FE4}\IE8 WEB.DE Edition.exe
[2009.07.25 11:13:39 | 000,075,040 | ---- | M] (Apple Inc.) -- C:\Documents and Settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.1.6\SetupAdmin.exe
 
< %APPDATA%\*. >
[2008.05.09 13:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2006.04.12 03:08:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AdobeUM
[2010.05.16 22:11:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Apple Computer
[2009.01.13 08:24:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Centra
[2008.06.01 14:33:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Google
[2006.01.24 01:47:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Help
[2010.10.31 19:54:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IBM
[2010.09.22 18:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ICQ
[2005.04.04 18:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2008.04.03 16:41:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InstallShield
[2006.04.12 02:22:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2010.10.25 22:13:11 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2009.02.13 13:20:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2009.03.23 10:54:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\RKA
[2009.01.13 08:24:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Saba
[2008.10.09 19:37:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2010.11.13 23:57:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\vlc
[2008.04.03 11:53:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Vodafone
[2008.10.10 08:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\webex
 
< %APPDATA%\*.exe /s >
[2005.04.05 21:13:22 | 000,000,766 | R--- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{53A93780-6073-4207-A729-A99A30AFDE40}\fldwinvw.exe
[2005.04.05 21:13:22 | 000,028,672 | R--- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{53A93780-6073-4207-A729-A99A30AFDE40}\_FB9D09B3E7E7_4270_8AEA_6EEF129EC33B.exe
[2007.09.05 21:32:37 | 000,335,872 | R--- | M] (Macrovision Corporation) -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{8C8ADD9C-1F30-4B1A-927E-B72CC4AADB91}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
[2002.09.18 00:30:03 | 000,000,037 | ---- | M] () -- C:\cebWXP.exe
 
 
< MD5 for: AGP440.SYS  >
[2004.08.04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2004.08.04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:AGP440.sys
[2004.08.04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\dllcache\agp440.sys
[2004.08.04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\AGP440.SYS
[2004.08.04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0008\DriverFiles\i386\AGP440.SYS
 
< MD5 for: ATAPI.SYS  >
[2004.08.04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2004.08.04 06:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004.08.03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
 
< MD5 for: EVENTLOG.DLL  >
[2004.08.04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\dllcache\eventlog.dll
[2004.08.04 06:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll
 
< MD5 for: EXPLORER.EXE  >
[2007.06.13 12:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007.06.13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\explorer.exe
[2007.06.13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\system32\dllcache\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2005.10.12 13:07:12 | 000,874,240 | ---- | M] (Intel Corporation) MD5=309C4D86D989FB1FCF64BD30DC81C51B -- C:\WINDOWS\system32\drivers\iaStor.sys
 
< MD5 for: NETLOGON.DLL  >
[2004.08.04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2004.08.04 06:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\system32\netlogon.dll
 
< MD5 for: SCECLI.DLL  >
[2004.08.04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\dllcache\scecli.dll
[2004.08.04 06:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
 
< MD5 for: USER32.DLL  >
[2005.03.02 19:19:56 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=1800F293BCCC8EDE8A70E12B88D80036 -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2007.03.08 16:48:36 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=7AA4F6C00405DFC4B70ED4214E7D687B -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2007.03.08 16:36:28 | 000,577,536 | ---- | M] (Microsoft Corporation) MD5=B409909F6E2E8A7067076ED748ABF1E7 -- C:\WINDOWS\system32\dllcache\user32.dll
[2007.03.08 16:36:28 | 000,577,536 | ---- | M] (Microsoft Corporation) MD5=B409909F6E2E8A7067076ED748ABF1E7 -- C:\WINDOWS\system32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2004.08.04 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004.08.04 06:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2004.08.04 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004.08.04 06:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2004.08.04 06:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\dllcache\ws2ifsl.sys
[2004.08.04 06:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) MD5=6ABE6E225ADB5A751622A9CC3BC19CE8 -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2005.04.04 19:34:03 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005.04.04 19:34:03 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005.04.04 19:34:03 | 000,880,640 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2007.06.06 10:53:34 | 001,195,888 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\FM20.DLL
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8D49B91E

< End of report >
         
--- --- ---



Hier der Zweite Report:
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 14.11.2010 16:29:39 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1.023,00 Mb Total Physical Memory | 114,00 Mb Available Physical Memory | 11,00% Memory free
2,00 Gb Paging File | 1,00 Gb Available in Paging File | 60,00% Paging File free
Paging file location(s): C:\pagefile.sys 1024 1024 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37,25 Gb Total Space | 12,48 Gb Free Space | 33,50% Space Free | Partition Type: NTFS
 
Computer Name: C9956PCH | User Name: DE046036 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"IBMconfig" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)
"C:\Program Files\ICQ6.5\ICQ.exe" = C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6 -- (ICQ, LLC.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0698CECB-9072-47B1-AEA1-94CA350989B8}" = Symantec Client Security
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0DC7F1CB-B3EB-48CF-8136-3BF8635F8566}" = Internet Explorer 8 WEB.DE Edition
"{15095BF3-A3D7-4DDF-B193-3A496881E003}" = Microsoft .NET Framework 3.0
"{17CBC505-D1AE-459D-B445-3D2000A85842}" = ThinkPad UltraNav Utility
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1ECCE5C7-7C28-4384-8711-90228FCFDFA8}" = Vodafone Mobile Connect
"{2111B23F-7FDA-4A41-8309-E5A1663CA296}" = ThinkPad Keyboard Customizer Utility
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2515BF88-E42E-4AFA-A8E7-DF272762589B}" = Microsoft Office Live Meeting 2007
"{2E21CBDA-1EDF-4C18-A561-DB53D683229F}" = AT&T Network Client
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37C22E24-B794-4265-A38E-711BBF1C637A}" = IBM Personal Communications
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System
"{491DD792-AD81-429C-9EB4-86DD3D22E333}" = Windows Communication Foundation
"{4F3AFB85-B972-4621-AEB6-6C22317E145B}" = IBM 32-bit Runtime Environment for Java 2, v5.0
"{536D6172-7453-7569-7465-392E38300409}" = Lotus SmartSuite - English
"{53A93780-6073-4207-A729-A99A30AFDE40}" = AFP Workbench for Windows
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{628789DC-75F8-4302-A268-27EF628E6906}" = Lotus Notes 7.0
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{65103278-85b6-498f-a9f0-e21a39103491}" = IBM Lotus Symphony
"{65706020-7B6F-41F2-8047-FC69579E386A}" = Presentation Director
"{6928A265-9EED-4F8A-8016-483A4668016A}" = IBM Infoprint Select
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7D1B85BD-AA07-48B8-808D-67A4067FC6BD}" = Windows Workflow Foundation
"{7D968F83-A23F-40F7-937C-A3B5A0C44048}" = My Help - Workstation Setup Wizard
"{7EB114D8-207F-45AE-BABD-1669715F2630}" = ThinkVantage Access Connections
"{7F87DF1C-6B8F-49F4-8EEF-7600128D99AE}" = IBM Tivoli Storage Manager Client
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C8ADD9C-1F30-4B1A-927E-B72CC4AADB91}" = IBM Lotus Sametime Connect 7.5.1
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{90F80409-6000-11D3-8CFE-0150048383C9}" = Remove Hidden Data Tool
"{95120000-0052-0409-0000-0000000FF1CE}" = Microsoft Office Visio Viewer 2007
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{99ECF41F-5CCA-42BD-B8B8-A8333E2E2944}" = iTunes
"{9FAC9E5C-0D20-4DBF-AFE5-2E09C52A95A2}" = ThinkPad Wireless LAN Adapters Software (11a/b, 11b/g, 11a/b/g)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.5
"{AC76BA86-7AD7-1033-7B44-A81300000003}_814" = KB408682
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C337BDAF-CB4E-47E2-BE1A-CB31BB7DD0E3}" = Apple Mobile Device Support
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CADBCBBA-6CDD-4119-B5ED-4AE075B153E7}" = MobileMe Control Panel
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D44D97D9-919B-4A6D-ABE8-C84B3DD757A9}" = Hyperion Intelligence Client
"{DFF415AC-3883-4338-9365-DDCB74A0CFBA}" = IBM My Help
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{E98D6792-FC51-4187-9448-CA9BF893384E}" = IBM Integrated Bluetooth II Software
"{EA664480-3844-11D5-8C25-444553540000}" = TrackPoint Accessibility Features
"{EC6AF20D-4376-4070-BEE4-D3A0DFF7E140}" = Access IBM
"{F1FCC8AD-0F88-4D77-8530-0FBB088485F1}" = WEB.DE Update
"{FC081D4D-DF1B-4CF1-B530-027E4118D846}" = ThinkPad Configuration
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ATI Display Driver" = ATI Display Driver
"CentraClient" = Centra Client
"CNXT_MODEM_PCI_VEN_8086&DEV_24C6&SUBSYS_05591014" = IBM Integrated 56K Modem
"EB88B6218325D2AB47CFFBF7170236B60A6198FF" = Windows Driver Package - Microsoft Corporation (usbvideo) Image  (05/25/2007 1.0.3656.0)
"fe29d7d6aaf324b1964e31be6d7ce1981815068445" = IBM Dynamic Content Delivery (DCDClient-ISSI)
"Google Updater" = Google Updater
"IBM Ayudame" = IBM Ayudame
"ICQToolbar" = ICQ Toolbar
"InstallShield_{4F3AFB85-B972-4621-AEB6-6C22317E145B}" = IBM 32-bit Runtime Environment for Java 2, v5.0
"Internet Explorer 8 WEB.DE Edition" = Internet Explorer 8 WEB.DE Edition
"IPM Client Migration Utility" = IPM Client Migration Utility
"LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Microsoft .NET Framework 3.0" = Microsoft .NET Framework 3.0
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"OnScreenDisplay" = On Screen Display
"P2P GUI" = IBM ISMA Peer-To-Peer
"Power Features" = IBM ThinkPad Battery MaxiMiser and Power Management Features
"Power Management Driver" = ThinkPad Power Management Driver
"PROSet" = Intel(R) PRO Network Adapters and Drivers
"RKA IBM" = RKA IBM 5.8
"Snapshot Viewer" = Snapshot Viewer
"SynTPDeinstKey" = ThinkPad UltraNav Driver
"ThinkPad FullScreen Magnifier" = ThinkPad FullScreen Magnifier
"VLC media player" = VLC media player 1.1.4
"Water Illusion Screensaver" = Water Illusion Screensaver
"WEB.DE Update" = WEB.DE Update
"WIC" = Windows Imaging Component
"Winmail Opener" = Winmail Opener 1.4
"Workstation Security Tool_is1" = Workstation Security Tool 2.4
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 17.07.2010 12:04:30 | Computer Name = C9956PCH | Source = Google Update | ID = 20
Description = 
 
Error - 13.08.2010 16:26:22 | Computer Name = C9956PCH | Source = Google Update | ID = 20
Description = 
 
Error - 15.08.2010 06:25:29 | Computer Name = C9956PCH | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
 with error: A required certificate is not within its validity period when verifying
 against the current system clock or the timestamp in the signed file.  
 
Error - 06.09.2010 14:28:21 | Computer Name = C9956PCH | Source = Google Update | ID = 20
Description = 
 
Error - 11.09.2010 05:43:05 | Computer Name = C9956PCH | Source = Google Update | ID = 20
Description = 
 
Error - 11.09.2010 06:43:05 | Computer Name = C9956PCH | Source = Google Update | ID = 20
Description = 
 
Error - 11.09.2010 07:43:05 | Computer Name = C9956PCH | Source = Google Update | ID = 20
Description = 
 
Error - 11.09.2010 08:43:05 | Computer Name = C9956PCH | Source = Google Update | ID = 20
Description = 
 
Error - 25.09.2010 02:46:37 | Computer Name = C9956PCH | Source = Google Update | ID = 20
Description = 
 
Error - 11.10.2010 11:43:05 | Computer Name = C9956PCH | Source = Google Update | ID = 20
Description = 
 
[ System Events ]
Error - 11.10.2010 11:10:45 | Computer Name = C9956PCH | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
 or more  time sources, however none of the sources are currently accessible.   No attempt
 to contact a source will be made for 14 minutes.  NtpClient has no source of accurate
 time. 
 
Error - 11.10.2010 11:11:03 | Computer Name = C9956PCH | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
 manually  configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup
 again in 15  minutes.  The error was: A socket operation was attempted to an unreachable
 host. (0x80072751)
 
Error - 11.10.2010 11:11:03 | Computer Name = C9956PCH | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
 or more  time sources, however none of the sources are currently accessible.   No attempt
 to contact a source will be made for 14 minutes.  NtpClient has no source of accurate
 time. 
 
Error - 11.10.2010 11:11:21 | Computer Name = C9956PCH | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
 manually  configured peer 'time-a.nist.gov,0x1'. NtpClient will try the DNS lookup
 again in 15  minutes.  The error was: A socket operation was attempted to an unreachable
 host. (0x80072751)
 
Error - 11.10.2010 11:11:21 | Computer Name = C9956PCH | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
 or more  time sources, however none of the sources are currently accessible.   No attempt
 to contact a source will be made for 14 minutes.  NtpClient has no source of accurate
 time. 
 
Error - 11.10.2010 11:41:07 | Computer Name = C9956PCH | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
 the Spooler service.
 
Error - 17.10.2010 12:48:56 | Computer Name = C9956PCH | Source = ipnathlp | ID = 32003
Description = The Network Address Translator (NAT) was unable to request an operation
of
 the kernel-mode translation module.  This may indicate misconfiguration, insufficient
 resources, or  an internal error.  The data is the error code.
 
Error - 02.11.2010 06:19:13 | Computer Name = C9956PCH | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
 the AcSvc service.
 
Error - 04.11.2010 04:54:28 | Computer Name = C9956PCH | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
 the AcSvc service.
 
Error - 07.11.2010 06:54:06 | Computer Name = C9956PCH | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
 the AcSvc service.
 
 
< End of report >
         
--- --- ---



Danke.
__________________

Alt 14.11.2010, 17:14   #4
markusg
/// Malware-holic
 
Finger verbrannt an Online-Pornos? "XXX : (Titel der Webseite)" in der IE und Firefox-Leiste - Standard

Finger verbrannt an Online-Pornos? "XXX : (Titel der Webseite)" in der IE und Firefox-Leiste



ist das nen firmen rechner?
download malwarebytes:
Malwarebytes
instalieren, öffnen, registerkarte aktualisierung, programm updaten.
schalte alle laufenden programme ab, trenne die internetverbindung.
registerkarte scanner, komplett scan, funde entfernen, log posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 14.11.2010, 18:37   #5
HansHampel
 
Finger verbrannt an Online-Pornos? "XXX : (Titel der Webseite)" in der IE und Firefox-Leiste - Standard

Finger verbrannt an Online-Pornos? "XXX : (Titel der Webseite)" in der IE und Firefox-Leiste



Ja. Es handelt sich um einen ehemaligen Firmen-Laptop. Leider kann ich die Software nicht laden. Dabei ist meine Verbindungsgeschwindigkeit in Ordnung... aber bereits die Seite selbst baut sich bei mir sehr langsam auf. Bevor wir klären woran es liegt .... gibt es alternative Softwaren, die "besser laufen"?

Danke Dir.


Alt 14.11.2010, 18:40   #6
markusg
/// Malware-holic
 
Finger verbrannt an Online-Pornos? "XXX : (Titel der Webseite)" in der IE und Firefox-Leiste - Standard

Finger verbrannt an Online-Pornos? "XXX : (Titel der Webseite)" in der IE und Firefox-Leiste



läuft combofix?

bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

aja, und nen porno solltest du dier lieber aus der vidiotek hohlen.
25 % aller pornoseiten enthalten malware :-)
__________________
--> Finger verbrannt an Online-Pornos? "XXX : (Titel der Webseite)" in der IE und Firefox-Leiste

Alt 14.11.2010, 18:57   #7
HansHampel
 
Finger verbrannt an Online-Pornos? "XXX : (Titel der Webseite)" in der IE und Firefox-Leiste - Standard

Finger verbrannt an Online-Pornos? "XXX : (Titel der Webseite)" in der IE und Firefox-Leiste



Halt, habe es eben mit Malwarebytes geschafft... Melde mich mit Report zurück.

Danke für den Videotheken-Tipp. Abgesehen davon, die Idioten-Quote von 25% zu gefährden, sollte ich mir nächstes Mal wirklich lieber die Videotheken-Karte meiner Freundin ausleihen anstelle ihres PCs... Ich dachte nicht, dass es so ein Thema wird. Ich hoffe, die Bisanz meines Anliegens etwas verschärft zu haben. Oh Gott. :-)

Alt 14.11.2010, 19:12   #8
markusg
/// Malware-holic
 
Finger verbrannt an Online-Pornos? "XXX : (Titel der Webseite)" in der IE und Firefox-Leiste - Standard

Finger verbrannt an Online-Pornos? "XXX : (Titel der Webseite)" in der IE und Firefox-Leiste



hehe. naja sag ihr einfach du wolltest nen geschenk suchen, da öffnete sich, ganz unerwartet, ein werbebanner mit so schmutzigem inhalt, das du rot angelaufen bist und dich vor lauter scharm kaum noch bewegen konntest :d:d
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Antwort

Themen zu Finger verbrannt an Online-Pornos? "XXX : (Titel der Webseite)" in der IE und Firefox-Leiste
angst, beheben, bereits, daten, ebay.de, empfohlen, experte, finger, firefox, funktionier, funktioniert, geladen, leben, leer, leiste, link, morgen, namen, porno, problem, shadow, stelle, taucht, titel, webseite, xxx ie, zerstört, zusammen



Ähnliche Themen: Finger verbrannt an Online-Pornos? "XXX : (Titel der Webseite)" in der IE und Firefox-Leiste


  1. neuer PC auf einmal sehr langsam, Firefox-Meldungen "Skript beschäftigt oder antwortet nicht", "keine Rückmeldung"
    Plagegeister aller Art und deren Bekämpfung - 20.05.2015 (26)
  2. win 7 firefox langsam "keine Rückmeldung" immer wieder Meldung "ein skript auf dieser Seite ist eventuell beschädigt...."
    Plagegeister aller Art und deren Bekämpfung - 14.01.2015 (11)
  3. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  4. Firefox wird von Werbung zugespammt ("Ads by ss8" und jetzt "Ads bei info")
    Log-Analyse und Auswertung - 16.09.2014 (30)
  5. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  6. Mit dem Titel "Click to Continue by Browse to Save" öffnen sich im Internet-Browser ein fremdes Werbefenster
    Plagegeister aller Art und deren Bekämpfung - 11.04.2013 (5)
  7. Webseite via FTP/FileZilla gehackt, Viren "JS/BlacoleRef.W.234" und "EXP/Pdfka.EL.831" gefunden
    Plagegeister aller Art und deren Bekämpfung - 20.02.2013 (37)
  8. Virus mit dem Titel: "Cyber Crime Investigation Departement"
    Plagegeister aller Art und deren Bekämpfung - 27.07.2012 (20)
  9. Windows Programme mit "Active X [...] Windows Live Mesh" im Titel
    Alles rund um Windows - 30.12.2011 (2)
  10. Firefox: Weiterleitung auf "gostats.com" und Werbung "served by Yourprofitclub"
    Log-Analyse und Auswertung - 10.03.2011 (4)
  11. Firefox: Weiterleitung auf "gostats.com" und Werbung "served by Yourprofitclub"
    Log-Analyse und Auswertung - 05.03.2011 (23)
  12. Wie soll ich "HTML/Rce.gen" in "\Firefox\Profiles\p2hadvdz.default\Cache" entfernen?
    Plagegeister aller Art und deren Bekämpfung - 06.02.2011 (1)
  13. Meldung "Your computer is infected!" in Task-Leiste
    Log-Analyse und Auswertung - 22.10.2008 (1)
  14. HJT LOG - "VIRUS ALERT!" in der Leiste
    Mülltonne - 28.08.2008 (0)
  15. Bitte um Hilfe. "Warning Spyware" Leiste
    Plagegeister aller Art und deren Bekämpfung - 17.02.2008 (3)
  16. "gutmütiger" Trojaner - online in "befreundeten" pc einloggen
    Alles rund um Windows - 19.10.2007 (5)
  17. "Neue" **unerwünschte leiste im Explorer**!
    Plagegeister aller Art und deren Bekämpfung - 05.10.2005 (4)

Zum Thema Finger verbrannt an Online-Pornos? "XXX : (Titel der Webseite)" in der IE und Firefox-Leiste - Hallo Zusammen, habe ein Problem: In der Titelleiste meines Browsers (sowohl IE als auch Firefox) taucht die Bezeichnung XXX vor dem Namen der Webseite auf. Beispiel: "XXX : ebay.de". Leider - Finger verbrannt an Online-Pornos? "XXX : (Titel der Webseite)" in der IE und Firefox-Leiste...
Archiv
Du betrachtest: Finger verbrannt an Online-Pornos? "XXX : (Titel der Webseite)" in der IE und Firefox-Leiste auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.