Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: firefox öffnet werbefenster, hoher download

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 08.03.2011, 16:49   #1
chrisi31
 
firefox öffnet werbefenster, hoher download - Standard

firefox öffnet werbefenster, hoher download



Hallo liebe Trojaner und Trojanerinnen

Ich habe seit 3 Wochen einen neuen Compi und schon die ersten Probleme

Der firefox öffnet plötzlich Werbefenster und es werden dauernd Daten runter- und raufgeladen (überwache unseren Datentrqansfer mit NetMeter da wir etwas abseits wohnen und Internet über SAT mit 5 GB pro Monat haben).

Virenscanner Kapersky Internet Security 2010
Betriebssystem Windows 7 (64-Bit)

Habe nun versucht die Logs gemäss Anleitung zu erstellen, ich hoffe jemand kann mir da weiter helfen (darf meine 2 Teenies nicht mehr auf den Compi lassen)

Liebe Grüsse
Chrisi

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5982

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

07.03.2011 20:33:28
mbam-log-2011-03-07 (20-33-28).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|)
Durchsuchte Objekte: 284548
Laufzeit: 27 Minute(n), 42 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 3/8/2011 12:01:57 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\fueri\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 62.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 78.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.30 Gb Total Space | 242.03 Gb Free Space | 84.84% Space Free | Partition Type: NTFS
 
Computer Name: FUERI-PC | User Name: fueri | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011/03/08 07:15:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\fueri\Downloads\OTL.exe
PRC - [2011/02/21 06:26:45 | 000,340,520 | ---- | M] (Kaspersky Lab) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
PRC - [2011/01/29 23:11:36 | 003,372,856 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2010/12/10 13:29:00 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2010/12/10 13:28:56 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2010/09/08 04:06:25 | 000,232,912 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10i_ActiveX.exe
PRC - [2010/08/11 02:06:16 | 000,975,952 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2010/08/11 02:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2010/08/11 02:06:16 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2010/07/16 01:05:48 | 000,600,688 | ---- | M] (Chicony) -- C:\Program Files (x86)\Video Web Camera\traybar.exe
PRC - [2010/06/28 23:23:24 | 000,263,936 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
PRC - [2010/06/28 23:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
PRC - [2010/06/10 03:54:04 | 000,206,208 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2010/04/24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/04/24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/03/03 23:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/03/03 23:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/01/29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
PRC - [2010/01/08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
PRC - [2009/10/09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2009/08/09 15:08:02 | 000,293,888 | ---- | M] () -- C:\Program Files (x86)\NetMeter\NetMeter.exe
PRC - [2009/02/28 01:10:32 | 000,349,544 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
PRC - [2004/06/15 09:00:00 | 000,118,784 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files (x86)\WinZip\WZQKPICK.EXE
 
 
========== Modules (SafeList) ==========
 
MOD - [2011/03/08 07:15:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\fueri\Downloads\OTL.exe
MOD - [2010/08/21 06:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010/06/11 23:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2010/01/29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2011/02/21 06:26:45 | 000,340,520 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe -- (AVP)
SRV - [2011/02/19 17:44:17 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/12/10 13:29:00 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2010/08/11 02:06:16 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2010/06/28 23:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2010/06/01 23:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/04/24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/04/24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/04/04 00:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 23:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/03/03 23:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/01/30 00:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010/01/15 22:08:38 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2010/01/08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe -- (GREGService)
SRV - [2009/10/09 05:45:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/02/21 06:26:45 | 000,353,296 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2010/06/10 21:57:20 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2010/06/08 13:36:18 | 000,406,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM)
DRV:64bit: - [2010/05/12 03:11:38 | 002,229,608 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010/04/24 01:10:32 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/04/24 01:10:28 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/04/24 01:10:28 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/04/24 01:10:20 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/04/21 20:18:44 | 010,326,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010/03/04 03:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/27 01:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/03 15:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2009/12/19 14:20:44 | 000,126,440 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qcusbser.sys -- (qcusbser)
DRV:64bit: - [2009/10/14 20:18:38 | 000,040,464 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\klbg.sys -- (KLBG)
DRV:64bit: - [2009/10/02 18:39:32 | 000,021,008 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/09/18 05:12:06 | 000,292,912 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/09/17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/09/14 13:46:42 | 000,027,152 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2009/09/04 16:38:28 | 000,031,744 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\androidusb.sys -- (androidusb)
DRV:64bit: - [2009/09/01 14:29:56 | 000,157,712 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/20 03:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20)
DRV:64bit: - [2009/06/10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 21:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/06 00:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009/05/06 00:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2008/06/16 03:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://packardbell.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://packardbell.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.bluewin.ch/"
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.736
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.3
 
FF - HKLM\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2010/11/11 08:28:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/11/11 08:28:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/11/11 08:28:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/03/02 18:03:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/03/05 19:52:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/03/05 19:52:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\THBExt [2011/02/19 18:14:29 | 000,000,000 | ---D | M]
 
[2011/03/04 21:52:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2011/03/04 21:52:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
[2011/03/07 06:37:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3y9s9qq4.default\extensions
[2011/03/05 19:52:30 | 000,000,000 | ---D | M] ("Garmin Communicator") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\3y9s9qq4.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2011/02/22 06:40:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011/02/22 06:40:31 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru
[2011/03/05 19:52:19 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/03/05 19:52:19 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/03/05 19:52:19 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/03/05 19:52:19 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/03/05 19:52:19 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\ievkbd.dll (Kaspersky Lab)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files (x86)\Video Web Camera\traybar.exe (Chicony)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKCU..\Run: [C:\Program Files (x86)\NetMeter\NetMeter.exe] C:\Program Files (x86)\NetMeter\NetMeter.exe ()
O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\x64\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll (Kaspersky Lab)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\sbhook64.dll (Kaspersky Lab)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\x64\kloehk.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll (Kaspersky Lab)
O20 - AppInit_DLLs: (C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll) - C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll (Kaspersky Lab)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - Reg Error: Key error. - C:\Windows\SysNative\klogon.dll (Kaspersky Lab)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011/03/07 21:11:16 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\MFTools
[2011/03/07 19:59:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2011/03/07 19:59:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/03/07 19:59:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/07 19:59:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/03/07 19:59:27 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/03/07 19:59:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/03/07 09:15:31 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Betrieb
[2011/03/06 12:53:51 | 000,000,000 | ---D | C] -- C:\unzipped
[2011/03/05 19:53:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\GARMIN
[2011/03/04 21:53:06 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\TomTom
[2011/03/04 21:53:04 | 000,000,000 | ---D | C] -- C:\ProgramData\TomTom
[2011/03/04 21:52:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TomTom
[2011/03/04 21:52:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\TomTom
[2011/03/04 21:52:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
[2011/03/04 21:52:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TomTom International B.V
[2011/03/04 21:52:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TomTom HOME 2
[2011/03/04 12:57:34 | 000,000,000 | ---D | C] -- C:\Users\fueri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mein 1 x 1 Trainer
[2011/03/04 12:57:34 | 000,000,000 | ---D | C] -- C:\1x1_Trainer_Einzel
[2011/03/04 12:57:27 | 000,446,464 | ---- | C] (MatchWare) -- C:\Windows\UniInstall34.exe
[2011/03/03 13:11:37 | 001,355,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSVBVM50.DLL
[2011/03/03 13:11:37 | 000,244,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSFLXGRD.OCX
[2011/03/03 13:11:37 | 000,099,866 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB5DE.DLL
[2011/03/03 13:11:37 | 000,089,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB5DB.DLL
[2011/03/03 13:11:37 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FLXGDDE.DLL
[2011/03/03 13:11:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mathe1x1
[2011/03/03 13:11:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mathe1x1
[2011/03/03 09:58:50 | 000,674,280 | ---- | C] (ScreenTime Media) -- C:\Windows\SysWow64\Weingarten das Meer 2010.scr
[2011/03/03 09:58:50 | 000,674,280 | ---- | C] (ScreenTime Media) -- C:\Windows\SysNative\Weingarten das Meer 2010.scr
[2011/03/03 09:58:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Screentime
[2011/03/03 09:58:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Screentime
[2011/03/03 09:57:33 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2011/03/02 18:20:01 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2011/03/02 18:15:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\HP
[2011/03/02 18:15:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\HP
[2011/03/02 18:03:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\HpUpdate
[2011/03/02 18:02:21 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2011/03/02 18:00:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011/03/02 18:00:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2011/03/02 17:59:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2011/03/02 17:58:35 | 001,408,000 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpost_p04b.dll
[2011/03/02 17:58:35 | 001,175,552 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hposwia_p04b.dll
[2011/03/02 17:58:35 | 000,521,216 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hposc_p04a.dll
[2011/03/02 17:58:24 | 000,643,200 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpzids40.dll
[2011/03/02 17:58:20 | 000,138,752 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\SysNative\hpf3l101.dll
[2011/03/02 17:57:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2011/03/02 17:57:50 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2011/03/02 17:55:10 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011/03/01 15:14:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TeamViewer
[2011/03/01 15:14:08 | 000,000,000 | ---D | C] -- C:\Users\***\temp
[2011/03/01 14:50:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ElevatedDiagnostics
[2011/03/01 13:57:03 | 000,000,000 | ---D | C] -- C:\AGROPLUS
[2011/02/25 09:57:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Samsung
[2011/02/25 09:56:55 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\samsung
[2011/02/25 09:55:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2011/02/25 09:55:45 | 004,659,712 | ---- | C] (Dmitry Streblechenko) -- C:\Windows\SysWow64\Redemption.dll
[2011/02/25 09:55:33 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll
[2011/02/25 09:55:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny
[2011/02/25 09:54:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Samsung
[2011/02/25 09:54:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2011/02/25 09:54:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung
[2011/02/25 09:54:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Downloaded Installations
[2011/02/24 08:27:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/02/24 08:26:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works
[2011/02/24 08:26:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2011/02/24 08:23:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft Help
[2011/02/24 08:23:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2011/02/23 15:15:14 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2011/02/23 15:10:32 | 000,000,000 | R--D | C] -- C:\Users\***\Documents\Scanned Documents
[2011/02/23 15:10:32 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Fax
[2011/02/23 12:49:08 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/02/23 12:43:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\SoftGrid Client
[2011/02/23 12:43:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\SoftGrid Client
[2011/02/23 12:43:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Deutsch)
[2011/02/23 12:43:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011/02/23 12:43:14 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/02/23 12:43:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
[2011/02/23 12:43:02 | 000,000,000 | ---D | C] -- C:\Users\fueri\AppData\Roaming\TP
[2011/02/23 07:06:34 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/02/23 07:06:34 | 000,475,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/02/23 07:06:34 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/02/23 07:06:34 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/02/22 11:18:33 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet
[2011/02/22 09:06:43 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Wat
[2011/02/22 09:06:43 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Wat
[2011/02/22 09:04:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2011/02/22 09:04:15 | 000,000,000 | ---D | C] -- C:\Users\fueri\AppData\Local\Google
[2011/02/22 09:04:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2011/02/22 09:02:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\C-CHANNEL e-banking
[2011/02/22 09:02:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\C-CHANNEL
[2011/02/22 09:02:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\C-CHANNEL
[2011/02/22 09:02:29 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\C-CHANNEL
[2011/02/22 09:02:29 | 000,000,000 | ---D | C] -- C:\ProgramData\C-CHANNEL
[2011/02/22 09:01:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft WSE
[2011/02/22 09:00:49 | 000,000,000 | ---D | C] -- C:\installation
[2011/02/22 06:50:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011/02/22 06:48:51 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2011/02/22 06:48:51 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2011/02/22 06:48:51 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2011/02/22 06:48:51 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2011/02/22 06:48:51 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2011/02/22 06:48:51 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2011/02/22 06:48:51 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2011/02/22 06:48:51 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2011/02/22 06:48:43 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browserchoice.exe
[2011/02/21 19:09:26 | 000,000,000 | ---D | C] -- C:\Windows\acerePowerTemp
[2011/02/21 14:39:36 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\WMBackups
[2011/02/21 14:38:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Heiko Schröder Software
[2011/02/21 14:38:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heiko Schröder Software
[2011/02/21 14:38:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WMBackup
[2011/02/21 07:20:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2011/02/21 07:20:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2011/02/21 07:20:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2011/02/21 07:19:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apple
[2011/02/21 07:19:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/02/21 07:19:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2011/02/21 07:19:29 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/02/21 07:19:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/02/21 07:19:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2011/02/21 07:19:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2011/02/21 06:52:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Mozilla
[2011/02/21 06:52:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Mozilla
[2011/02/21 06:52:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2011/02/21 06:52:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/02/21 06:45:49 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/02/21 06:45:49 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeeds.dll
[2011/02/21 06:45:49 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/02/21 06:45:49 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/02/21 06:45:49 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/02/21 06:45:49 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/02/21 06:45:49 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/02/21 06:45:48 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/02/21 06:45:48 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/02/21 06:45:48 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/02/21 06:45:48 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/02/21 06:45:48 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/02/21 06:44:45 | 000,148,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\t2embed.dll
[2011/02/21 06:44:45 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\t2embed.dll
[2011/02/21 06:44:44 | 002,085,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ole32.dll
[2011/02/21 06:44:41 | 001,169,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskschd.dll
[2011/02/21 06:44:41 | 000,524,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmicmiplugin.dll
[2011/02/21 06:44:41 | 000,496,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskschd.dll
[2011/02/21 06:44:41 | 000,473,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskcomp.dll
[2011/02/21 06:44:41 | 000,464,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskeng.exe
[2011/02/21 06:44:41 | 000,305,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskcomp.dll
[2011/02/21 06:44:41 | 000,285,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\schtasks.exe
[2011/02/21 06:44:41 | 000,179,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\schtasks.exe
[2011/02/21 06:44:36 | 000,483,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\StructuredQuery.dll
[2011/02/21 06:30:57 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2011/02/21 06:30:57 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2011/02/21 06:30:57 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2011/02/21 06:30:57 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2011/02/21 06:30:57 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2011/02/21 06:30:57 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2011/02/21 06:30:57 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2011/02/21 06:27:47 | 000,633,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\comctl32.dll
[2011/02/21 06:27:36 | 000,264,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\upnp.dll
[2011/02/21 06:27:36 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\upnp.dll
[2011/02/21 06:27:35 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\davclnt.dll
[2011/02/21 06:27:35 | 000,080,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\davclnt.dll
[2011/02/21 06:27:35 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wscapi.dll
[2011/02/21 06:27:35 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wscapi.dll
[2011/02/21 06:27:35 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\slwga.dll
[2011/02/21 06:27:34 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/02/21 06:27:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/02/21 06:27:34 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\slwga.dll
[2011/02/21 06:25:52 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/02/21 06:25:10 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rtutils.dll
[2011/02/21 06:25:10 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rtutils.dll
[2011/02/21 06:23:53 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2011/02/21 06:23:53 | 000,314,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2011/02/21 06:22:41 | 000,852,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011/02/21 06:22:41 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011/02/21 06:22:41 | 000,612,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2011/02/21 06:21:26 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sscore.dll
[2011/02/21 06:08:46 | 000,214,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/02/21 06:08:44 | 000,082,944 | ---- | C] (Radius Inc.) -- C:\Windows\SysWow64\iccvid.dll
[2011/02/21 06:08:43 | 001,024,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll
[2011/02/21 06:08:42 | 000,738,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmpmde.dll
[2011/02/21 06:08:26 | 005,510,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/02/21 06:08:25 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011/02/21 06:08:25 | 003,901,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/02/21 06:08:25 | 001,739,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2011/02/21 06:08:10 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2011/02/21 06:08:10 | 000,294,400 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2011/02/21 06:08:10 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2011/02/21 06:08:10 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2011/02/21 06:08:04 | 000,027,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Diskdump.sys
[2011/02/21 06:08:02 | 000,954,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40.dll
[2011/02/21 06:08:02 | 000,954,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc40u.dll
[2011/02/21 06:07:58 | 014,627,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmp.dll
[2011/02/21 06:07:57 | 011,406,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmp.dll
[2011/02/21 06:07:56 | 012,625,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmploc.DLL
[2011/02/21 06:07:56 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmploc.DLL
[2011/02/21 06:07:52 | 000,112,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2011/02/21 06:07:51 | 000,720,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbc32.dll
[2011/02/21 06:07:51 | 000,573,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbc32.dll
[2011/02/19 19:50:56 | 000,000,000 | R-SD | C] -- C:\Users\***\Documents\My Stationery
[2011/02/19 19:37:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Access Runtime
[2011/02/19 19:37:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AGRO-TWIN
[2011/02/19 19:37:09 | 000,000,000 | ---D | C] -- C:\AgroTwin
[2011/02/19 19:35:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2011/02/19 19:34:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinZip
[2011/02/19 18:14:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/02/19 18:14:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab
[2011/02/19 18:14:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security 2010
[2011/02/19 18:14:13 | 000,353,296 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2011/02/19 18:05:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab Setup Files
[2011/02/19 18:05:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\NetMeter
[2011/02/19 18:05:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetMeter
[2011/02/19 18:05:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NetMeter
[2011/02/19 17:59:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Adobe
[2011/02/19 17:56:01 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2011/02/19 17:56:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\SNS
[2011/02/19 17:44:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Packard Bell
[2011/02/19 17:44:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macrovision Shared
[2011/02/19 17:44:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Adobe
[2011/02/19 17:43:57 | 000,055,024 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\PxHlpa64.sys
[2011/02/19 17:41:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2011/02/19 17:41:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2011/02/19 17:40:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2011/02/19 17:38:15 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2011/02/19 17:38:15 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2011/02/19 17:37:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2011/02/19 17:37:02 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2011/02/19 17:36:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2011/02/19 17:36:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2011/02/19 17:36:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2011/02/19 17:36:21 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2011/02/19 17:34:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Macromedia
[2011/02/19 17:34:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2011/02/19 17:31:46 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/02/19 17:31:46 | 000,000,000 | R--D | C] -- C:\Users\***\Searches
[2011/02/19 17:31:46 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/02/19 17:29:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Identities
[2011/02/19 17:28:46 | 000,000,000 | R--D | C] -- C:\Users\***\Contacts
[2011/02/19 17:28:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\VirtualStore
[2011/02/19 17:24:27 | 000,000,000 | --SD | C] -- C:\Users\***\AppData\Roaming\Microsoft
[2011/02/19 17:24:27 | 000,000,000 | R--D | C] -- C:\Users\***\Videos
[2011/02/19 17:24:27 | 000,000,000 | R--D | C] -- C:\Users\***\Saved Games
[2011/02/19 17:24:27 | 000,000,000 | R--D | C] -- C:\Users\***\Pictures
[2011/02/19 17:24:27 | 000,000,000 | R--D | C] -- C:\Users\***\Music
[2011/02/19 17:24:27 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/02/19 17:24:27 | 000,000,000 | R--D | C] -- C:\Users\***\Links
[2011/02/19 17:24:27 | 000,000,000 | R--D | C] -- C:\Users\***\Favorites
[2011/02/19 17:24:27 | 000,000,000 | R--D | C] -- C:\Users\***\Downloads
[2011/02/19 17:24:27 | 000,000,000 | R--D | C] -- C:\Users\***\Documents
[2011/02/19 17:24:27 | 000,000,000 | R--D | C] -- C:\Users\***\Desktop
[2011/02/19 17:24:27 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/02/19 17:24:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Vorlagen
[2011/02/19 17:24:27 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Verlauf
[2011/02/19 17:24:27 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Temporary Internet Files
[2011/02/19 17:24:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Startmenü
[2011/02/19 17:24:27 | 000,000,000 | -HSD | C] -- C:\Users\***\SendTo
[2011/02/19 17:24:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Recent
[2011/02/19 17:24:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Netzwerkumgebung
[2011/02/19 17:24:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Lokale Einstellungen
[2011/02/19 17:24:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Videos
[2011/02/19 17:24:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Musik
[2011/02/19 17:24:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Eigene Dateien
[2011/02/19 17:24:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Bilder
[2011/02/19 17:24:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Druckumgebung
[2011/02/19 17:24:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Cookies
[2011/02/19 17:24:27 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Anwendungsdaten
[2011/02/19 17:24:27 | 000,000,000 | -HSD | C] -- C:\Users\***\Anwendungsdaten
[2011/02/19 17:24:27 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData
[2011/02/19 17:24:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Temp
[2011/02/19 17:24:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft
[2011/02/19 17:24:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2011/02/19 17:23:00 | 000,000,000 | -HSD | C] -- C:\Recovery
 
========== Files - Modified Within 30 Days ==========
 
[2011/03/08 11:50:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/08 06:32:28 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/08 06:32:28 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/08 06:24:33 | 2960,519,168 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/07 19:59:32 | 000,001,125 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/07 11:09:00 | 000,073,911 | ---- | M] () -- C:\Users\Public\Documents\CC4Backup20110307_110900.zip
[2011/03/07 11:04:14 | 000,143,356 | ---- | M] () -- C:\Users\fueri\Documents\110307_WS_A_MIDI_1_E_6077077.pdf
[2011/03/07 10:04:55 | 000,146,748 | ---- | M] () -- C:\Users\fueri\Documents\110307_WS_A_STANDARD_4_E_6076414.pdf
[2011/03/07 09:10:59 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/03/07 09:10:59 | 000,654,610 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011/03/07 09:10:59 | 000,616,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/03/07 09:10:59 | 000,130,192 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011/03/07 09:10:59 | 000,106,574 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/03/05 19:32:08 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_androidusb_01005.Wdf
[2011/03/04 12:57:35 | 000,001,637 | ---- | M] () -- C:\Users\fueri\Desktop\Mein 1 x 1 Trainer.lnk
[2011/03/03 14:10:55 | 000,013,030 | ---- | M] () -- C:\PDOXUSRS.NET
[2011/03/03 13:11:37 | 000,001,041 | ---- | M] () -- C:\Users\***\Desktop\Mathe1x1.lnk
[2011/03/03 13:02:53 | 000,075,122 | ---- | M] () -- C:\Users\Public\Documents\CC4Backup20110303_130253.zip
[2011/03/03 09:58:50 | 000,674,280 | ---- | M] (ScreenTime Media) -- C:\Windows\SysWow64\Weingarten das Meer 2010.scr
[2011/03/03 09:58:50 | 000,674,280 | ---- | M] (ScreenTime Media) -- C:\Windows\SysNative\Weingarten das Meer 2010.scr
[2011/03/03 08:11:24 | 000,316,408 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/03/02 18:18:58 | 000,233,464 | ---- | M] () -- C:\Windows\hpoins47.dat
[2011/03/02 18:03:05 | 000,001,201 | ---- | M] () -- C:\Users\Public\Desktop\Shop für HP Zubehör.lnk
[2011/03/02 18:02:13 | 000,001,363 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2011/03/02 18:01:48 | 000,002,111 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/03/02 18:00:57 | 000,002,006 | ---- | M] () -- C:\Users\Public\Desktop\HP ePrinterCenter.lnk
[2011/03/02 10:09:43 | 000,160,705 | ---- | M] () -- C:\Users\***\Documents\rezept basler mehlsuppe.pdf
[2011/03/01 13:38:41 | 000,070,724 | ---- | M] () -- C:\Users\Public\Documents\CC4Backup20110301_133841.zip
[2011/03/01 10:27:14 | 000,000,000 | ---- | M] () -- C:\Windows\ccwinpay.INI
[2011/02/25 09:56:46 | 000,001,969 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2011/02/24 20:54:25 | 001,500,444 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/24 13:08:52 | 000,002,703 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Excel 2007.lnk
[2011/02/24 13:08:46 | 000,002,697 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Word 2007.lnk
[2011/02/22 09:04:19 | 000,001,122 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2011/02/22 09:02:55 | 000,001,878 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\C-CHANNEL OnlineUpdate.lnk
[2011/02/22 09:02:55 | 000,001,806 | ---- | M] () -- C:\Users\Public\Desktop\C-CHANNEL OnlineUpdate.lnk
[2011/02/22 09:02:45 | 000,002,141 | ---- | M] () -- C:\Users\Public\Desktop\NetBanking BCV Edition.lnk
[2011/02/21 14:38:29 | 000,000,959 | ---- | M] () -- C:\Users\Public\Desktop\WMBackup.lnk
[2011/02/21 07:20:11 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/02/21 06:52:47 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2011/02/21 06:52:43 | 000,001,955 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/02/21 06:26:45 | 000,353,296 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2011/02/21 06:26:42 | 000,150,083 | ---- | M] () -- C:\Windows\SysNative\drivers\klin.dat
[2011/02/21 06:26:42 | 000,107,075 | ---- | M] () -- C:\Windows\SysNative\drivers\klick.dat
[2011/02/20 10:19:51 | 000,002,254 | ---- | M] () -- C:\Users\***\Desktop\Windows Live Mail.lnk
[2011/02/20 08:21:21 | 000,052,953 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011/02/20 08:21:21 | 000,052,953 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011/02/19 19:37:13 | 000,002,715 | ---- | M] () -- C:\Users\Public\Desktop\AGRO-TWIN.lnk
[2011/02/19 19:35:11 | 000,001,853 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2011/02/19 19:35:11 | 000,001,055 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2011/02/19 17:45:54 | 000,000,202 | ---- | M] () -- C:\Windows\USER.XML
[2011/02/19 17:44:26 | 000,000,213 | ---- | M] () -- C:\Windows\Factory.xml
[2011/02/19 17:43:59 | 000,001,225 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 8.0.lnk
[2011/02/19 17:34:27 | 000,000,212 | RHS- | M] () -- C:\Preload.rev
[2011/02/19 17:34:27 | 000,000,167 | ---- | M] () -- C:\Windows\WisLangCode.ini
[2011/02/19 17:28:25 | 000,000,926 | ---- | M] () -- C:\Windows\MOD01SET74DE0N0003.XML
 
========== Files Created - No Company Name ==========
 
[2011/03/07 19:59:32 | 000,001,125 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/07 11:09:00 | 000,073,911 | ---- | C] () -- C:\Users\Public\Documents\CC4Backup20110307_110900.zip
[2011/03/07 11:04:14 | 000,143,356 | ---- | C] () -- C:\Users\***\Documents\110307_WS_A_MIDI_1_E_6077077.pdf
[2011/03/07 10:04:55 | 000,146,748 | ---- | C] () -- C:\Users\***\Documents\110307_WS_A_STANDARD_4_E_6076414.pdf
[2011/03/05 19:32:08 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_androidusb_01005.Wdf
[2011/03/04 12:57:35 | 000,001,637 | ---- | C] () -- C:\Users\***\Desktop\Mein 1 x 1 Trainer.lnk
[2011/03/03 13:11:37 | 000,001,041 | ---- | C] () -- C:\Users\***\Desktop\Mathe1x1.lnk
[2011/03/03 13:02:53 | 000,075,122 | ---- | C] () -- C:\Users\Public\Documents\CC4Backup20110303_130253.zip
[2011/03/02 18:03:05 | 000,001,201 | ---- | C] () -- C:\Users\Public\Desktop\Shop für HP Zubehör.lnk
[2011/03/02 18:02:13 | 000,001,363 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2011/03/02 18:01:48 | 000,002,111 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011/03/02 18:00:57 | 000,002,006 | ---- | C] () -- C:\Users\Public\Desktop\HP ePrinterCenter.lnk
[2011/03/02 17:55:53 | 000,233,464 | ---- | C] () -- C:\Windows\hpoins47.dat
[2011/03/02 10:09:43 | 000,160,705 | ---- | C] () -- C:\Users\***\Documents\rezept basler mehlsuppe.pdf
[2011/03/01 13:58:50 | 000,000,683 | ---- | C] () -- C:\Users\Public\Desktop\AGROPLUS.LNK
[2011/03/01 13:38:41 | 000,070,724 | ---- | C] () -- C:\Users\Public\Documents\CC4Backup20110301_133841.zip
[2011/03/01 10:27:14 | 000,000,000 | ---- | C] () -- C:\Windows\ccwinpay.INI
[2011/02/25 09:56:46 | 000,001,969 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2011/02/24 13:08:52 | 000,002,703 | ---- | C] () -- C:\Users\***\Desktop\Microsoft Office Excel 2007.lnk
[2011/02/24 13:08:46 | 000,002,697 | ---- | C] () -- C:\Users\***\Desktop\Microsoft Office Word 2007.lnk
[2011/02/23 12:43:24 | 001,500,444 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/02/22 09:04:19 | 000,001,122 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2011/02/22 09:02:55 | 000,001,878 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\C-CHANNEL OnlineUpdate.lnk
[2011/02/22 09:02:55 | 000,001,806 | ---- | C] () -- C:\Users\Public\Desktop\C-CHANNEL OnlineUpdate.lnk
[2011/02/22 09:02:45 | 000,002,141 | ---- | C] () -- C:\Users\Public\Desktop\NetBanking BCV Edition.lnk
[2011/02/21 14:38:29 | 000,000,959 | ---- | C] () -- C:\Users\Public\Desktop\WMBackup.lnk
[2011/02/21 07:20:11 | 000,001,857 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2011/02/21 07:19:57 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2011/02/21 06:52:47 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/02/21 06:52:43 | 000,001,955 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/02/20 10:19:51 | 000,002,254 | ---- | C] () -- C:\Users\***\Desktop\Windows Live Mail.lnk
[2011/02/19 19:37:13 | 000,002,715 | ---- | C] () -- C:\Users\Public\Desktop\AGRO-TWIN.lnk
[2011/02/19 19:35:11 | 000,001,853 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2011/02/19 19:35:11 | 000,001,055 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2011/02/19 19:05:13 | 000,013,030 | ---- | C] () -- C:\PDOXUSRS.NET
[2011/02/19 19:04:24 | 000,000,683 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AGROPLUS.LNK
[2011/02/19 18:14:47 | 000,150,083 | ---- | C] () -- C:\Windows\SysNative\drivers\klin.dat
[2011/02/19 18:14:47 | 000,107,075 | ---- | C] () -- C:\Windows\SysNative\drivers\klick.dat
[2011/02/19 17:43:59 | 000,001,237 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 8.0.lnk
[2011/02/19 17:43:59 | 000,001,225 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Photoshop Elements 8.0.lnk
[2011/02/19 17:40:10 | 000,002,435 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
[2011/02/19 17:34:40 | 000,001,455 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/02/19 17:34:40 | 000,001,421 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011/02/19 17:28:31 | 000,000,926 | ---- | C] () -- C:\Windows\MOD01SET74DE0N0003.XML
[2011/01/29 17:00:24 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/01/29 17:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/01/29 17:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/01/29 17:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/01/29 17:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2010/11/11 08:49:41 | 000,000,266 | ---- | C] () -- C:\Windows\LaunApp.ini
[2010/11/11 08:47:45 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010/11/11 08:47:45 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll
[2010/11/11 08:47:45 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll
[2010/11/11 08:47:45 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010/11/11 08:47:45 | 000,104,636 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2010/11/11 08:47:20 | 000,001,370 | ---- | C] () -- C:\Windows\WPatchProgress.ini
[2010/11/11 08:27:14 | 000,206,208 | ---- | C] () -- C:\Windows\PLFSetI.exe
[2010/11/11 08:27:14 | 000,000,302 | ---- | C] () -- C:\Windows\PidList_C.ini
[2010/09/08 04:16:07 | 000,000,325 | ---- | C] () -- C:\Windows\Prelaunch.ini
[2010/09/08 04:16:07 | 000,000,271 | ---- | C] () -- C:\Windows\WisPriority.ini
[2010/09/08 04:16:07 | 000,000,167 | ---- | C] () -- C:\Windows\WisLangCode.ini
[2010/04/01 00:39:01 | 000,000,574 | ---- | C] () -- C:\Windows\hpomdl47.dat
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009/07/13 22:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009/07/13 22:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009/07/13 22:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/07/22 21:27:42 | 000,061,440 | ---- | C] () -- C:\Windows\SysWow64\PTQL5F.DLL
 
========== LOP Check ==========
 
[2011/03/05 22:16:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GARMIN
[2011/02/19 18:08:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NetMeter
[2011/02/25 09:54:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2011/02/19 17:56:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SNS
[2011/02/23 17:29:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client
[2011/03/01 15:14:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2011/03/04 21:52:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TomTom
[2011/02/23 12:44:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP
[2011/03/07 09:57:25 | 000,012,414 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
< End of report >
         
--- --- ---

Alt 09.03.2011, 15:21   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
firefox öffnet werbefenster, hoher download - Standard

firefox öffnet werbefenster, hoher download



Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle davon posten. Du findest diese im Reiter Logdateien in Malwarebytes.
__________________

__________________

Alt 09.03.2011, 18:42   #3
chrisi31
 
firefox öffnet werbefenster, hoher download - Standard

firefox öffnet werbefenster, hoher download



Hallo Arne

Habe heute morten nochmals einen Scann gemacht da hat Malware eine infizierte Datei gefunden und diese ist nun in Quarantäne.
Dank dir für deine Hilfe.

Malwarebytes' Anti-Malware 1.50.1.1100
Malwarebytes

Datenbank Version: 5996

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

09.03.2011 07:55:16
mbam-log-2011-03-09 (07-55-16).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|Q:\|)
Durchsuchte Objekte: 280619
Laufzeit: 29 Minute(n), 57 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\Users\***\AppData\Local\microsoft\Windows\temporary internet files\Low\Content.IE5\DX8SW3TB\TFC[1].exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
__________________

Alt 10.03.2011, 11:36   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
firefox öffnet werbefenster, hoher download - Standard

firefox öffnet werbefenster, hoher download



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
[2011/02/19 17:28:25 | 000,000,926 | ---- | M] () -- C:\Windows\MOD01SET74DE0N0003.XML
O4 - HKLM..\Run: [] File not found
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 10.03.2011, 13:53   #5
chrisi31
 
firefox öffnet werbefenster, hoher download - Standard

firefox öffnet werbefenster, hoher download



Danke habe ich so gemacht... zuerst wurde eine Fehlermeldung eingeblendet... (war leider weg bevor ich notieren konnte) danach wurde folgende Log geöffnet:


Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Kann das alles sein? Compi wurde nocht neu gebootet.

Grüsse Chrisi


Alt 10.03.2011, 17:12   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
firefox öffnet werbefenster, hoher download - Standard

firefox öffnet werbefenster, hoher download



Probier den Fix bitte nochmal. Ich vermute du hast irgendwas falsch gemacht.
__________________
--> firefox öffnet werbefenster, hoher download

Alt 10.03.2011, 17:31   #7
chrisi31
 
firefox öffnet werbefenster, hoher download - Standard

firefox öffnet werbefenster, hoher download



Hallo Arne,

ich habs nochmals probiert, Resultat ist das Gleiche

Hab dir Bilder angehängt, vielleicht kannst du ja erkennen was und ob ich etwas falsch mache??????????



Gruss
Chrisi

Alt 10.03.2011, 17:39   #8
chrisi31
 
firefox öffnet werbefenster, hoher download - Standard

firefox öffnet werbefenster, hoher download



Ups sorry, die Dateien habe ich nicht angehängt...
Miniaturansicht angehängter Grafiken
-fehlermeldung-otl.jpg   -anzeige-otl.jpg  

Alt 10.03.2011, 18:19   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
firefox öffnet werbefenster, hoher download - Standard

firefox öffnet werbefenster, hoher download



Hast du OTL per Rechtsklick als Administrator ausgeführt?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 11.03.2011, 07:59   #10
chrisi31
 
firefox öffnet werbefenster, hoher download - Standard

firefox öffnet werbefenster, hoher download



Guten Morgen Arne

Ich habe gestern nochmals das OTL (Maus rechts/Administrator ausgeführt, wieder die Fehlermeldung und unten in der Stauszeile hat gestanden er arbeite gerade mit den HOSTS und ich solle den Vorgang nicht unterbrechen.... habe den Compi die ganze Nacht laufen lassen...... war heute morgen immer noch gleich...

Habe gesehen das mein Sohn noch den CCleaner installiert hat, gopf nun habe ich den Compi gesperrt bis alles wieder ok ist.

Was meinst du soll ich als nächsten Schritt tun?

Grüsse
Chrisi

Alt 11.03.2011, 09:44   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
firefox öffnet werbefenster, hoher download - Standard

firefox öffnet werbefenster, hoher download



Nimm mal den Text zum Fix mit OTL:

Zitat:
:OTL
[2011/02/19 17:28:25 | 000,000,926 | ---- | M] () -- C:\Windows\MOD01SET74DE0N0003.XML
O4 - HKLM..\Run: [] File not found
:Commands
[emptytemp]
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 11.03.2011, 10:18   #12
chrisi31
 
firefox öffnet werbefenster, hoher download - Standard

firefox öffnet werbefenster, hoher download



super, nun hat sich etwas getan und der Compi hat auch einen Neustart gemacht.

Hier das LOG:

All processes killed
========== OTL ==========
File C:\Windows\MOD01SET74DE0N0003.XML not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: ***
->Temp folder emptied: 2249171 bytes
->Temporary Internet Files folder emptied: 18252240 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 456 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 317032 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50501 bytes
RecycleBin emptied: 17688661 bytes

Total Files Cleaned = 37.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 03112011_101206

Files\Folders moved on Reboot...
C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.

Registry entries deleted on Reboot...

Alt 11.03.2011, 10:32   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
firefox öffnet werbefenster, hoher download - Standard

firefox öffnet werbefenster, hoher download



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 11.03.2011, 11:26   #14
chrisi31
 
firefox öffnet werbefenster, hoher download - Standard

firefox öffnet werbefenster, hoher download



Vielen Dank. Hier schon mal das LOG von combofix:
CCleaner folgt später.
Combofix Logfile:
Code:
ATTFilter
ComboFix 11-03-10.02 - *** 11.03.2011  11:06:04.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.41.1031.18.3764.2560 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\cofi.exe
AV: Kaspersky Internet Security *Disabled/Outdated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
AV: Kaspersky Internet Security *Disabled/Updated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
FW: Kaspersky Internet Security *Disabled* {9626F52E-C560-D06F-0A42-2E08BA60B3D5}
SP: Kaspersky Internet Security *Disabled/Outdated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Kaspersky Internet Security *Disabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\***\AppData\Local\Temp\2C0F.tmp
c:\windows\SysWow64\muzapp.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-02-11 bis 2011-03-11  ))))))))))))))))))))))))))))))
.
.
2011-03-11 10:10 . 2011-03-11 10:10	--------	d-----w-	c:\users\Default\AppData\Local\temp
2011-03-10 12:46 . 2011-03-10 12:46	--------	d-----w-	C:\_OTL
2011-03-10 07:39 . 2011-03-10 07:39	--------	d-----w-	c:\program files\CCleaner
2011-03-10 06:13 . 2011-03-10 06:13	--------	d-----w-	c:\program files (x86)\X-NetStat Professional
2011-03-10 05:42 . 2011-03-10 16:55	--------	d-----w-	C:\Musik
2011-03-10 05:38 . 2011-03-10 05:38	--------	d-----w-	c:\program files\7-Zip
2011-03-09 05:48 . 2011-02-11 07:30	7947600	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{727F91A8-7BC4-4647-AEB6-F643B8F1EF35}\mpengine.dll
2011-03-09 05:47 . 2010-12-18 06:12	3138048	----a-w-	c:\windows\system32\mstscax.dll
2011-03-09 05:47 . 2010-12-18 06:08	1097216	----a-w-	c:\windows\system32\mstsc.exe
2011-03-09 05:47 . 2010-12-18 05:30	2690560	----a-w-	c:\windows\SysWow64\mstscax.dll
2011-03-09 05:47 . 2010-12-18 05:26	1034240	----a-w-	c:\windows\SysWow64\mstsc.exe
2011-03-09 05:47 . 2010-12-23 06:07	1118720	----a-w-	c:\windows\system32\sbe.dll
2011-03-09 05:47 . 2010-12-23 06:07	961024	----a-w-	c:\windows\system32\CPFilters.dll
2011-03-09 05:47 . 2010-12-23 06:07	723968	----a-w-	c:\windows\system32\EncDec.dll
2011-03-09 05:47 . 2010-12-23 06:02	259072	----a-w-	c:\windows\system32\mpg2splt.ax
2011-03-09 05:47 . 2010-12-23 05:28	642048	----a-w-	c:\windows\SysWow64\CPFilters.dll
2011-03-09 05:47 . 2010-12-23 05:28	534528	----a-w-	c:\windows\SysWow64\EncDec.dll
2011-03-09 05:47 . 2010-12-23 05:28	850432	----a-w-	c:\windows\SysWow64\sbe.dll
2011-03-09 05:47 . 2010-12-23 05:24	199680	----a-w-	c:\windows\SysWow64\mpg2splt.ax
2011-03-07 18:59 . 2011-03-07 18:59	--------	d-----w-	c:\programdata\Malwarebytes
2011-03-07 18:59 . 2010-12-20 17:09	38224	----a-w-	c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-03-07 18:59 . 2011-03-07 18:59	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2011-03-07 18:59 . 2010-12-20 17:08	24152	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-03-06 11:53 . 2011-03-06 12:37	--------	d-----w-	C:\unzipped
2011-03-04 20:53 . 2011-03-04 20:53	--------	d-----w-	c:\programdata\TomTom
2011-03-04 20:52 . 2011-03-04 20:52	--------	d-----w-	c:\program files (x86)\TomTom International B.V
2011-03-04 20:52 . 2011-03-04 20:52	--------	d-----w-	c:\program files (x86)\TomTom HOME 2
2011-03-04 11:57 . 2011-03-04 11:57	--------	d-----w-	C:\1x1_Trainer_Einzel
2011-03-04 11:57 . 2009-01-04 15:07	446464	----a-w-	c:\windows\UniInstall34.exe
2011-03-03 12:11 . 2011-03-03 12:11	--------	d-----w-	c:\program files (x86)\Mathe1x1
2011-03-03 12:11 . 2003-02-26 22:26	42496	----a-w-	c:\windows\SysWow64\FLXGDDE.DLL
2011-03-03 12:11 . 2000-05-22 00:00	244416	----a-w-	c:\windows\SysWow64\MSFLXGRD.OCX
2011-03-03 12:11 . 1999-05-05 21:22	99866	----a-w-	c:\windows\SysWow64\VB5DE.DLL
2011-03-03 12:11 . 1999-05-05 21:22	1355776	----a-w-	c:\windows\SysWow64\MSVBVM50.DLL
2011-03-03 12:11 . 1998-06-17 23:00	89360	----a-w-	c:\windows\SysWow64\VB5DB.DLL
2011-03-03 08:58 . 2011-03-03 08:58	674280	----a-w-	c:\windows\system32\Weingarten das Meer 2010.scr
2011-03-03 08:58 . 2011-03-03 08:58	674280	------w-	c:\windows\SysWow64\Weingarten das Meer 2010.scr
2011-03-03 08:58 . 2011-03-03 08:58	--------	d-----w-	c:\programdata\Screentime
2011-03-03 08:57 . 2011-03-03 08:57	--------	d-sh--w-	c:\windows\ftpcache
2011-03-02 17:20 . 2011-03-02 17:20	--------	d-----w-	c:\programdata\WEBREG
2011-03-02 17:14 . 2009-10-21 14:38	254464	----a-w-	c:\windows\system32\Spool\prtprocs\x64\hpfpp101.dll
2011-03-02 17:02 . 2011-03-02 17:02	--------	d-----w-	c:\programdata\HP Product Assistant
2011-03-02 17:00 . 2011-03-02 17:00	--------	d-----w-	c:\program files (x86)\Common Files\HP
2011-03-02 16:59 . 2011-03-02 16:59	--------	d-----w-	c:\program files (x86)\Common Files\Hewlett-Packard
2011-03-02 16:58 . 2009-09-10 17:44	521216	----a-w-	c:\windows\system32\hposc_p04a.dll
2011-03-02 16:58 . 2009-09-10 17:44	1408000	----a-w-	c:\windows\system32\hpost_p04b.dll
2011-03-02 16:58 . 2009-09-10 17:44	1175552	----a-w-	c:\windows\system32\hposwia_p04b.dll
2011-03-02 16:58 . 2009-10-22 00:55	643200	----a-w-	c:\windows\system32\hpzids40.dll
2011-03-02 16:58 . 2009-10-21 14:39	138752	----a-w-	c:\windows\system32\hpf3l101.dll
2011-03-02 16:57 . 2011-03-02 17:03	--------	d-----w-	c:\program files (x86)\HP
2011-03-02 16:55 . 2011-03-02 17:15	--------	d-----w-	c:\programdata\HP
2011-03-01 12:57 . 2011-03-01 14:12	--------	d-----w-	C:\AGROPLUS
2011-02-25 12:11 . 2009-07-14 01:41	101376	----a-w-	c:\windows\system32\Spool\prtprocs\x64\HPZPPWN7.DLL
2011-02-25 08:56 . 2011-01-03 08:38	177128	----a-w-	c:\windows\system32\drivers\ssadmdm.sys
2011-02-25 08:56 . 2011-01-03 08:38	16872	----a-w-	c:\windows\system32\drivers\ssadmdfl.sys
2011-02-25 08:56 . 2011-01-03 08:38	157160	----a-w-	c:\windows\system32\drivers\ssadbus.sys
2011-02-25 08:56 . 2011-01-03 08:38	13800	----a-w-	c:\windows\system32\drivers\ssadwhnt.sys
2011-02-25 08:56 . 2011-01-03 08:38	13800	----a-w-	c:\windows\system32\drivers\ssadwh.sys
2011-02-25 08:56 . 2011-01-03 08:38	13288	----a-w-	c:\windows\system32\drivers\ssadcmnt.sys
2011-02-25 08:56 . 2011-01-03 08:38	13288	----a-w-	c:\windows\system32\drivers\ssadcm.sys
2011-02-25 08:55 . 2011-01-29 16:00	4659712	----a-w-	c:\windows\SysWow64\Redemption.dll
2011-02-25 08:55 . 2011-02-25 08:55	--------	d-----w-	c:\program files (x86)\MarkAny
2011-02-25 08:55 . 2011-01-29 16:00	821824	----a-w-	c:\windows\SysWow64\dgderapi.dll
2011-02-25 08:54 . 2011-02-25 08:56	--------	d-----w-	c:\program files (x86)\Samsung
2011-02-25 08:54 . 2011-02-25 08:56	--------	d-----w-	c:\programdata\Samsung
2011-02-24 19:55 . 2010-09-14 06:45	367104	----a-w-	c:\windows\system32\wcncsvc.dll
2011-02-24 19:55 . 2010-09-14 06:07	276992	----a-w-	c:\windows\SysWow64\wcncsvc.dll
2011-02-24 19:54 . 2011-02-24 19:54	--------	d-----w-	c:\users\Default\AppData\Local\Microsoft Help
2011-02-24 07:26 . 2011-02-27 16:04	--------	d-----w-	c:\program files (x86)\Microsoft Works
2011-02-24 07:26 . 2011-03-05 21:12	--------	d-----w-	c:\program files (x86)\Microsoft.NET
2011-02-24 07:23 . 2011-02-28 19:52	--------	d-----w-	c:\programdata\Microsoft Help
2011-02-23 14:15 . 2011-02-23 14:15	--------	d-----w-	c:\programdata\VirtualizedApplications
2011-02-23 11:49 . 2011-02-23 11:49	--------	d-----r-	C:\MSOCache
2011-02-23 11:43 . 2011-02-24 19:54	--------	d-----w-	c:\program files (x86)\Microsoft Application Virtualization Client
2011-02-23 06:06 . 2011-01-07 08:07	662528	----a-w-	c:\windows\system32\XpsPrint.dll
2011-02-23 06:06 . 2011-01-07 08:07	475648	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2011-02-23 06:06 . 2011-01-07 07:31	442880	----a-w-	c:\windows\SysWow64\XpsPrint.dll
2011-02-23 06:06 . 2011-01-07 07:31	288256	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2011-02-22 10:18 . 2011-02-24 12:29	--------	d-----w-	c:\programdata\FLEXnet
2011-02-22 08:06 . 2011-02-22 08:06	--------	d-----w-	c:\windows\SysWow64\Wat
2011-02-22 08:06 . 2011-02-22 08:06	--------	d-----w-	c:\windows\system32\Wat
2011-02-22 08:04 . 2011-02-22 08:04	--------	d-----w-	c:\program files (x86)\Google
2011-02-22 08:02 . 2011-02-22 08:02	--------	d-----w-	c:\program files (x86)\C-CHANNEL
2011-02-22 08:02 . 2011-02-22 08:02	--------	d-----w-	c:\program files (x86)\Common Files\C-CHANNEL
2011-02-22 08:02 . 2011-02-22 08:02	--------	d-----w-	c:\programdata\C-CHANNEL
2011-02-22 08:02 . 2001-09-05 12:18	77824	----a-w-	c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2011-02-22 08:02 . 2001-09-05 12:18	225280	------w-	c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2011-02-22 08:02 . 2001-09-05 12:14	176128	------w-	c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2011-02-22 08:02 . 2001-09-05 12:13	32768	------w-	c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2011-02-22 08:02 . 2002-07-25 14:07	614532	----a-w-	c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2011-02-22 08:01 . 2011-02-22 08:02	--------	d-----w-	c:\program files (x86)\Microsoft WSE
2011-02-22 08:00 . 2011-02-22 08:00	--------	d-----w-	C:\installation
2011-02-22 05:50 . 2011-02-22 05:50	--------	d-----w-	c:\program files (x86)\MSXML 4.0
2011-02-22 05:48 . 2009-11-25 11:47	99176	----a-w-	c:\windows\SysWow64\PresentationHostProxy.dll
2011-02-22 05:48 . 2009-11-25 11:47	49472	----a-w-	c:\windows\SysWow64\netfxperf.dll
2011-02-22 05:48 . 2009-11-25 11:47	48960	----a-w-	c:\windows\system32\netfxperf.dll
2011-02-22 05:48 . 2009-11-25 11:47	297808	----a-w-	c:\windows\SysWow64\mscoree.dll
2011-02-22 05:48 . 2009-11-25 11:47	295264	----a-w-	c:\windows\SysWow64\PresentationHost.exe
2011-02-22 05:48 . 2009-11-25 11:47	1130824	----a-w-	c:\windows\SysWow64\dfshim.dll
2011-02-22 05:48 . 2009-11-25 11:47	109912	----a-w-	c:\windows\system32\PresentationHostProxy.dll
2011-02-22 05:48 . 2009-11-25 11:47	444752	----a-w-	c:\windows\system32\mscoree.dll
2011-02-22 05:48 . 2009-11-25 11:47	320352	----a-w-	c:\windows\system32\PresentationHost.exe
2011-02-22 05:48 . 2009-11-25 11:47	1942856	----a-w-	c:\windows\system32\dfshim.dll
2011-02-22 05:48 . 2010-02-23 08:16	294912	----a-w-	c:\windows\system32\browserchoice.exe
2011-02-21 18:09 . 2011-02-21 18:09	--------	d-----w-	c:\windows\acerePowerTemp
2011-02-21 13:38 . 2011-02-21 13:38	--------	d-----w-	c:\program files (x86)\WMBackup
2011-02-21 06:20 . 2011-02-21 06:20	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-02-21 06:20 . 2011-02-21 06:20	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-02-21 06:20 . 2011-02-21 06:20	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-02-21 06:20 . 2011-02-21 06:20	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-02-21 06:20 . 2011-02-21 06:20	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-02-21 06:20 . 2011-02-21 06:20	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-02-21 06:20 . 2011-02-21 06:20	159744	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-02-21 06:20 . 2011-02-21 06:20	--------	d-----w-	c:\program files (x86)\QuickTime
2011-02-21 06:20 . 2011-02-21 06:20	--------	d-----w-	c:\programdata\Apple Computer
2011-02-21 06:19 . 2011-02-21 06:19	--------	d-----w-	c:\program files (x86)\Apple Software Update
2011-02-21 06:19 . 2011-02-21 06:19	--------	d-----w-	c:\program files\Common Files\Apple
2011-02-21 06:19 . 2011-02-21 06:19	--------	d-----w-	c:\program files\Bonjour
2011-02-21 06:19 . 2011-02-21 06:19	--------	d-----w-	c:\program files (x86)\Bonjour
2011-02-21 06:19 . 2011-02-21 06:19	--------	d-----w-	c:\program files (x86)\Common Files\Apple
2011-02-21 06:19 . 2011-02-21 06:19	--------	d-----w-	c:\programdata\Apple
2011-02-21 05:44 . 2010-12-18 06:11	714752	----a-w-	c:\windows\system32\kerberos.dll
2011-02-21 05:42 . 2010-03-04 07:57	2080256	----a-w-	c:\program files\Windows Mail\msoe.dll
2011-02-21 05:42 . 2010-03-04 07:57	976896	----a-w-	c:\windows\system32\inetcomm.dll
2011-02-21 05:42 . 2010-03-04 07:33	1619968	----a-w-	c:\program files (x86)\Windows Mail\msoe.dll
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-29 22:16 . 2011-01-29 22:16	30056	----a-w-	c:\windows\SysWow64\MASetupCleaner.exe
2011-01-29 16:00 . 2011-01-29 16:00	90112	----a-w-	c:\windows\MAMCityDownload.ocx
2011-01-29 16:00 . 2011-01-29 16:00	325552	----a-w-	c:\windows\MASetupCaller.dll
2011-01-29 16:00 . 2011-01-29 16:00	30568	----a-w-	c:\windows\MusiccityDownload.exe
2011-01-29 16:00 . 2011-01-29 16:00	974848	----a-w-	c:\windows\SysWow64\cis-2.4.dll
2011-01-29 16:00 . 2011-01-29 16:00	81920	----a-w-	c:\windows\SysWow64\issacapi_bs-2.3.dll
2011-01-29 16:00 . 2011-01-29 16:00	65536	----a-w-	c:\windows\SysWow64\issacapi_pe-2.3.dll
2011-01-29 16:00 . 2011-01-29 16:00	57344	----a-w-	c:\windows\SysWow64\MTXSYNCICON.dll
2011-01-29 16:00 . 2011-01-29 16:00	57344	----a-w-	c:\windows\SysWow64\MK_Lyric.dll
2011-01-29 16:00 . 2011-01-29 16:00	57344	----a-w-	c:\windows\SysWow64\issacapi_se-2.3.dll
2011-01-29 16:00 . 2011-01-29 16:00	569344	----a-w-	c:\windows\SysWow64\muzdecode.ax
2011-01-29 16:00 . 2011-01-29 16:00	491520	----a-w-	c:\windows\SysWow64\muzapp.dll
2011-01-29 16:00 . 2011-01-29 16:00	49152	----a-w-	c:\windows\SysWow64\MaJGUILib.dll
2011-01-29 16:00 . 2011-01-29 16:00	45056	----a-w-	c:\windows\SysWow64\MaXMLProto.dll
2011-01-29 16:00 . 2011-01-29 16:00	45056	----a-w-	c:\windows\SysWow64\MACXMLProto.dll
2011-01-29 16:00 . 2011-01-29 16:00	40960	----a-w-	c:\windows\SysWow64\MTTELECHIP.dll
2011-01-29 16:00 . 2011-01-29 16:00	40960	----a-w-	c:\windows\SysWow64\MAMACExtract.dll
2011-01-29 16:00 . 2011-01-29 16:00	352256	----a-w-	c:\windows\SysWow64\MSLUR71.dll
2011-01-29 16:00 . 2011-01-29 16:00	258048	----a-w-	c:\windows\SysWow64\muzoggsp.ax
2011-01-29 16:00 . 2011-01-29 16:00	245760	----a-w-	c:\windows\SysWow64\MSCLib.dll
2011-01-29 16:00 . 2011-01-29 16:00	200704	----a-w-	c:\windows\SysWow64\muzwmts.dll
2011-01-29 16:00 . 2011-01-29 16:00	155648	----a-w-	c:\windows\SysWow64\MSFLib.dll
2011-01-29 16:00 . 2011-01-29 16:00	143360	----a-w-	c:\windows\SysWow64\3DAudio.ax
2011-01-29 16:00 . 2011-01-29 16:00	135168	----a-w-	c:\windows\SysWow64\muzaf1.dll
2011-01-29 16:00 . 2011-01-29 16:00	131072	----a-w-	c:\windows\SysWow64\muzmpgsp.ax
2011-01-29 16:00 . 2011-01-29 16:00	122880	----a-w-	c:\windows\SysWow64\muzeffect.ax
2011-01-29 16:00 . 2011-01-29 16:00	118784	----a-w-	c:\windows\SysWow64\MaDRM.dll
2011-01-29 16:00 . 2011-01-29 16:00	110592	----a-w-	c:\windows\SysWow64\muzmp4sp.ax
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\program files (x86)\NetMeter\NetMeter.exe"="c:\program files (x86)\NetMeter\NetMeter.exe" [2009-08-09 293888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-08-11 975952]
"Camera Assistant Software"="c:\program files (x86)\Video Web Camera\traybar.exe" [2010-07-16 600688]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2011-02-21 340520]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-11-18 275072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~2\KASPER~1\KASPER~1\sbhook.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 qcusbser;Garmin-Asus USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\qcusbser.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 KLBG;Kaspersky Lab Boot Guard Driver;c:\windows\system32\DRIVERS\klbg.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-08-11 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-06-11 868896]
S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-06-28 255744]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2010-12-10 92008]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-28 243232]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt	REG_MULTI_SZ   	hpqcxs08 hpqddsvc
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-06-10 324608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-07 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-07 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-07 413208]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-29 11101800]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-06-10 206208]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2010-06-11 861216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1\x64\sbhook64.dll c:\progra~2\KASPER~1\KASPER~1\x64\kloehk.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://packardbell.msn.com
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://packardbell.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Hinzufügen zu Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\3y9s9qq4.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bluewin.ch/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Kaspersky URL Advisor: linkfilter@kaspersky.ru - c:\program files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Garmin Communicator: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E} - %profile%\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF - user.js: general.useragent.extra.brc - 
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Launch Manager\LMworker.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-03-11  11:16:52 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-03-11 10:16
.
Vor Suchlauf: 15 Verzeichnis(se), 257'828'192'256 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 257'690'468'352 Bytes frei
.
- - End Of File - - 63CFFAE0845E025192F5559FBAD186C6
         
--- --- ---

Alt 11.03.2011, 11:34   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
firefox öffnet werbefenster, hoher download - Standard

firefox öffnet werbefenster, hoher download



Bitte nun Logs mit GMER und mbrcheck erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg

Anleitung zu mbrcheck:
Downloade Dir MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur wenige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu firefox öffnet werbefenster, hoher download
64-bit, autorun, bho, bonjour, defender, error, excel, firefox, format, google, home, iastor.sys, internet, kaspersky, launch, location, logfile, media center, microsoft office word, mozilla, oldtimer, packard bell, picasa, programdata, realtek, registry, scan, searchplugins, security, senden, software, start menu, symantec, syswow64, tastatur, trojaner, webcheck, werbefenster, windows




Ähnliche Themen: firefox öffnet werbefenster, hoher download


  1. Firefox öffnet laufend Werbefenster
    Plagegeister aller Art und deren Bekämpfung - 20.04.2015 (16)
  2. Werbefenster öffnet sich im Firefox
    Plagegeister aller Art und deren Bekämpfung - 13.01.2014 (27)
  3. Firefox öffnet selbstständig Werbefenster
    Log-Analyse und Auswertung - 11.04.2010 (2)
  4. Werbefenster öffnet sich im Firefox automatisch --> was ist das bei mir?
    Log-Analyse und Auswertung - 07.03.2010 (5)
  5. Firefox öffnet ungewollt Werbefenster
    Plagegeister aller Art und deren Bekämpfung - 18.02.2010 (3)
  6. Firefox öffnet Werbefenster - Bitte um Hilfe
    Log-Analyse und Auswertung - 03.07.2009 (12)
  7. Firefox öffnet ständig Werbefenster!
    Plagegeister aller Art und deren Bekämpfung - 03.07.2009 (22)
  8. Firefox öffnet Wahllos Werbefenster
    Plagegeister aller Art und deren Bekämpfung - 01.04.2009 (23)
  9. Firefox öffnet unaufgefordert Werbefenster
    Log-Analyse und Auswertung - 19.03.2009 (14)
  10. Firefox öffnet Werbefenster die 4711ste
    Log-Analyse und Auswertung - 12.03.2009 (7)
  11. Firefox öffnet Werbefenster !!
    Plagegeister aller Art und deren Bekämpfung - 22.02.2009 (8)
  12. Firefox öffnet Werbefenster
    Log-Analyse und Auswertung - 11.01.2009 (0)
  13. Firefox öffnet auch bei mir Werbefenster
    Log-Analyse und Auswertung - 08.01.2009 (1)
  14. Firefox öffnet ständig neue Werbefenster
    Log-Analyse und Auswertung - 18.12.2008 (2)
  15. Firefox öffnet unaufgefordert Werbefenster
    Log-Analyse und Auswertung - 28.09.2008 (16)
  16. IE / Firefox öffnet von alleine Werbefenster
    Log-Analyse und Auswertung - 06.07.2008 (4)
  17. FireFox öffnet Werbefenster
    Plagegeister aller Art und deren Bekämpfung - 24.05.2008 (20)

Zum Thema firefox öffnet werbefenster, hoher download - Hallo liebe Trojaner und Trojanerinnen Ich habe seit 3 Wochen einen neuen Compi und schon die ersten Probleme Der firefox öffnet plötzlich Werbefenster und es werden dauernd Daten runter- und - firefox öffnet werbefenster, hoher download...
Archiv
Du betrachtest: firefox öffnet werbefenster, hoher download auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.