Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Spyware während der Pay-Pal Anmeldung!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 23.11.2010, 12:23   #1
Nemesis36
 
Spyware während der Pay-Pal Anmeldung! - Standard

Spyware während der Pay-Pal Anmeldung!



Hi,

ich habe ein Problem. Als ich mich neulich bei Pay-Pal anmelden wollte, kam in diesem Moment die Virus-Warnung von Avira:

Erkennungs-Muster des Droppers DR Spy/ZBot.arzj

Hört sich für mich nicht gut an, dass in dem Moment, wo ich mich bei Pay-Pal anmelden will, von wo man auf mein Geld zugreifen kann, ein "Virus" aktiv wird, wo was von Spy im Namen steht. Ich habe Angst, bitte helft mir.

Also habe ich mal Ad-Aware runtergeladen und auf Anhieb 5 Funde gehabt. Allerdings bin ich mir sicher, dass der Carspawner und der sacam_loader.exe keine Trojaner sind. Sie hacken sich lediglich in ein Computer-Spiel ein und werden deshalb wohl fälschlicherweise als Trojaner erkannt. Das Programm icetea dürfte auch kein Trojaner sein, das habe ich 1 Jahr und Avira hatte mich nicht gewahrnt, Anti-Malware auch nicht, aber jetzt auf einmal halt schon:

Code:
ATTFilter
Logfile created: 19.11.2010 21:20:23
Ad-Aware version: 8.3.5
Extended engine: 3
Extended engine version: 3.1.2770
User performing scan: Fabian

*********************** Definitions database information ***********************
Lavasoft definition file: 150.167
Genotype definition file version: 2010/11/18 15:56:06
Extended engine definition file: 7350.0

******************************** Scan results: *********************************
Scan profile name: Vollständiger Scan  (ID: full)
Objects scanned: 313180
Objects detected: 5


Type              Detected
==========================
Processes.......:        0
Registry entries:        0
Hostfile entries:        0
Files...........:        5
Folders.........:        0
LSPs............:        0
Cookies.........:        0
Browser hijacks.:        0
MRU objects.....:        0



Quarantined items:
Description: c:\users\fabian\appdata\roaming\desktopicon\ebayshortcuts.exe Family Name: Trojan.Win32.Adware Engine: 3 Clean status: Success Item ID: 1 Family ID: 0 MD5: a7cb09be9c921040735388b599209dbf
Description: c:\users\fabian\mein zeug\psp\psp\12556_icetea1.3_win\icetea1.3_win\icetea.exe Family Name: Win32.Hoax.Agent Engine: 1 Clean status: Success Item ID: 0 Family ID: 3723 MD5: 523f0447ad0cc94b734839f1ea7c433f
Description: c:\users\fabian\mein zeug\san andreas\san andreas-programmme\carspawner.exe Family Name: Trojan-Dropper.Win32.Agent Engine: 3 Clean status: Success Item ID: 2 Family ID: 0 MD5: 09b0c858845400df5110352bcb28a3cf
Description: c:\users\fabian\mein zeug\san andreas\san andreas-programmme\samp_cam_hack_vista\sampcamhack\sacam_loader.exe Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 3 Family ID: 0 MD5: da6e13d9187ae7af22035730b25c4569
Description: c:\program files\aws\minibug.exe Family Name: Trojan.Win32.Generic!BT Engine: 3 Clean status: Success Item ID: 3 Family ID: 0 MD5: 8a9ff2d074d6325e0bc8a0230ad282ff

Scan and cleaning complete: Stopped by request after 8603 seconds

*********************************** Settings ***********************************

Scan profile:
ID: full, enabled:1, value: Vollständiger Scan
  ID: folderstoscan, enabled:1, value: C:\
  ID: useantivirus, enabled:1, value: true
  ID: sections, enabled:1
    ID: scancriticalareas, enabled:1, value: true
    ID: scanrunningapps, enabled:1, value: true
    ID: scanregistry, enabled:1, value: true
    ID: scanlsp, enabled:1, value: true
    ID: scanads, enabled:1, value: true
    ID: scanhostsfile, enabled:1, value: true
    ID: scanmru, enabled:1, value: true
    ID: scanbrowserhijacks, enabled:1, value: true
    ID: scantrackingcookies, enabled:1, value: true
      ID: closebrowsers, enabled:1, value: false
  ID: filescanningoptions, enabled:1
    ID: archives, enabled:1, value: true
    ID: onlyexecutables, enabled:1, value: false
    ID: skiplargerthan, enabled:1, value: 20480
    ID: scanrootkits, enabled:1, value: true
      ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict
    ID: usespywareheuristics, enabled:1, value: true

Scan global:
ID: global, enabled:1
  ID: addtocontextmenu, enabled:1, value: true
  ID: playsoundoninfection, enabled:1, value: false
    ID: soundfile, enabled:0, value: N/A

Scheduled scan settings:
<Empty>

Update settings:
ID: updates, enabled:1
  ID: launchthreatworksafterscan, enabled:1, value: off, domain: normal,off,silently
  ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
  ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
  ID: schedules, enabled:1, value: true
    ID: updatedaily1, enabled:1, value: Daily 1
      ID: time, enabled:1, value: Fri Nov 19 21:14:00 2010
      ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
      ID: weekdays, enabled:1
        ID: monday, enabled:1, value: false
        ID: tuesday, enabled:1, value: false
        ID: wednesday, enabled:1, value: false
        ID: thursday, enabled:1, value: false
        ID: friday, enabled:1, value: false
        ID: saturday, enabled:1, value: false
        ID: sunday, enabled:1, value: false
      ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
      ID: scanprofile, enabled:1, value: 
      ID: auto_deal_with_infections, enabled:1, value: false
    ID: updatedaily2, enabled:1, value: Daily 2
      ID: time, enabled:1, value: Fri Nov 19 03:14:00 2010
      ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
      ID: weekdays, enabled:1
        ID: monday, enabled:1, value: false
        ID: tuesday, enabled:1, value: false
        ID: wednesday, enabled:1, value: false
        ID: thursday, enabled:1, value: false
        ID: friday, enabled:1, value: false
        ID: saturday, enabled:1, value: false
        ID: sunday, enabled:1, value: false
      ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
      ID: scanprofile, enabled:1, value: 
      ID: auto_deal_with_infections, enabled:1, value: false
    ID: updatedaily3, enabled:1, value: Daily 3
      ID: time, enabled:1, value: Fri Nov 19 09:14:00 2010
      ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
      ID: weekdays, enabled:1
        ID: monday, enabled:1, value: false
        ID: tuesday, enabled:1, value: false
        ID: wednesday, enabled:1, value: false
        ID: thursday, enabled:1, value: false
        ID: friday, enabled:1, value: false
        ID: saturday, enabled:1, value: false
        ID: sunday, enabled:1, value: false
      ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
      ID: scanprofile, enabled:1, value: 
      ID: auto_deal_with_infections, enabled:1, value: false
    ID: updatedaily4, enabled:1, value: Daily 4
      ID: time, enabled:1, value: Fri Nov 19 15:14:00 2010
      ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
      ID: weekdays, enabled:1
        ID: monday, enabled:1, value: false
        ID: tuesday, enabled:1, value: false
        ID: wednesday, enabled:1, value: false
        ID: thursday, enabled:1, value: false
        ID: friday, enabled:1, value: false
        ID: saturday, enabled:1, value: false
        ID: sunday, enabled:1, value: false
      ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
      ID: scanprofile, enabled:1, value: 
      ID: auto_deal_with_infections, enabled:1, value: false
    ID: updateweekly1, enabled:1, value: Weekly
      ID: time, enabled:1, value: Fri Nov 19 21:14:00 2010
      ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
      ID: weekdays, enabled:1
        ID: monday, enabled:1, value: true
        ID: tuesday, enabled:1, value: false
        ID: wednesday, enabled:1, value: false
        ID: thursday, enabled:1, value: false
        ID: friday, enabled:1, value: true
        ID: saturday, enabled:1, value: false
        ID: sunday, enabled:1, value: false
      ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
      ID: scanprofile, enabled:1, value: 
      ID: auto_deal_with_infections, enabled:1, value: false

Appearance settings:
ID: appearance, enabled:1
  ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
  ID: showtrayicon, enabled:1, value: true
  ID: autoentertainmentmode, enabled:1, value: true
  ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple
  ID: language, enabled:1, value: de, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language

Realtime protection settings:
ID: realtime, enabled:1
  ID: layers, enabled:1
    ID: useantivirus, enabled:1, value: true
    ID: usespywareheuristics, enabled:1, value: true
  ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
  ID: modules, enabled:1
    ID: processprotection, enabled:1, value: true
    ID: onaccessprotection, enabled:1, value: false
    ID: registryprotection, enabled:1, value: true
    ID: networkprotection, enabled:1, value: true


****************************** System information ******************************
Computer name: FABIAN-PC
Processor name: Intel(R) Core(TM)2 CPU          6600  @ 2.40GHz
Processor identifier: x86 Family 6 Model 15 Stepping 6
Processor speed: ~2405MHZ
Raw info: processorarchitecture 0, processortype 586, processorlevel 6, processor revision 3846, number of processors 2, processor features: [MMX,SSE,SSE2,SSE3]
Physical memory available: 1099677696 bytes
Physical memory total: 2145710080 bytes
Virtual memory available: 1838669824 bytes
Virtual memory total: 2147352576 bytes
Memory load: 48%
Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Windows startup mode:

Running processes:
PID: 488 name: C:\Windows\System32\smss.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 604 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 656 name: C:\Windows\System32\wininit.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 668 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 700 name: C:\Windows\System32\services.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 712 name: C:\Windows\System32\lsass.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 724 name: C:\Windows\System32\lsm.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 888 name: C:\Windows\System32\winlogon.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 912 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 976 name: C:\Windows\System32\nvvsvc.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1004 name: C:\Windows\System32\svchost.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 1044 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1096 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 1132 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1168 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1336 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1360 name: C:\Windows\System32\SLsvc.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 1392 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 1484 name: C:\Windows\System32\rundll32.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1628 name: C:\Windows\System32\svchost.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 1756 name: C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1848 name: C:\Windows\System32\spoolsv.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1872 name: C:\Program Files\Avira\AntiVir Desktop\sched.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1884 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 336 name: C:\Program Files\Avira\AntiVir Desktop\avguard.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 396 name: C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1416 name: C:\Program Files\OO Software\Defrag\oodag.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1468 name: C:\Windows\System32\PnkBstrA.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2008 name: C:\Windows\System32\svchost.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 648 name: C:\Program Files\CyberLink\Shared Files\RichVideo.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2052 name: C:\Users\Fabian\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2104 name: C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2120 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 2148 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2188 name: C:\Windows\System32\SearchIndexer.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2216 name: C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2348 name: C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2488 name: C:\Windows\System32\wbem\WmiPrvSE.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 2696 name: C:\Windows\System32\WUDFHost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 2932 name: C:\Windows\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2992 name: C:\Windows\System32\wbem\WmiPrvSE.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 3292 name: C:\Windows\System32\dwm.exe owner: Fabian domain: Fabian-PC
PID: 3344 name: C:\Windows\explorer.exe owner: Fabian domain: Fabian-PC
PID: 3372 name: C:\Windows\System32\taskeng.exe owner: Fabian domain: Fabian-PC
PID: 3724 name: C:\Windows\System32\Narrator.exe owner: Fabian domain: Fabian-PC
PID: 3804 name: C:\Windows\System32\rundll32.exe owner: Fabian domain: Fabian-PC
PID: 3848 name: C:\Program Files\Razer\Salmosa\razerhid.exe owner: Fabian domain: Fabian-PC
PID: 3940 name: C:\Program Files\Logitech\Gaming Software\LWEMon.exe owner: Fabian domain: Fabian-PC
PID: 3952 name: C:\Program Files\Razer\Salmosa\razertra.exe owner: Fabian domain: Fabian-PC
PID: 3980 name: C:\Program Files\Razer\Salmosa\razerofa.exe owner: Fabian domain: Fabian-PC
PID: 4000 name: C:\Program Files\Java\jre6\bin\jusched.exe owner: Fabian domain: Fabian-PC
PID: 4044 name: C:\Program Files\Avira\AntiVir Desktop\avgnt.exe owner: Fabian domain: Fabian-PC
PID: 4056 name: C:\Program Files\QuickTime\QTTask.exe owner: Fabian domain: Fabian-PC
PID: 4064 name: C:\Windows\ehome\ehtray.exe owner: Fabian domain: Fabian-PC
PID: 2100 name: C:\Program Files\Windows Media Player\wmpnscfg.exe owner: Fabian domain: Fabian-PC
PID: 1732 name: C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Fabian domain: Fabian-PC
PID: 832 name: C:\Windows\ehome\ehmsas.exe owner: Fabian domain: Fabian-PC
PID: 1588 name: C:\Windows\ehome\ehsched.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 3640 name: C:\Program Files\Windows Media Player\wmpnetwk.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 1544 name: C:\Windows\ehome\ehrecvr.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 2260 name: C:\Windows\System32\taskeng.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 3044 name: C:\Windows\System32\SearchProtocolHost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 3760 name: C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe owner: Fabian domain: Fabian-PC
PID: 2940 name: C:\Windows\System32\SearchFilterHost.exe owner: SYSTEM domain: NT-AUTORITÄT

Startup items:
Name: {8C7461EF-2B13-11d2-BE35-3078302C2030}
          imagepath: Component Categories cache daemon
Name: NvCplDaemon
          imagepath: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
Name: NvMediaCenter
          imagepath: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
Name: Salmosa
          imagepath: C:\Program Files\Razer\Salmosa\razerhid.exe
Name: Start WingMan Profiler
          imagepath: C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
Name: SunJavaUpdateSched
          imagepath: "C:\Program Files\Java\jre6\bin\jusched.exe"
Name: Ocs_SM
          imagepath: C:\Users\Fabian\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
Name:  Malwarebytes Anti-Malware  (reboot)
          imagepath: "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
Name: avgnt
          imagepath: "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
Name: QuickTime Task
          imagepath: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
Name: WebCheck
          imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: 
          imagepath: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
Name: 
          imagepath: C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

Bootexecute items:
Name: 
          imagepath: autocheck autochk *
Name: 
          imagepath: OODBS

Running services:
Name: AeLookupSvc
          displayname: Anwendungserfahrung
Name: AntiVirSchedulerService
          displayname: Avira AntiVir Planer
Name: AntiVirService
          displayname: Avira AntiVir Guard
Name: Appinfo
          displayname: Anwendungsinformationen
Name: AudioEndpointBuilder
          displayname: Windows-Audio-Endpunkterstellung
Name: Audiosrv
          displayname: Windows-Audio
Name: BFE
          displayname: Basisfiltermodul
Name: BITS
          displayname: Intelligenter Hintergrundübertragungsdienst
Name: Browser
          displayname: Computerbrowser
Name: CryptSvc
          displayname: Kryptografiedienste
Name: DcomLaunch
          displayname: DCOM-Server-Prozessstart
Name: Dhcp
          displayname: DHCP-Client
Name: Dnscache
          displayname: DNS-Client
Name: DPS
          displayname: Diagnoserichtliniendienst
Name: EapHost
          displayname: Extensible Authentication-Protokoll
Name: ehRecvr
          displayname: Windows Media Center-Empfängerdienst
Name: ehSched
          displayname: Windows Media Center-Planerdienst
Name: EMDMgmt
          displayname: ReadyBoost
Name: Eventlog
          displayname: Windows-Ereignisprotokoll
Name: EventSystem
          displayname: COM+-Ereignissystem
Name: fdPHost
          displayname: Funktionssuchanbieter-Host
Name: FDResPub
          displayname: Funktionssuche-Ressourcenveröffentlichung
Name: gpsvc
          displayname: Gruppenrichtlinienclient
Name: hidserv
          displayname: Zugriff auf Eingabegeräte
Name: IKEEXT
          displayname: IKE- und AuthIP IPsec-Schlüsselerstellungsmodule
Name: iphlpsvc
          displayname: IP-Hilfsdienst
Name: KeyIso
          displayname: CNG-Schlüsselisolation
Name: KtmRm
          displayname: KtmRm für Distributed Transaction Coordinator
Name: LanmanServer
          displayname: Server
Name: LanmanWorkstation
          displayname: Arbeitsstationsdienst
Name: Lavasoft Ad-Aware Service
          displayname: Lavasoft Ad-Aware Service
Name: lmhosts
          displayname: TCP/IP-NetBIOS-Hilfsdienst
Name: MMCSS
          displayname: Multimediaklassenplaner
Name: MpsSvc
          displayname: Windows-Firewall
Name: Nero BackItUp Scheduler 4.0
          displayname: Nero BackItUp Scheduler 4.0
Name: Netman
          displayname: Netzwerkverbindungen
Name: netprofm
          displayname: Netzwerklistendienst
Name: NlaSvc
          displayname: NLA (Network Location Awareness)
Name: nsi
          displayname: Netzwerkspeicher-Schnittstellendienst
Name: nvsvc
          displayname: NVIDIA Display Driver Service
Name: OODefragAgent
          displayname: O&O Defrag
Name: PcaSvc
          displayname: Programmkompatibilitäts-Assistent-Dienst
Name: PlugPlay
          displayname: Plug & Play
Name: PnkBstrA
          displayname: PnkBstrA
Name: PolicyAgent
          displayname: IPsec-Richtlinien-Agent
Name: ProfSvc
          displayname: Benutzerprofildienst
Name: RasMan
          displayname: RAS-Verbindungsverwaltung
Name: RichVideo
          displayname: Cyberlink RichVideo Service(CRVS)
Name: RpcSs
          displayname: Remoteprozeduraufruf (RPC)
Name: SamSs
          displayname: Sicherheitskonto-Manager
Name: SBSDWSCService
          displayname: SBSD Security Center Service
Name: Schedule
          displayname: Aufgabenplanung
Name: SearchAnonymizer
          displayname: SearchAnonymizer
Name: seclogon
          displayname: Sekundäre Anmeldung
Name: SENS
          displayname: Benachrichtigungsdienst für Systemereignisse
Name: ShellHWDetection
          displayname: Shellhardwareerkennung
Name: slsvc
          displayname: Softwarelizenzierung
Name: Spooler
          displayname: Druckwarteschlange
Name: SSDPSRV
          displayname: SSDP-Suche
Name: SstpSvc
          displayname: SSTP-Dienst
Name: StarWindServiceAE
          displayname: StarWind AE Service
Name: stisvc
          displayname: Windows-Bilderfassung
Name: SysMain
          displayname: Superfetch
Name: TabletInputService
          displayname: Tablet PC-Eingabedienst
Name: TapiSrv
          displayname: Telefonie
Name: TermService
          displayname: Terminaldienste
Name: Themes
          displayname: Designs
Name: TrkWks
          displayname: Überwachung verteilter Verknüpfungen (Client)
Name: upnphost
          displayname: UPnP-Gerätehost
Name: UxSms
          displayname: Sitzungs-Manager für Desktopfenster-Manager
Name: UxTuneUp
          displayname: TuneUp Designerweiterung
Name: VMCService
          displayname: Vodafone Mobile Connect Service
Name: W32Time
          displayname: Windows-Zeitgeber
Name: WdiSystemHost
          displayname: Diagnosesystemhost
Name: WebClient
          displayname: WebClient
Name: WerSvc
          displayname: Windows-Fehlerberichterstattungsdienst
Name: WinDefend
          displayname: Windows-Defender
Name: WinHttpAutoProxySvc
          displayname: WinHTTP-Web Proxy Auto-Discovery-Dienst
Name: Winmgmt
          displayname: Windows-Verwaltungsinstrumentation
Name: Wlansvc
          displayname: Automatische WLAN-Konfiguration
Name: WMPNetworkSvc
          displayname: Windows Media Player-Netzwerkfreigabedienst
Name: WPDBusEnum
          displayname: Enumeratordienst für tragbare Geräte
Name: wscsvc
          displayname: Sicherheitscenter
Name: WSearch
          displayname: Windows Search
Name: wuauserv
          displayname: Windows Update
Name: wudfsvc
          displayname: Windows Driver Foundation - Benutzermodus-Treiberframework
         
Das Programm spuckt noch nen paar andere interessante Sachen aus, wie laufende Prozesse. Vllt. kann da ja jemand was mit anfangen.

Hier mal die OTL-Logfile. Ist es normal, dass während das Programm läuft 100 mal diese Fehlermeldung kommt?:

Exception Processing Message 0xc0000013 Parameters 0x754E92A0
0x0000004 ox754E92A0 0x754E92A0


Wenn nicht, ist die Log-File denke ich mal aussagelos, aber hier:

OTL.Txt

Code:
ATTFilter
OTL logfile created on: 23.11.2010 12:46:31 - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\Fabian\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18783)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 43,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 64,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,76 Gb Total Space | 27,49 Gb Free Space | 5,90% Space Free | Partition Type: NTFS
Drive E: | 59,31 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 999,63 Mb Total Space | 803,11 Mb Free Space | 80,34% Space Free | Partition Type: FAT
 
Computer Name: FABIAN-PC | User Name: Fabian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Fabian\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Programme\Mozilla Firefox\plugin-container.exe (Mozilla Corporation)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\OO Software\Defrag\oodag.exe (O&O Software GmbH)
PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe (Vodafone)
PRC - C:\Programme\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
PRC - C:\Users\Fabian\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Internet Explorer\ielowutil.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
PRC - C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Razer\Salmosa\razertra.exe ()
PRC - C:\Programme\Razer\Salmosa\razerhid.exe ()
PRC - C:\Programme\Razer\Salmosa\razerofa.exe (Razer Inc.)
PRC - C:\Programme\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Fabian\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (OODefragAgent) -- C:\Program Files\OO Software\Defrag\oodag.exe (O&O Software GmbH)
SRV - (VMCService) -- C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe (Vodafone)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (SearchAnonymizer) -- C:\Users\Fabian\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe ()
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Programme\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (TuneUp.Defrag) -- C:\Windows\System32\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (SBSDWSCService) -- C:\Programme\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (StarWindServiceAE) -- C:\Programme\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (wanatw) WAN Miniport (ATW) -- C:\Windows\System32\DRIVERS\wanatw4.sys File not found
DRV - (PCASp50) -- C:\Windows\System32\Drivers\PCASp50.sys File not found
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys File not found
DRV - (blbdrive) -- C:\Windows\System32\drivers\blbdrive.sys File not found
DRV - (Lavasoft Kernexplorer) -- C:\Programme\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (cpuz133) -- C:\Windows\System32\drivers\cpuz133_x32.sys (Windows (R) Win 7 DDK provider)
DRV - (vodafone_K3805-z_dc_enum) -- C:\Windows\System32\drivers\vodafone_K3805-z_dc_enum.sys (Vodafone)
DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()
DRV - (RRNetCapMP) -- C:\Windows\System32\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV - (RRNetCap) -- C:\Windows\System32\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys ()
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (hxctlflt) -- C:\Windows\System32\drivers\hxctlflt.sys (Guillemot Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (acedrv11) -- C:\Windows\System32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (L1E) -- C:\Windows\System32\drivers\L1E60x86.sys (Atheros Communications, Inc.)
DRV - (Salmosa03) -- C:\Windows\System32\drivers\Salmosa.sys (Razer (Asia-Pacific) Pte Ltd)
DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV - (WmXlCore) -- C:\Windows\System32\drivers\WmXlCore.sys (Logitech Inc.)
DRV - (WmVirHid) -- C:\Windows\System32\drivers\WmVirHid.sys (Logitech Inc.)
DRV - (WmFilter) -- C:\Windows\System32\drivers\WmFilter.sys (Logitech Inc.)
DRV - (WmBEnum) -- C:\Windows\System32\drivers\WmBEnum.sys (Logitech Inc.)
DRV - (usbaudio) USB-Audiotreiber (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (NPF) WinPcap Packet Driver (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies)
DRV - (SLEE_16_DRIVER) -- C:\Windows\System32\drivers\sleen16.sys (Softwareentwicklung Remus - ArchiCrypt )
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (TBPanel) -- C:\Windows\System32\drivers\TBPanel.sys (Windows (R) 2000 DDK provider)
DRV - (RTL8187) -- C:\Windows\System32\drivers\rtl8187.sys (Realtek Semiconductor Corporation                           )
DRV - (RtlProt) -- C:\Windows\System32\drivers\RtlProt.sys (Windows (R) Codename Longhorn DDK provider)
DRV - (HCW88TSE) -- C:\Windows\System32\drivers\hcw88tse.sys (Hauppauge Computer Works, Inc)
DRV - (hcw88rc5) -- C:\Windows\System32\drivers\hcw88rc5.sys (Hauppauge Computer Works, Inc.)
DRV - (HCW88BDA) -- C:\Windows\System32\drivers\hcw88bda.sys (Hauppauge Computer Works, Inc)
DRV - (HCW88AUD) -- C:\Windows\System32\drivers\hcw88aud.sys (Hauppauge Computer Works, Inc)
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\Windows\System32\drivers\sfvfs02.sys (Protection Technology (StarForce))
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (SiSRaid2) -- C:\Windows\system32\drivers\sisraid2.sys (Silicon Integrated Systems Corp.)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Logic Corporation)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (yukonwlh) -- C:\Windows\System32\drivers\yk60x86.sys (Marvell)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (AsIO) -- C:\Windows\System32\drivers\AsIO.sys ()
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Windows (R) 2000 DDK provider)
DRV - (sfsync02) StarForce Protection Synchronization Driver (version 2.x) -- C:\Windows\System32\drivers\sfsync02.sys (Protection Technology)
DRV - (sfdrv01a) StarForce Protection Environment Driver (version 1.x.a) -- C:\Windows\System32\drivers\sfdrv01a.sys (Protection Technology (StarForce))
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\Windows\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (giveio) -- C:\Windows\system32\giveio.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://google.icq.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=15506&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0E 43 C9 81 10 F8 C9 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://de.ask.com?o=15506&l=dis"
FF - prefs.js..extensions.enabledItems: linky@gemal.dk:3.0.0
FF - prefs.js..extensions.enabledItems: {FFA36170-80B1-4535-B0E3-A4569E497DD0}:3.0.0
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:4.0.0
FF - prefs.js..extensions.enabledItems: text2voice@vik.josh:1.04
FF - prefs.js..extensions.enabledItems: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=PTF&o=15503&locale=de_DE&apn_uid=11CD7CE0-0802-4096-9918-2B79D823DDB1&apn_ptnrs=LH&apn_sauid=57F84CA6-02ED-4AF7-AF74-0E3E54CEB7FC&apn_dtid=YYYYYYYYDE&q="
 
FF - HKLM\software\mozilla\3B\Extensions\\Plugins: C:\Program Files\3B\3B Browser\plugins
FF - HKLM\software\mozilla\3B\Extensions\\Components: C:\Program Files\3B\3B Browser\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.11.17 18:07:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.11.17 18:07:00 | 000,000,000 | ---D | M]
 
[2009.05.28 17:40:55 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\mozilla\Extensions
[2009.05.28 17:40:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabian\AppData\Roaming\mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2010.11.22 20:17:36 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\b87ycbqn.default\extensions
[2010.10.13 10:23:34 | 000,000,000 | ---D | M] (DVDVideoSoftTB Toolbar) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\b87ycbqn.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2010.07.25 13:37:28 | 000,000,000 | ---D | M] (ReloadEvery) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\b87ycbqn.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}
[2010.07.30 13:32:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\b87ycbqn.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2009.11.01 21:00:22 | 000,000,000 | ---D | M] (Mouse Gestures Redox) -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\b87ycbqn.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}
[2010.10.15 21:11:52 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\b87ycbqn.default\extensions\firefox@tvunetworks.com
[2010.02.25 21:53:55 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\b87ycbqn.default\extensions\linky@gemal.dk
[2010.07.25 13:37:28 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\mozilla\Firefox\Profiles\b87ycbqn.default\extensions\text2voice@vik.josh
[2009.05.28 18:26:47 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\mozilla\Webview\Profiles\5lew9xis.default\extensions
[2010.11.01 20:56:43 | 000,002,393 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\askcom.xml
[2010.02.12 20:44:49 | 000,000,881 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\conduit.xml
[2010.01.08 23:36:25 | 000,001,067 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\icqplugin-1.xml
[2010.01.08 23:36:25 | 000,001,067 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\icqplugin-2.xml
[2010.01.08 23:36:25 | 000,001,067 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\icqplugin-3.xml
[2010.01.08 23:36:25 | 000,001,067 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\icqplugin-4.xml
[2010.01.08 23:36:25 | 000,001,067 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\icqplugin-5.xml
[2010.01.08 23:36:25 | 000,001,067 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\icqplugin-6.xml
[2010.01.08 23:36:25 | 000,001,067 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\icqplugin-7.xml
[2010.01.08 23:36:25 | 000,001,067 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\icqplugin-8.xml
[2009.03.01 13:02:44 | 000,000,944 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\icqplugin.xml
[2010.01.08 23:36:25 | 000,001,990 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\live-search.xml
[2010.01.08 23:36:25 | 000,002,152 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\{16D7952D-520A-443C-A9BB-076AD285EC24}.xml
[2010.01.08 23:36:25 | 000,002,041 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\{D40089CC-F1EC-4A72-8AC0-DF5721AE9DC7}.xml
[2010.01.08 23:36:25 | 000,002,486 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\{E01D02BC-4AD7-45DE-B6B5-8044C43F0042}.xml
[2010.01.08 23:36:25 | 000,001,834 | ---- | M] () -- C:\Users\Fabian\AppData\Roaming\Mozilla\FireFox\Profiles\b87ycbqn.default\searchplugins\{F53BF450-400E-4A03-A9DE-735D1BE6B555}.xml
[2010.03.17 17:15:06 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.01.10 16:10:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2008.11.11 08:38:54 | 000,663,552 | ---- | M] (BitComet) -- C:\Programme\Mozilla Firefox\plugins\npBitCometAgent.dll
[2010.11.17 18:06:57 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.11.17 18:06:57 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.11.17 18:06:57 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.11.17 18:06:57 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.11.17 18:06:57 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (TBSB03968 Class) - {AA61DE26-FA67-4575-9033-918671094293} - C:\Users\Fabian\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll ()
O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Toolbar fuer eBay) - {000E148C-F7A7-445A-9044-93BF6CE09ECB} - C:\Users\Fabian\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll ()
O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Programme\MSN\Toolbar\3.0.0744.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (DVDVideoSoft Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Toolbar fuer eBay) - {000E148C-F7A7-445A-9044-93BF6CE09ECB} - C:\Users\Fabian\AppData\Roaming\Toolbars\Toolbar fuer eBay\ebay.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Programme\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoft Toolbar) - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - C:\Programme\DVDVideoSoft\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Ocs_SM] C:\Users\Fabian\AppData\Roaming\OCS\SM\SearchAnonymizer.exe ()
O4 - HKLM..\Run: [Salmosa] C:\Programme\Razer\Salmosa\razerhid.exe ()
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe File not found
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O13 - gopher Prefix: missing
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/DE-DE/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Fabian\Pictures\Opel\astra_opc_07.jpg
O24 - Desktop BackupWallPaper: C:\Users\Fabian\Pictures\Opel\astra_opc_07.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.03.13 21:39:50 | 000,000,070 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{36bd1806-9d03-11dd-9b6b-0015af0f71e4}\Shell - "" = AutoRun
O33 - MountPoints2\{36bd1806-9d03-11dd-9b6b-0015af0f71e4}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008.03.13 19:33:06 | 000,323,584 | R--- | M] (Vodafone)
O33 - MountPoints2\{437a1e9b-1821-11dc-86fa-0015af0f71e4}\Shell - "" = AutoRun
O33 - MountPoints2\{437a1e9b-1821-11dc-86fa-0015af0f71e4}\Shell\AutoRun\command - "" = F:\autorun.exe -- File not found
O33 - MountPoints2\{5242290c-ddb7-11dd-b17f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{5242290c-ddb7-11dd-b17f-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008.03.13 19:33:06 | 000,323,584 | R--- | M] (Vodafone)
O33 - MountPoints2\{717be4ed-fdf1-11de-9557-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{717be4ed-fdf1-11de-9557-806e6f6e6963}\Shell\AutoRun\command - "" = G:\setup.exe -- File not found
O33 - MountPoints2\{74df503e-58cf-11de-b5f1-002215817f78}\Shell - "" = AutoRun
O33 - MountPoints2\{74df503e-58cf-11de-b5f1-002215817f78}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O33 - MountPoints2\{74df503f-58cf-11de-b5f1-002215817f78}\Shell - "" = AutoRun
O33 - MountPoints2\{74df503f-58cf-11de-b5f1-002215817f78}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008.03.13 19:33:06 | 000,323,584 | R--- | M] (Vodafone)
O33 - MountPoints2\{76221c49-1a42-11de-8110-0022156ea7d8}\Shell\Open\command - "" = resycled\ntldr.com g:
O33 - MountPoints2\{81506faf-008e-11d6-b7d2-af3a5cb6d4fa}\Shell - "" = AutoRun
O33 - MountPoints2\{81506faf-008e-11d6-b7d2-af3a5cb6d4fa}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O33 - MountPoints2\{81506fb0-008e-11d6-b7d2-af3a5cb6d4fa}\Shell - "" = AutoRun
O33 - MountPoints2\{81506fb0-008e-11d6-b7d2-af3a5cb6d4fa}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O33 - MountPoints2\{82fa176f-62c9-11dc-9cf2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{82fa176f-62c9-11dc-9cf2-806e6f6e6963}\Shell\AutoRun\command - "" = D:\autorun.exe -- File not found
O33 - MountPoints2\{9cdc8d64-4655-11df-a7f2-a435c0b612f3}\Shell - "" = AutoRun
O33 - MountPoints2\{9cdc8d64-4655-11df-a7f2-a435c0b612f3}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008.03.13 19:33:06 | 000,323,584 | R--- | M] (Vodafone)
O33 - MountPoints2\{9cdc8d66-4655-11df-a7f2-a435c0b612f3}\Shell - "" = AutoRun
O33 - MountPoints2\{9cdc8d66-4655-11df-a7f2-a435c0b612f3}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008.03.13 19:33:06 | 000,323,584 | R--- | M] (Vodafone)
O33 - MountPoints2\{af13677f-a8cf-11dd-83f2-0015af0f71e4}\Shell - "" = AutoRun
O33 - MountPoints2\{af13677f-a8cf-11dd-83f2-0015af0f71e4}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O33 - MountPoints2\{af1367d7-a8cf-11dd-83f2-0015af0f71e4}\Shell - "" = AutoRun
O33 - MountPoints2\{af1367d7-a8cf-11dd-83f2-0015af0f71e4}\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O33 - MountPoints2\{aff9b0a2-24b0-11dc-a864-001a929e05cc}\Shell\AutoRun\command - "" = F:\.\Recycled\Driveinfo.exe -- File not found
O33 - MountPoints2\{aff9b0a2-24b0-11dc-a864-001a929e05cc}\Shell\Open\Command - "" = F:\.\Recycled\Driveinfo.exe -- File not found
O33 - MountPoints2\{eaefd989-fe44-11d5-a49b-002215817f78}\Shell - "" = AutoRun
O33 - MountPoints2\{eaefd989-fe44-11d5-a49b-002215817f78}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008.03.13 19:33:06 | 000,323,584 | R--- | M] (Vodafone)
O33 - MountPoints2\{fad34269-a452-11de-b2c3-002215817f78}\Shell - "" = AutoRun
O33 - MountPoints2\{fad34269-a452-11de-b2c3-002215817f78}\Shell\AutoRun\command - "" = E:\setup.exe -- [2008.03.13 19:33:06 | 000,323,584 | R--- | M] (Vodafone)
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup.exe -- [2008.03.13 19:33:06 | 000,323,584 | R--- | M] (Vodafone)
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup.exe -- File not found
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (OODBS) - C:\Windows\System32\OODBS.exe (O&O Software GmbH)
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.11.23 12:34:27 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Fabian\Desktop\OTL.exe
[2010.11.23 12:21:44 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Fabian\Desktop\HiJackThis204.exe
[2010.11.22 20:33:21 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\Musik
[2010.11.20 00:55:43 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.11.20 00:55:42 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.11.20 00:54:05 | 006,153,352 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Fabian\Desktop\mbam146-setup.exe
[2010.11.19 21:14:30 | 000,064,288 | ---- | C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys
[2010.11.19 21:14:27 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010.11.19 21:08:59 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Local\Sunbelt Software
[2010.11.19 20:59:21 | 000,000,000 | -H-D | C] -- C:\ProgramData\{E961CE1B-C3EA-4882-9F67-F859B555D097}
[2010.11.19 20:58:57 | 000,000,000 | ---D | C] -- C:\Programme\Lavasoft
[2010.11.19 20:58:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2010.11.19 20:53:05 | 133,432,520 | ---- | C] (Lavasoft                                                                                                                                                                                                                                                                                                    ) -- C:\Users\Fabian\Desktop\Ad-AwareInstall-833.exe
[2010.11.19 17:24:06 | 016,409,960 | ---- | C] (Safer Networking Limited                                    ) -- C:\Users\Fabian\Desktop\spybotsd162.exe
[2010.11.18 22:50:55 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\1224146592hqlm2
[2010.11.18 22:49:14 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\1167043196_71_amc_matador_taxi
[2010.11.18 22:42:37 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\1250783604_SA_1994_Ford_Crown_Victoria_Taxi_by_BR
[2010.11.18 22:42:14 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\BackUp
[2010.11.18 20:30:33 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\Mods
[2010.11.18 20:26:26 | 000,224,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\TabCtl32.ocx
[2010.11.18 20:22:55 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\San_Andreas_Control_Center_v211
[2010.11.17 18:54:55 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\SAStreamMemFix v.3
[2010.11.17 18:39:30 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\asiloader
[2010.11.17 18:30:33 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Local\Mato_Technologies
[2010.11.17 18:26:47 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\IMG-Manager-V.1.5
[2010.11.17 18:21:48 | 000,000,000 | ---D | C] -- C:\Programme\SRT3 V1.7
[2010.11.16 22:41:06 | 660,927,285 | ---- | C] (BLITZ ARCADE                                                ) -- C:\Users\Fabian\Desktop\2010_03_22_SRT3_MOD.exe
[2010.10.29 16:13:47 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Tracing
[2010.10.28 23:23:34 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\Foto
[2010.10.28 22:04:54 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\Papa Stick
[2010.10.28 21:07:50 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\Kunst
[2010.10.28 20:59:21 | 000,000,000 | ---D | C] -- C:\Users\Fabian\AppData\Roaming\PhotoFiltre
[2010.10.28 20:58:54 | 000,000,000 | ---D | C] -- C:\Programme\PhotoFiltre
[2010.10.28 18:25:51 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\Neuer Ordner
[2010.10.28 18:25:42 | 000,000,000 | ---D | C] -- C:\Users\Fabian\Desktop\Fabi
[2010.10.28 18:15:43 | 000,000,000 | -HSD | C] -- C:\Users\Fabian\AppData\Roaming\jh87uhnoe3
[2010.06.22 17:37:07 | 000,072,224 | ---- | C] (Martin Pesch) -- C:\Programme\mp3DirectCut.exe
[2010.01.09 13:48:43 | 000,184,320 | ---- | C] ( ) -- C:\Windows\System32\rsnp2uvc.dll
[2010.01.09 13:48:43 | 000,176,128 | ---- | C] ( ) -- C:\Windows\System32\csnp2uvc.dll
[2008.12.09 15:04:28 | 027,580,296 | ---- | C] (                                   ) -- C:\Programme\AdbeRdr90_de_DE.exe
[2007.08.13 17:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\Fabian\AppData\Local\CDRip.dll
[2007.01.18 21:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\Fabian\AppData\Local\No23 Recorder.exe
[2006.12.11 19:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\Fabian\AppData\Local\basscd.dll
[2006.12.11 19:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\Fabian\AppData\Local\bass.dll
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.11.23 13:04:24 | 003,757,489 | ---- | M] () -- C:\Users\Fabian\Desktop\PB230066.JPG
[2010.11.23 12:45:15 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{96A16510-0F25-41F6-A1C5-B3B8D56AE797}.job
[2010.11.23 12:44:59 | 000,000,394 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{60E70999-78D0-41AB-8805-04CC34877BB3}.job
[2010.11.23 12:34:28 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Fabian\Desktop\OTL.exe
[2010.11.23 12:26:01 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-600222665-2756014500-3235698655-1001UA.job
[2010.11.23 12:21:46 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Fabian\Desktop\HiJackThis204.exe
[2010.11.23 12:00:36 | 000,376,692 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.11.23 12:00:36 | 000,264,200 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.11.23 12:00:36 | 000,079,724 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.11.23 12:00:36 | 000,061,200 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.11.23 11:55:15 | 000,000,250 | ---- | M] () -- C:\Windows\tasks\RtlVistaStart.job
[2010.11.23 11:55:05 | 000,000,370 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.11.23 11:54:50 | 000,004,432 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.11.23 11:54:50 | 000,004,432 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.11.23 11:54:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.11.23 11:54:35 | 2146,484,224 | -HS- | M] () -- C:\hiberfil.sys
[2010.11.23 11:54:34 | 000,127,600 | ---- | M] () -- C:\Windows\System32\oodbs.lor
[2010.11.22 20:26:00 | 000,001,070 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-600222665-2756014500-3235698655-1001Core.job
[2010.11.21 18:21:49 | 000,010,758 | ---- | M] () -- C:\Users\Fabian\Desktop\GELD!!!.xlsx
[2010.11.20 01:12:51 | 000,062,831 | ---- | M] () -- C:\Users\Fabian\Desktop\Aufzeichnen.JPG
[2010.11.20 00:55:46 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.20 00:54:16 | 006,153,352 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Fabian\Desktop\mbam146-setup.exe
[2010.11.19 21:14:27 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\Windows\System32\drivers\SBREDrv.sys
[2010.11.19 21:10:50 | 004,309,540 | ---- | M] () -- C:\Users\Fabian\Desktop\STEG USRMAN 2CH.pdf
[2010.11.19 20:59:18 | 000,001,015 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.11.19 20:57:47 | 133,432,520 | ---- | M] (Lavasoft                                                                                                                                                                                                                                                                                                    ) -- C:\Users\Fabian\Desktop\Ad-AwareInstall-833.exe
[2010.11.19 17:30:52 | 005,535,216 | ---- | M] () -- C:\Users\Fabian\Desktop\San_Andreas_Control_Center_v211.zip
[2010.11.19 17:29:50 | 000,293,184 | ---- | M] () -- C:\Users\Fabian\Desktop\SoftonicDownloader_fuer_ad-aware-free-internet-security.exe
[2010.11.19 17:29:20 | 000,001,055 | ---- | M] () -- C:\Users\Fabian\Desktop\Spybot - Search & Destroy.lnk
[2010.11.19 17:24:58 | 016,409,960 | ---- | M] (Safer Networking Limited                                    ) -- C:\Users\Fabian\Desktop\spybotsd162.exe
[2010.11.19 17:17:16 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\1-Klick-Wartung.job
[2010.11.19 00:11:09 | 000,079,684 | ---- | M] () -- C:\Users\Fabian\Desktop\Postident_Basic_Hitmeister.pdf
[2010.11.19 00:00:28 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\NeroLiveEpgUpdate-Fabian-PC_Fabian.job
[2010.11.18 22:50:48 | 001,315,898 | ---- | M] () -- C:\Users\Fabian\Desktop\1224146592hqlm2.rar
[2010.11.18 22:47:06 | 000,914,787 | ---- | M] () -- C:\Users\Fabian\Desktop\1196595824_SA_AMC_Matador71Final.rar
[2010.11.18 22:46:18 | 002,006,443 | ---- | M] () -- C:\Users\Fabian\Desktop\1167043196_71_amc_matador_taxi.rar
[2010.11.18 22:42:03 | 001,883,346 | ---- | M] () -- C:\Users\Fabian\Desktop\1250783604_SA_1994_Ford_Crown_Victoria_Taxi_by_BR.rar
[2010.11.18 22:07:51 | 000,012,052 | ---- | M] () -- C:\Users\Fabian\Desktop\23rjpsy.jpg
[2010.11.17 21:28:27 | 000,051,200 | ---- | M] () -- C:\Users\Fabian\Desktop\Inhaltsangabe 3.0.doc
[2010.11.17 18:53:53 | 004,819,921 | ---- | M] () -- C:\Users\Fabian\Desktop\SAStreamMemFix v.3.rar
[2010.11.17 18:39:15 | 000,039,768 | ---- | M] () -- C:\Users\Fabian\Desktop\asiloader.rar
[2010.11.17 18:25:11 | 000,483,670 | ---- | M] () -- C:\Users\Fabian\Desktop\IMG-Manager-V.1.5.rar
[2010.11.16 23:15:10 | 660,927,285 | ---- | M] (BLITZ ARCADE                                                ) -- C:\Users\Fabian\Desktop\2010_03_22_SRT3_MOD.exe
[2010.11.16 22:39:13 | 152,698,058 | ---- | M] () -- C:\Users\Fabian\Desktop\2010_03_22_SRT3_MOD[gta-worldmods.de].rar
[2010.11.15 20:29:33 | 000,231,936 | ---- | M] () -- C:\Users\Fabian\Desktop\Verhältnissen in Deutschland zwischen 1898 1.0.doc
[2010.11.15 20:29:17 | 000,070,144 | ---- | M] () -- C:\Users\Fabian\Desktop\Inhaltsangabe 2.0.doc
[2010.11.15 18:45:34 | 000,000,162 | -H-- | M] () -- C:\Users\Fabian\Desktop\~$r gute Mensch.docx
[2010.11.15 18:31:38 | 000,069,632 | ---- | M] () -- C:\Users\Fabian\Desktop\Inhaltsangabe 1.1.doc
[2010.11.15 18:03:00 | 000,050,688 | ---- | M] () -- C:\Users\Fabian\Desktop\Inhaltsangabe.doc
[2010.11.14 21:18:41 | 000,032,545 | ---- | M] () -- C:\Users\Fabian\Desktop\Der gute Mensch.docx
[2010.11.10 20:55:20 | 000,062,232 | ---- | M] () -- C:\Users\Fabian\Desktop\janno.JPG
[2010.11.09 21:04:30 | 003,156,480 | ---- | M] () -- C:\Users\Fabian\Desktop\sadasdfsdgdfhzugkyddfgudfhgfhbhghhthjk.doc
[2010.11.07 21:15:19 | 000,009,893 | ---- | M] () -- C:\Users\Fabian\Desktop\Musikerkennung.docx
[2010.11.07 20:05:05 | 000,111,328 | ---- | M] () -- C:\Users\Fabian\Desktop\Fktuntesuch. bei realen Prozessen.pdf
[2010.11.07 20:04:41 | 000,045,489 | ---- | M] () -- C:\Users\Fabian\Desktop\Extremwertaufgaben.pdf
[2010.11.06 00:32:34 | 000,010,842 | ---- | M] () -- C:\Users\Fabian\Documents\Hi.docx
[2010.11.04 20:45:17 | 000,023,552 | ---- | M] () -- C:\Users\Fabian\Desktop\Khanh.doc
[2010.10.31 18:47:29 | 000,022,755 | ---- | M] () -- C:\Users\Fabian\Desktop\Raveland.JPG
[2010.10.29 18:28:12 | 000,171,838 | ---- | M] () -- C:\Users\Fabian\Desktop\FUN.jpg
[2010.10.29 18:26:59 | 000,031,295 | ---- | M] () -- C:\Users\Fabian\Desktop\aroute.JPG
[2010.10.29 18:24:32 | 000,166,656 | ---- | M] () -- C:\Users\Fabian\Desktop\richtige karte.JPG
[2010.10.29 17:05:54 | 000,089,740 | ---- | M] () -- C:\Users\Fabian\Desktop\bfsnj.jpg
[2010.10.28 22:43:20 | 000,179,200 | ---- | M] () -- C:\Users\Fabian\Desktop\Dok1.doc
[2010.10.28 20:58:55 | 000,000,840 | ---- | M] () -- C:\Users\Fabian\Desktop\PhotoFiltre.lnk
[2010.10.28 20:58:13 | 004,118,294 | ---- | M] () -- C:\Users\Fabian\Desktop\pf-setup-en.exe
[2010.10.28 20:54:09 | 002,880,162 | ---- | M] () -- C:\Users\Fabian\Desktop\PA280145.JPG
[2010.10.28 20:53:22 | 003,104,142 | ---- | M] () -- C:\Users\Fabian\Desktop\PA280142.JPG
[2010.10.28 19:59:10 | 000,679,424 | ---- | M] () -- C:\Users\Fabian\Desktop\Collage.doc
[2010.10.28 19:53:26 | 000,008,158 | ---- | M] () -- C:\Users\Fabian\Desktop\studio-kugel-geschaeftsmann_~jl_012150_6924.jpg
[2010.10.28 18:28:35 | 000,002,430 | ---- | M] () -- C:\Users\Fabian\Desktop\raus.jpg
[2010.10.24 15:47:41 | 000,053,658 | ---- | M] () -- C:\Users\Fabian\Desktop\Steg K2.01.JPG
[2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.11.23 13:04:24 | 003,757,489 | ---- | C] () -- C:\Users\Fabian\Desktop\PB230066.JPG
[2010.11.23 11:55:05 | 000,000,370 | ---- | C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.11.20 01:12:47 | 000,062,831 | ---- | C] () -- C:\Users\Fabian\Desktop\Aufzeichnen.JPG
[2010.11.20 00:55:46 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.11.19 23:43:50 | 000,015,880 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2010.11.19 21:10:30 | 004,309,540 | ---- | C] () -- C:\Users\Fabian\Desktop\STEG USRMAN 2CH.pdf
[2010.11.19 20:59:18 | 000,001,015 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2010.11.19 17:29:47 | 000,293,184 | ---- | C] () -- C:\Users\Fabian\Desktop\SoftonicDownloader_fuer_ad-aware-free-internet-security.exe
[2010.11.19 17:29:20 | 000,001,055 | ---- | C] () -- C:\Users\Fabian\Desktop\Spybot - Search & Destroy.lnk
[2010.11.19 00:11:09 | 000,079,684 | ---- | C] () -- C:\Users\Fabian\Desktop\Postident_Basic_Hitmeister.pdf
[2010.11.18 22:50:44 | 001,315,898 | ---- | C] () -- C:\Users\Fabian\Desktop\1224146592hqlm2.rar
[2010.11.18 22:47:05 | 000,914,787 | ---- | C] () -- C:\Users\Fabian\Desktop\1196595824_SA_AMC_Matador71Final.rar
[2010.11.18 22:46:13 | 002,006,443 | ---- | C] () -- C:\Users\Fabian\Desktop\1167043196_71_amc_matador_taxi.rar
[2010.11.18 22:41:58 | 001,883,346 | ---- | C] () -- C:\Users\Fabian\Desktop\1250783604_SA_1994_Ford_Crown_Victoria_Taxi_by_BR.rar
[2010.11.18 22:07:50 | 000,012,052 | ---- | C] () -- C:\Users\Fabian\Desktop\23rjpsy.jpg
[2010.11.18 20:22:33 | 005,535,216 | ---- | C] () -- C:\Users\Fabian\Desktop\San_Andreas_Control_Center_v211.zip
[2010.11.17 21:28:25 | 000,051,200 | ---- | C] () -- C:\Users\Fabian\Desktop\Inhaltsangabe 3.0.doc
[2010.11.17 18:53:25 | 004,819,921 | ---- | C] () -- C:\Users\Fabian\Desktop\SAStreamMemFix v.3.rar
[2010.11.17 18:37:14 | 000,039,768 | ---- | C] () -- C:\Users\Fabian\Desktop\asiloader.rar
[2010.11.17 18:23:50 | 000,483,670 | ---- | C] () -- C:\Users\Fabian\Desktop\IMG-Manager-V.1.5.rar
[2010.11.16 22:28:13 | 152,698,058 | ---- | C] () -- C:\Users\Fabian\Desktop\2010_03_22_SRT3_MOD[gta-worldmods.de].rar
[2010.11.15 20:29:32 | 000,231,936 | ---- | C] () -- C:\Users\Fabian\Desktop\Verhältnissen in Deutschland zwischen 1898 1.0.doc
[2010.11.15 20:29:17 | 000,070,144 | ---- | C] () -- C:\Users\Fabian\Desktop\Inhaltsangabe 2.0.doc
[2010.11.15 18:45:34 | 000,000,162 | -H-- | C] () -- C:\Users\Fabian\Desktop\~$r gute Mensch.docx
[2010.11.15 18:31:06 | 000,069,632 | ---- | C] () -- C:\Users\Fabian\Desktop\Inhaltsangabe 1.1.doc
[2010.11.15 18:03:00 | 000,050,688 | ---- | C] () -- C:\Users\Fabian\Desktop\Inhaltsangabe.doc
[2010.11.14 21:18:40 | 000,032,545 | ---- | C] () -- C:\Users\Fabian\Desktop\Der gute Mensch.docx
[2010.11.10 20:55:17 | 000,062,232 | ---- | C] () -- C:\Users\Fabian\Desktop\janno.JPG
[2010.11.09 21:04:28 | 003,156,480 | ---- | C] () -- C:\Users\Fabian\Desktop\sadasdfsdgdfhzugkyddfgudfhgfhbhghhthjk.doc
[2010.11.07 21:15:19 | 000,009,893 | ---- | C] () -- C:\Users\Fabian\Desktop\Musikerkennung.docx
[2010.11.07 20:05:05 | 000,111,328 | ---- | C] () -- C:\Users\Fabian\Desktop\Fktuntesuch. bei realen Prozessen.pdf
[2010.11.07 20:04:39 | 000,045,489 | ---- | C] () -- C:\Users\Fabian\Desktop\Extremwertaufgaben.pdf
[2010.11.06 00:32:33 | 000,010,842 | ---- | C] () -- C:\Users\Fabian\Documents\Hi.docx
[2010.11.04 20:45:15 | 000,023,552 | ---- | C] () -- C:\Users\Fabian\Desktop\Khanh.doc
[2010.10.31 18:47:26 | 000,022,755 | ---- | C] () -- C:\Users\Fabian\Desktop\Raveland.JPG
[2010.10.29 18:28:12 | 000,171,838 | ---- | C] () -- C:\Users\Fabian\Desktop\FUN.jpg
[2010.10.29 18:26:57 | 000,031,295 | ---- | C] () -- C:\Users\Fabian\Desktop\aroute.JPG
[2010.10.29 18:24:30 | 000,166,656 | ---- | C] () -- C:\Users\Fabian\Desktop\richtige karte.JPG
[2010.10.29 17:05:47 | 000,089,740 | ---- | C] () -- C:\Users\Fabian\Desktop\bfsnj.jpg
[2010.10.28 22:43:19 | 000,179,200 | ---- | C] () -- C:\Users\Fabian\Desktop\Dok1.doc
[2010.10.28 20:58:55 | 000,000,840 | ---- | C] () -- C:\Users\Fabian\Desktop\PhotoFiltre.lnk
[2010.10.28 20:56:32 | 004,118,294 | ---- | C] () -- C:\Users\Fabian\Desktop\pf-setup-en.exe
[2010.10.28 20:50:57 | 002,880,162 | ---- | C] () -- C:\Users\Fabian\Desktop\PA280145.JPG
[2010.10.28 20:50:48 | 003,104,142 | ---- | C] () -- C:\Users\Fabian\Desktop\PA280142.JPG
[2010.10.28 19:59:09 | 000,679,424 | ---- | C] () -- C:\Users\Fabian\Desktop\Collage.doc
[2010.10.28 19:53:25 | 000,008,158 | ---- | C] () -- C:\Users\Fabian\Desktop\studio-kugel-geschaeftsmann_~jl_012150_6924.jpg
[2010.10.28 18:28:34 | 000,002,430 | ---- | C] () -- C:\Users\Fabian\Desktop\raus.jpg
[2010.10.24 15:47:39 | 000,053,658 | ---- | C] () -- C:\Users\Fabian\Desktop\Steg K2.01.JPG
[2010.10.13 19:14:41 | 000,000,042 | ---- | C] () -- C:\Windows\oodjobd.INI
[2010.08.28 23:34:09 | 000,000,016 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\hngmfc.dat
[2010.06.22 17:37:07 | 000,026,299 | ---- | C] () -- C:\Programme\Manual.htm
[2010.06.22 17:37:07 | 000,013,887 | ---- | C] () -- C:\Programme\FAQ.htm
[2010.06.22 17:37:07 | 000,002,933 | ---- | C] () -- C:\Programme\Version.txt
[2010.06.22 17:37:07 | 000,001,672 | ---- | C] () -- C:\Programme\License.txt
[2010.04.23 21:04:49 | 000,000,540 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\AutoGK.ini
[2010.03.15 19:15:34 | 000,156,430 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2010.02.26 18:51:45 | 000,722,416 | ---- | C] () -- C:\Windows\System32\drivers\sptd.sys
[2010.02.22 15:21:46 | 000,000,091 | ---- | C] () -- C:\ProgramData\PS.log
[2010.02.22 14:37:42 | 000,000,917 | ---- | C] () -- C:\Windows\System32\CLWatson.ini
[2010.02.20 18:26:19 | 000,027,648 | ---- | C] () -- C:\Windows\System32\AVSredirect.dll
[2010.02.18 16:16:09 | 000,001,472 | ---- | C] () -- C:\Users\Fabian\AppData\Local\RecConfig.xml
[2010.01.10 18:19:31 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.01.09 13:48:43 | 003,482,112 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2010.01.09 13:48:43 | 000,027,264 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2010.01.09 13:48:43 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2010.01.02 13:45:28 | 000,197,120 | ---- | C] () -- C:\Windows\patchw32.dll
[2009.10.22 17:29:34 | 000,053,299 | ---- | C] () -- C:\Windows\System32\pthreadVC.dll
[2009.09.13 15:26:17 | 000,017,920 | ---- | C] () -- C:\Windows\System32\implode.dll
[2009.09.13 15:26:16 | 000,009,136 | ---- | C] () -- C:\Windows\System32\INETWH16.DLL
[2009.05.14 10:00:39 | 000,003,972 | ---- | C] () -- C:\Windows\System32\drivers\PciBus.sys
[2009.04.09 15:47:02 | 000,013,824 | ---- | C] () -- C:\Windows\System32\CallSimReader.dll
[2009.04.09 15:46:02 | 000,055,808 | ---- | C] () -- C:\Windows\System32\SimReader.dll
[2009.03.02 11:33:32 | 000,067,584 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.02.25 01:16:05 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2009.01.28 17:25:55 | 000,000,000 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\downloads.m3u
[2009.01.28 17:24:50 | 000,000,174 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\default.rss
[2009.01.27 21:24:08 | 000,004,767 | ---- | C] () -- C:\Windows\Irremote.ini
[2009.01.25 22:10:48 | 000,179,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2009.01.17 11:45:15 | 000,000,104 | ---- | C] () -- C:\Windows\Rumble2.ini
[2009.01.09 00:01:22 | 000,629,760 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008.12.31 12:55:47 | 000,000,094 | ---- | C] () -- C:\Users\Fabian\AppData\Local\fusioncache.dat
[2008.12.14 14:52:15 | 000,000,840 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\EasyToolz.ini
[2008.11.06 17:37:32 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008.11.06 17:33:02 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008.10.07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.10.07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.10.04 13:33:21 | 000,026,340 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\UserTile.png
[2008.10.04 11:52:35 | 000,000,004 | ---- | C] () -- C:\Windows\msoffice.ini
[2008.10.04 10:41:39 | 000,000,558 | ---- | C] () -- C:\Windows\DFC.INI
[2008.10.04 10:23:29 | 000,000,025 | ---- | C] () -- C:\Windows\cdplayer.ini
[2008.06.05 07:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2008.02.12 14:40:41 | 000,000,552 | ---- | C] () -- C:\Users\Fabian\AppData\Local\d3d8caps.dat
[2008.01.27 14:12:27 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2008.01.14 19:50:44 | 000,049,152 | ---- | C] () -- C:\Windows\System32\ZSubTimer.dll
[2007.11.22 11:23:19 | 000,000,000 | ---- | C] () -- C:\Windows\iplayer.INI
[2007.10.28 21:51:35 | 000,014,018 | ---- | C] () -- C:\Users\Fabian\AppData\Roaming\wklnhst.dat
[2007.10.28 21:33:53 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2007.09.15 16:44:59 | 000,000,301 | ---- | C] () -- C:\Windows\thug2.ini
[2007.09.15 10:55:49 | 000,000,725 | ---- | C] () -- C:\Windows\EF2.INI
[2007.08.13 17:46:00 | 000,155,136 | ---- | C] () -- C:\Users\Fabian\AppData\Local\lame_enc.dll
[2007.07.10 13:38:29 | 000,000,403 | ---- | C] () -- C:\Windows\SIERRA.INI
[2007.06.12 17:30:06 | 000,024,576 | R--- | C] () -- C:\Windows\System32\AsIO.dll
[2007.06.12 17:30:06 | 000,012,664 | R--- | C] () -- C:\Windows\System32\drivers\AsIO.sys
[2007.06.12 17:30:03 | 000,012,096 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp64.sys
[2007.06.12 17:30:03 | 000,010,304 | ---- | C] () -- C:\Windows\System32\drivers\AsInsHelp32.sys
[2007.06.11 17:59:06 | 000,095,744 | ---- | C] () -- C:\Users\Fabian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007.06.11 15:35:02 | 000,271,360 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2007.06.11 15:35:01 | 000,018,048 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2007.06.11 14:48:44 | 000,032,768 | ---- | C] () -- C:\Windows\TBPanelExt.dll
[2007.06.11 14:48:44 | 000,012,285 | ---- | C] () -- C:\Windows\Cadx3.ini
[2007.06.11 14:48:44 | 000,005,120 | ---- | C] () -- C:\Windows\TBManage.dll
[2007.06.11 14:48:43 | 000,007,698 | ---- | C] () -- C:\Windows\cadx2.ini
[2007.06.11 14:44:49 | 000,009,052 | ---- | C] () -- C:\Users\Fabian\AppData\Local\d3d9caps.dat
[2007.06.06 15:02:35 | 000,022,903 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2007.06.06 15:02:35 | 000,007,680 | ---- | C] () -- C:\Windows\System32\drivers\ASACPI.sys
[2007.06.06 15:02:28 | 000,010,288 | ---- | C] () -- C:\Windows\System32\drivers\ASUSHWIO.SYS
[2007.06.06 14:54:56 | 000,001,970 | ---- | C] () -- C:\Windows\HCWPNP.INI
[2007.06.01 07:47:56 | 000,040,960 | ---- | C] () -- C:\Windows\System32\hcwxds.dll
[2007.04.13 21:40:03 | 000,143,360 | ---- | C] () -- C:\Windows\System32\USBaccess.dll
[2006.11.17 23:04:17 | 000,235,520 | ---- | C] () -- C:\Windows\System32\jangraphics.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.10.26 01:06:48 | 000,064,000 | ---- | C] () -- C:\Users\Fabian\AppData\Local\vorbisenc.dll
[2006.10.26 01:06:48 | 000,019,456 | ---- | C] () -- C:\Users\Fabian\AppData\Local\vorbisfile.dll
[2006.10.26 01:06:46 | 000,143,872 | ---- | C] () -- C:\Users\Fabian\AppData\Local\vorbis.dll
[2006.10.26 01:06:36 | 000,015,872 | ---- | C] () -- C:\Users\Fabian\AppData\Local\ogg.dll
[2005.08.23 22:34:06 | 000,029,184 | ---- | C] () -- C:\Users\Fabian\AppData\Local\no23xwrapper.dll
[2002.10.15 23:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll
[1996.04.03 20:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys
 
========== LOP Check ==========
 
[2010.10.12 11:35:26 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\10 Finger BreakOut
[2009.05.28 18:29:49 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\3B
[2010.08.12 23:11:31 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\4C91EC9C9460DC2A1C65CD6AD75C1395
[2010.04.07 14:19:51 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Amazon
[2008.12.23 11:34:51 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Ambient Design
[2010.03.09 22:07:47 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\AnvSoft
[2010.01.30 11:26:12 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Ashampoo
[2008.12.26 09:50:01 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\astragon Software GmbH
[2010.01.02 13:46:24 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Atari
[2010.10.13 17:34:42 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\AudioMoves
[2010.10.12 16:13:38 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\avidemux
[2009.01.16 20:58:09 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Blender Foundation
[2009.01.19 18:49:46 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Buhl Data Service
[2010.04.24 13:38:22 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\CadSoft
[2010.01.25 17:40:57 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\clickEXE
[2010.11.19 23:43:50 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Desktopicon
[2010.10.12 16:27:19 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Dr. DivX 2.0 OSS
[2010.07.30 13:32:46 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.10.12 12:33:44 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Flock
[2010.10.19 21:57:12 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\gtk-2.0
[2010.10.18 23:26:48 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\ICQ
[2010.01.10 15:35:42 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\ICQLite
[2010.10.19 22:12:30 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\IrfanView
[2010.10.28 22:37:57 | 000,000,000 | -HSD | M] -- C:\Users\Fabian\AppData\Roaming\jh87uhnoe3
[2007.09.15 15:13:27 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Leadertech
[2010.08.12 23:12:01 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\lowsec
[2009.05.23 17:30:14 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\MiniDm
[2010.06.23 17:22:45 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\mp3DirectCut
[2010.04.04 13:42:57 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Mp3tag
[2010.01.08 23:36:06 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\OCS
[2008.12.24 11:14:04 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\OpenOffice.org
[2009.11.01 17:59:44 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Opera
[2008.10.04 13:33:21 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\PeerNetworking
[2010.03.28 21:22:45 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Pegasys Inc
[2010.10.28 20:59:24 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\PhotoFiltre
[2010.04.12 17:31:32 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\PowerCinema
[2009.04.03 19:33:17 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\ProtectDisc
[2010.02.20 17:49:05 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Red Kawa
[2010.02.20 23:53:01 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Regensoft
[2010.09.15 20:46:24 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Registry Mechanic
[2009.01.19 18:22:16 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\S.A.D
[2007.08.12 14:16:44 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Sierra
[2010.10.12 12:40:11 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\SlimBrowser
[2010.03.17 17:10:43 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\soul.im
[2010.10.13 18:51:46 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Steganos
[2010.10.12 11:42:18 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Stellarium
[2009.05.28 17:09:57 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\T-Online
[2010.10.19 21:43:47 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\temp
[2009.12.22 14:51:35 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Toolbars
[2010.08.15 00:03:30 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Tracker Software
[2010.05.25 20:06:54 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\TS3Client
[2009.05.24 14:14:00 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\TuneUp Software
[2010.10.12 11:31:55 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\TVcentral-Core
[2008.11.02 12:20:20 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Vodafone
[2010.09.15 20:32:47 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\VS Revo Group
[2009.05.28 18:26:44 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\Webview
[2010.01.18 20:28:17 | 000,000,000 | ---D | M] -- C:\Users\Fabian\AppData\Roaming\WhatPulse
[2010.11.19 17:17:16 | 000,000,392 | ---- | M] () -- C:\Windows\Tasks\1-Klick-Wartung.job
[2010.11.23 11:55:05 | 000,000,370 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010.11.23 11:55:15 | 000,000,250 | ---- | M] () -- C:\Windows\Tasks\RtlVistaStart.job
[2010.11.22 23:33:45 | 000,032,562 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.11.23 12:44:59 | 000,000,394 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{60E70999-78D0-41AB-8805-04CC34877BB3}.job
[2010.11.23 12:45:15 | 000,000,420 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{96A16510-0F25-41F6-A1C5-B3B8D56AE797}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 451 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
         

Extras (2 Log-File von OTL) ist im Anhang:



So Freunde, dann hatte ich vorgestern nochmal nen Scan mit Anti-Malware gemacht und was gefunden:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5154

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18783

20.11.2010 01:03:56
mbam-log-2010-11-20 (01-03-56).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 163357
Laufzeit: 6 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 1
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\Fabian\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
         
Hier mal die aktuelle File:

Code:
ATTFilter
g-FMalwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 5154

Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18783

23.11.2010 13:12:08
mbam-log-2010-11-23 (13-12-08).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 162935
Laufzeit: 5 Minute(n), 13 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         

Zum Schluß bleibt zu sagen, dass ich glaube auch mit Spybot was gefunden hatte, kann mich auch irren, denn ich kann mich 0 erinnern.

So, ich habe alles ausführlich gemacht, wie es in der Anleitung steht. Ich hoffe, ihr könnt mir helfen, denn wenn ich sehe, wie lang so ne Log-File ist, kann ich mir nicht vorstellen, dass da jemand durchsieht!?

Das wars erstmal, bin gespannt auf Antworten.

Gruß
Fabian

Alt 23.11.2010, 19:42   #2
Nemesis36
 
Spyware während der Pay-Pal Anmeldung! - Standard

Spyware während der Pay-Pal Anmeldung!



So,

jetzt habe ich nen risen Problem. Ich kann mich in keinem forum oder so mehr anmelden. Melde ich mich z.B. im trojaner-Board an, kommt diese Seite mit: "Danke, Nemesis36 für ihre Anmeldung" oder so und danach werde ich wieder zum Anmelde-Fenster weitergeleitet, ich bin also nie angemeldet. In anderen Foren ist es auch so, klicke ich auf anmelden, bin ich danach wieder auf der Anmelde-Seite.

Es geht nur, wenn ich mit dme CCleaner alles lösche, aber nach kürzester Zeit ist es wieder so, dass ich mich nirgends anmelden kann.

Außerdem bricht dauernd meine UMTS-Verbindung ständig ab, das hatte ich sonst nie.

Bitte, helft mir.
__________________


Antwort

Themen zu Spyware während der Pay-Pal Anmeldung!
0x00000001, 32-bit, ad-aware, alternate, avgntflt.sys, avira, awareness, benachrichtigungsdienst, bho, c:\windows\system32\rundll32.exe, c:\windows\system32\services.exe, conduit, corp./icp, cpu, dwm.exe, ebayshortcuts.exe, error, excel.exe, firefox, firefox.exe, geld, gruppe, hacken, hijackthis, home, home premium, jusched.exe, langs, launch, logfile, mozilla, nvlddmkm.sys, nvstor.sys, oldtimer, otl logfile, otl.exe, plug-in, programdata, programm, realtek, rundll, safer networking, scan, sched.exe, searchplugins, security, security scan, senden, service pack 1, software, sptd.sys, spyware, start menu, svchost.exe, tracker, trojan-dropper.win32.agent, trojan.win32.generic, trojan.win32.generic!bt, trojaner, updates, version., virus-warnung, vista, vodafone, windows, windows vista home, winpcap packet driver



Ähnliche Themen: Spyware während der Pay-Pal Anmeldung!


  1. weißer Bildschirm nach Anmeldung, im abges. Modus sofortiger Neustart nach Anmeldung
    Plagegeister aller Art und deren Bekämpfung - 22.11.2013 (12)
  2. Absturz während Antimaleware
    Plagegeister aller Art und deren Bekämpfung - 13.10.2013 (13)
  3. BlueScreen während dem Spiel
    Mülltonne - 14.03.2013 (4)
  4. Trojaner während Thailandaufenthalt
    Plagegeister aller Art und deren Bekämpfung - 30.05.2012 (1)
  5. Meldung während des bootens
    Plagegeister aller Art und deren Bekämpfung - 24.05.2012 (5)
  6. No Signal während Grafikkarteninstallation
    Alles rund um Windows - 02.04.2012 (4)
  7. Abofallen Pop-Ups während dem Tippen
    Plagegeister aller Art und deren Bekämpfung - 20.01.2012 (2)
  8. Beim Starten von Windows XP passiert folgendes --- Anmeldung-Abmeldung-Anmeldung
    Alles rund um Windows - 13.08.2010 (1)
  9. Abbruch von Dateiverbindungen während des downloads
    Plagegeister aller Art und deren Bekämpfung - 16.02.2010 (9)
  10. Neustart während Formatierung
    Alles rund um Windows - 02.10.2009 (2)
  11. Pc schaltet während Formatierung ab
    Plagegeister aller Art und deren Bekämpfung - 06.05.2009 (3)
  12. Warning! Spyware detected on your computer install an antivirus or spyware remover to
    Plagegeister aller Art und deren Bekämpfung - 11.09.2008 (30)
  13. Warning. Spyware detected on your computer. Install an Antivirus or spyware ...
    Plagegeister aller Art und deren Bekämpfung - 25.08.2008 (4)
  14. 180Solutions Spyware/, VX2 Spyware/Adware, VB and VBA Program Settings Spyware/Adware
    Log-Analyse und Auswertung - 12.07.2006 (10)
  15. ABSTURZ während Ad-aware / VUNDO?
    Plagegeister aller Art und deren Bekämpfung - 09.07.2006 (4)
  16. Anmeldung-Abmeldung-Anmeldung.....
    Plagegeister aller Art und deren Bekämpfung - 16.04.2005 (4)
  17. HILFE: Immer Abstürz während Viren(Spyware-, Trojaner-, etc...)Scan!
    Plagegeister aller Art und deren Bekämpfung - 10.08.2004 (16)

Zum Thema Spyware während der Pay-Pal Anmeldung! - Hi, ich habe ein Problem. Als ich mich neulich bei Pay-Pal anmelden wollte, kam in diesem Moment die Virus-Warnung von Avira: Erkennungs-Muster des Droppers DR Spy/ZBot.arzj Hört sich für mich - Spyware während der Pay-Pal Anmeldung!...
Archiv
Du betrachtest: Spyware während der Pay-Pal Anmeldung! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.