Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Spioniert Trojaner meine Passwörter aus? (https://www.trojaner-board.de/89889-spioniert-trojaner-passwoerter.html)

funmaster78 23.08.2010 22:31
Spioniert Trojaner meine Passwörter aus?
 
Ich habe einen unerlaubten Zugriff auf mein Paypal-Konto gehabt (über 450 Euro Lastschrift). Kann das von einem Trojaner kommen?
Hier mal mein HiJackThis-Scan

Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:29:41, on 23.08.2010
Platform: Windows 7  (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\OO Software\CleverCache\ooccctrl.exe
C:\Program Files\iSaver\iSaverCtrl.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
C:\Program Files\OO Software\Defrag\oodtray.exe
C:\Program Files\Topos\cFosSpeed\cfosspeed.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Driver-Soft\DriverGenius\TaskTray.exe
C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\ComCenter\IWatch.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\ComCenter\ComCFax.exe
C:\Program Files\Java\jre6\bin\javaw.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
P:\Misc\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: # Copyright (c) 1993-2009 Microsoft Corp.
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O2 - BHO: SuggestMeYesBHO - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Program Files\AutocompletePro\AutocompletePro.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: CBAbzockschutz.InitToolbarBHO - {2e250b90-0e7a-42a3-9d65-e39f9f227fa4} - mscoree.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: COMPUTERBILD-Abzockschutz - {353e2a48-6254-4bd3-88f4-3b51a0ca7870} - mscoree.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Gutscheinmieze - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\Dirk\AppData\Roaming\Gutscheinmieze\toolbar.dll
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe
O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [FontExpertType1Loader] C:\Program Files\FontExpert\Type1Loader.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [DpTsClnt] Regsvr32.exe /s "C:\Program Files\DigitalPersona\Bin\DpTsClnt.dll"
O4 - HKLM\..\Run: [ooccctrl.exe] C:\Program Files\OO Software\CleverCache\ooccctrl.exe /tasktray
O4 - HKLM\..\Run: [iSaverCtrl] C:\Program Files\iSaver\iSaverCtrl.exe --startup
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\Topos\cFosSpeed\cFosSpeed.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [TaskTray] C:\Program Files\Driver-Soft\DriverGenius\TaskTray.exe
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [WebcamMaxAutoRun] "C:\Program Files\WebcamMax\WebcamMax.exe" -a
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.2\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O4 - Startup: SpeedFan.lnk = C:\Program Files\SpeedFan\speedfan.exe
O4 - Global Startup: ISDNWatch.lnk = C:\ComCenter\IWatch.exe
O4 - Global Startup: Kodak EasyShare Software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Lexware Info Service.lnk = C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files\ICQ7.2\ICQ.exe
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O15 - Trusted IP range: hxxp://192.168.0.1
O15 - ESC Trusted IP range: hxxp://192.168.0.1
O16 - DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0DEEBD5F-433C-4048-85DA-07197A7A0F50}: NameServer = 0.0.0.0,192.168.0.2
O17 - HKLM\System\CCS\Services\Tcpip\..\{2AFB036A-7D54-4FF0-A073-09122504F42A}: NameServer = 192.168.121.252,192.168.121.253
O17 - HKLM\System\CS1\Services\Tcpip\..\{0DEEBD5F-433C-4048-85DA-07197A7A0F50}: NameServer = 0.0.0.0,192.168.0.2
O17 - HKLM\System\CS2\Services\Tcpip\..\{0DEEBD5F-433C-4048-85DA-07197A7A0F50}: NameServer = 0.0.0.0,192.168.0.2
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing)
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: AVG Free SB WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\Topos\cFosSpeed\spd.exe
O23 - Service: Dragon Age: Origins - Inhaltsupdater (DAUpdaterSvc) - BioWare - d:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: AVM FRITZ!web Routing Service (de_serv) - AVM Berlin - C:\Program Files\Common Files\AVM\de_serv.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:\Program Files\Ashampoo\Ashampoo WinOptimizer 2010 CBE\Dfsdks.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: @C:\Program Files\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: O&O CleverCache - O&O Software GmbH - C:\Program Files\OO Software\CleverCache\ooccag.exe
O23 - Service: O&O Defrag (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 15077 bytes

markusg 24.08.2010 09:36
hi, das beste wäre dann nachher neu aufzusetzen, um sicher zu gehen, wir sehen uns aber erst mal das bs an.
bitte erstelle und poste ein combofix log.
Ein Leitfaden und Tutorium zur Nutzung von ComboFix

funmaster78 24.08.2010 21:02
Code:
ComboFix 10-08-24.02 - Dirk 24.08.2010  21:41:55.1.2 - x86
Microsoft Windows 7 Ultimate  6.1.7600.0.1252.49.1031.18.3071.1996 [GMT 2:00]
ausgeführt von:: p:\misc\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Dirk\AppData\Roaming\inst.exe
c:\users\Dirk\Desktop\Sicheats.dll
c:\windows\system32\ActNAV_cltDynam.dat
c:\windows\system32\CoreAAC-uninstall.exe
E:\install.exe

.
(((((((((((((((((((((((  Dateien erstellt von 2010-07-24 bis 2010-08-24  ))))))))))))))))))))))))))))))
.

2010-08-24 00:28 . 2010-08-24 00:28        --------        d-----w-        c:\program files\Common Files\Java
2010-08-23 21:46 . 2010-04-29 13:39        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-23 21:46 . 2010-08-23 21:46        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2010-08-23 21:46 . 2010-04-29 13:39        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-08-23 21:04 . 2010-08-23 21:04        --------        d-----w-        c:\program files\Trojancheck 6
2010-08-23 07:34 . 2010-08-23 07:34        --------        d-----w-        c:\users\Dirk\AppData\Roaming\wds.NET
2010-08-23 07:34 . 2010-08-23 07:34        --------        d-----w-        c:\programdata\wds.NET
2010-08-23 07:34 . 2010-08-23 07:34        --------        d-----w-        c:\program files\wds.NET
2010-08-22 22:15 . 2009-08-19 21:50        22872        ----a-r-        c:\windows\system32\AdobePDFUI.dll
2010-08-22 00:53 . 2010-08-22 00:53        --------        d-----w-        c:\users\Dirk\AppData\Roaming\NeroDCTemplates
2010-08-21 13:18 . 2010-08-21 13:26        --------        d-----w-        c:\program files\The Lost Watch 3D Screensaver
2010-08-21 13:18 . 2010-08-21 13:18        --------        d-----w-        c:\program files\Watermill 3D Screensaver
2010-08-21 13:18 . 2010-08-21 13:18        --------        d-----w-        c:\program files\Valentine 3D Screensaver
2010-08-21 13:18 . 2007-02-07 14:53        770048        ----a-w-        c:\windows\system32\Valentine_3D_Screensaver.scr
2010-08-21 13:18 . 2007-02-07 14:53        5868544        ----a-w-        c:\windows\system32\Valentine 3D Screensaver.exe
2010-08-21 13:18 . 2010-08-21 13:26        --------        d-----w-        c:\program files\The One Ring 3D Screensaver
2010-08-21 13:18 . 2010-08-21 13:26        --------        d-----w-        c:\program files\Spirit of Fire 3D Screensaver
2010-08-21 13:17 . 2010-08-21 13:26        --------        d-----w-        c:\program files\Nautilus 3D Screensaver
2010-08-21 13:17 . 2010-08-21 13:26        --------        d-----w-        c:\program files\Nature 3D Screensaver
2010-08-21 13:17 . 2010-08-21 13:26        --------        d-----w-        c:\program files\Lantern 3D Screensaver
2010-08-21 13:17 . 2010-08-21 13:17        --------        d-----w-        c:\program files\Lagoon 3D Screensaver
2010-08-21 13:17 . 2006-10-06 13:51        883200        ----a-w-        c:\windows\system32\Lagoon_3D_Screensaver.scr
2010-08-21 13:17 . 2006-10-06 13:51        10638336        ----a-w-        c:\windows\system32\Lagoon 3D Screensaver.exe
2010-08-21 13:17 . 2010-08-21 13:17        --------        d-----w-        c:\program files\Koi Fish 3D Screensaver
2010-08-21 13:17 . 2007-02-27 04:28        9907200        ----a-w-        c:\windows\system32\Koi Fish 3D Screensaver.exe
2010-08-21 13:17 . 2007-02-27 00:00        769536        ----a-w-        c:\windows\system32\Koi_Fish_3D_Screensaver.scr
2010-08-21 13:16 . 2010-08-21 13:16        --------        d-----w-        c:\program files\Ice Clock 3D Screensaver
2010-08-21 13:16 . 2006-11-03 15:16        889856        ----a-w-        c:\windows\system32\Ice_Clock_3D_Screensaver.scr
2010-08-21 13:16 . 2006-11-03 15:16        8516096        ----a-w-        c:\windows\system32\Ice Clock 3D Screensaver.exe
2010-08-21 13:16 . 2010-08-21 13:26        --------        d-----w-        c:\program files\Halloween 3D Screensaver
2010-08-21 13:16 . 2010-08-21 13:26        --------        d-----w-        c:\program files\Galleon 3D Screensaver
2010-08-21 13:15 . 2010-08-21 13:26        --------        d-----w-        c:\program files\Fantasy Moon 3D Screensaver
2010-08-21 13:15 . 2010-08-21 13:25        --------        d-----w-        c:\program files\Fireside Christmas 3D Screensaver
2010-08-21 13:15 . 2010-06-02 14:19        915456        ----a-w-        c:\windows\system32\Fireside_Christmas_3D_Screensaver.scr
2010-08-21 13:15 . 2006-11-30 22:09        8326144        ----a-w-        c:\windows\system32\Fireside Christmas 3D Screensaver.exe
2010-08-21 13:15 . 2010-08-21 13:26        --------        d-----w-        c:\program files\Discovery 3D Screensaver
2010-08-21 13:14 . 2010-08-21 13:14        --------        d-----w-        c:\program files\Cuckoo Clock 3D Screensaver
2010-08-21 13:14 . 2006-07-29 12:33        19063808        ----a-w-        c:\windows\system32\Cuckoo Clock 3D Screensaver.exe
2010-08-21 13:14 . 2006-07-29 02:14        1000960        ----a-w-        c:\windows\system32\Cuckoo_Clock_3D_Screensaver.scr
2010-08-21 13:14 . 2010-08-21 13:26        --------        d-----w-        c:\program files\Coral Clock 3D Screensaver
2010-08-21 13:14 . 2010-08-21 13:25        --------        d-----w-        c:\program files\Voyage of Columbus 3D Screensaver
2010-08-21 13:14 . 2010-08-21 13:26        --------        d-----w-        c:\program files\Mechanical Clock 3D Screensaver
2010-08-21 13:13 . 2010-08-21 13:26        --------        d-----w-        c:\program files\Christmas 3D Screensaver
2010-08-21 13:13 . 2010-08-21 13:13        --------        d-----w-        c:\program files\Christmas Tree 3D Screensaver
2010-08-21 13:12 . 2010-08-21 13:12        --------        d-----w-        c:\windows\system32\3Planesoft
2010-08-21 13:12 . 2010-08-21 13:26        --------        d-----w-        c:\program files\Ancient Castle 3D Screensaver
2010-08-21 12:47 . 2010-08-21 12:47        --------        d-----w-        c:\program files\Deep Space 3D Screensaver
2010-08-21 12:47 . 2010-06-02 14:18        920576        ----a-w-        c:\windows\system32\Deep_Space_3D_Screensaver.scr
2010-08-21 12:45 . 2010-08-21 12:45        --------        d-----w-        c:\program files\Earth 3D Screensaver
2010-08-21 12:45 . 2010-06-02 14:19        977920        ----a-w-        c:\windows\system32\Earth_3D_Screensaver.scr
2010-08-21 11:52 . 2010-08-21 12:38        --------        d-----w-        c:\program files\Trillian
2010-08-21 08:51 . 2010-08-21 08:51        --------        d-----w-        c:\program files\Lighthouse Point 3D Screensaver
2010-08-21 08:51 . 2010-06-02 14:22        920576        ----a-w-        c:\windows\system32\Lighthouse_Point_3D_Screensaver.scr
2010-08-21 08:42 . 2010-08-21 08:42        --------        d-----w-        c:\program files\Battleship Missouri 3D Screensaver
2010-08-21 08:42 . 2010-06-02 14:15        917504        ----a-w-        c:\windows\system32\Battleship_Missouri_3D_Screensaver.scr
2010-08-21 08:38 . 2010-08-21 13:15        --------        d-----w-        c:\program files\Tropical Fish 3D Screensaver
2010-08-21 08:38 . 2005-04-29 15:24        262144        ----a-w-        c:\windows\system32\Tropical_Fish_3D_Screensaver.scr
2010-08-21 08:35 . 2010-08-21 08:35        --------        d-----w-        c:\program files\Fireplace 3D Screensaver
2010-08-21 08:35 . 2010-06-02 14:19        975360        ----a-w-        c:\windows\system32\Fireplace_3D_Screensaver.scr
2010-08-21 08:19 . 2010-08-21 13:25        --------        d-----w-        c:\programdata\3Planesoft
2010-08-21 08:19 . 2010-08-21 13:25        --------        d-----w-        c:\program files\3Planesoft Screensaver Manager
2010-08-21 08:19 . 2010-06-02 11:22        688640        ----a-w-        c:\windows\system32\3Planesoft_Screensaver_Manager.scr
2010-08-21 08:19 . 2010-08-21 08:19        --------        d-----w-        c:\program files\Clock Tower 3D Screensaver
2010-08-21 08:19 . 2010-06-02 14:16        975360        ----a-w-        c:\windows\system32\Clock_Tower_3D_Screensaver.scr
2010-08-21 07:53 . 2010-08-21 08:15        --------        d-----w-        c:\program files\Simple Port Forwarding
2010-08-21 07:53 . 2010-08-21 07:53        --------        d-----w-        c:\windows\Simple Port Forwarding
2010-08-20 13:07 . 2010-08-20 13:07        --------        d-----w-        c:\users\Dirk\AppData\Local\119614890733741300
2010-08-20 13:07 . 2010-08-20 13:07        --------        d-----w-        c:\users\Dirk\AppData\Local\119611678098203892
2010-08-20 12:52 . 2010-08-20 12:52        286720        ----a-w-        c:\windows\system32\_KAYNEII.dll
2010-08-20 11:42 . 2010-08-20 11:42        --------        d-----w-        c:\users\Dirk\AppData\Roaming\Nero
2010-08-20 10:21 . 2010-08-20 10:28        --------        d-----w-        c:\programdata\Nero
2010-08-20 10:21 . 2010-08-20 10:21        --------        d-----w-        c:\program files\Common Files\Nero
2010-08-20 10:20 . 2010-08-20 10:28        --------        d-----w-        c:\program files\Nero
2010-08-20 09:50 . 2010-08-10 23:33        11776        ----a-w-        c:\users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\tlduxcgd.default\extensions\{d9284e50-81fc-11da-a72b-0800200c9a66}\lib\WINNT_x86-msvc\1.9.1\yoono.dll
2010-08-19 10:51 . 2010-08-19 10:51        --------        d-----w-        c:\users\Dirk\AppData\Local\119614890735314164
2010-08-19 10:51 . 2010-08-19 10:51        --------        d-----w-        c:\users\Dirk\AppData\Local\119611678099776756
2010-08-19 08:31 . 2009-03-03 12:09        221184        ----a-w-        c:\windows\system32\RaCoInst.dll
2010-08-19 08:31 . 2009-03-03 12:09        221184        ----a-w-        c:\programdata\Ralink Driver\RT2870 Wireless LAN Card\Driver\RaCoInst.dll
2010-08-19 08:31 . 2009-03-03 12:09        13931        ----a-w-        c:\windows\system32\RaCoInst.dat
2010-08-19 08:31 . 2009-03-03 12:21        710144        ----a-w-        c:\windows\system32\drivers\netr28u.sys
2010-08-19 08:31 . 2009-03-03 12:21        710144        ----a-w-        c:\programdata\Ralink Driver\RT2870 Wireless LAN Card\Driver\netr28u.sys
2010-08-19 08:31 . 2008-08-06 14:31        528384        ----a-w-        c:\programdata\Ralink Driver\RT2870 Wireless LAN Card\Driver\RaInst.exe
2010-08-19 08:31 . 2006-11-02 05:21        319456        ----a-w-        c:\programdata\Ralink Driver\RT2870 Wireless LAN Card\Driver\difxapi.dll
2010-08-19 08:31 . 2010-08-19 08:31        --------        d-----w-        c:\programdata\Ralink Driver
2010-08-19 08:31 . 2007-05-17 09:17        192512        ----a-w-        c:\programdata\Ralink Driver\RT2870 Wireless LAN Card\Driver\CoInstaller.dll
2010-08-19 07:50 . 2010-08-19 07:50        --------        d-----w-        c:\users\Dirk\AppData\Local\119614890734200052
2010-08-19 07:50 . 2010-08-19 07:50        --------        d-----w-        c:\users\Dirk\AppData\Local\119611678098662644
2010-08-14 12:34 . 2010-08-14 12:34        --------        d-----w-        c:\program files\Lavalys
2010-08-14 10:50 . 2010-08-14 10:50        225280        ----a-w-        c:\programdata\Kodak\EasyShareSetup\wtf\update.exe
2010-08-14 10:50 . 2010-08-14 10:50        1187840        ----a-w-        c:\programdata\Kodak\EasyShareSetup\$SETUP_1e0001_afc4d3\EasyShrx.Dll
2010-08-14 10:50 . 2010-02-01 13:41        2635152        ----a-w-        c:\programdata\Kodak\EasyShareSetup\$SETUP_1e0001_afc4d3\Setup.exe
2010-08-14 10:49 . 2010-08-14 10:49        114688        ----a-w-        c:\programdata\Kodak\EasyShareSetup\$Registration\KodakCameraAPI_7.4.30.2.dll
2010-08-14 10:37 . 2010-08-14 10:37        --------        d-----w-        c:\users\Dirk\AppData\Roaming\KodakCredentialStore
2010-08-14 10:37 . 2010-08-14 13:27        --------        d-----w-        c:\users\Dirk\AppData\Local\KodakGallery
2010-08-14 10:36 . 2010-08-14 10:36        --------        d-----w-        c:\users\Dirk\AppData\Roaming\Skinux
2010-08-14 10:35 . 2010-08-14 10:35        --------        d-----w-        c:\users\Dirk\AppData\Local\Programs
2010-08-14 10:34 . 2010-08-14 10:34        --------        d-----w-        c:\users\Dirk\AppData\Local\ArcSoft
2010-08-14 10:34 . 2010-08-14 10:35        --------        d-----w-        c:\users\Dirk\AppData\Roaming\ArcSoft
2010-08-14 10:34 . 2010-08-15 10:38        720        ----a-w-        c:\programdata\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2010-08-14 10:34 . 2010-08-14 10:35        --------        d-----w-        c:\programdata\ArcSoft
2010-08-14 10:34 . 2010-08-20 08:24        --------        d-----w-        c:\program files\Common Files\ArcSoft
2010-08-14 10:34 . 2010-08-20 08:24        --------        d-----w-        c:\program files\ArcSoft
2010-08-14 10:32 . 2010-08-14 10:33        --------        d-----w-        c:\program files\Common Files\Kodak
2010-08-14 10:32 . 2010-08-14 10:33        --------        d-----w-        c:\program files\Kodak
2010-08-14 10:30 . 2010-08-14 10:50        225280        ----a-w-        c:\programdata\Kodak\EasyShareSetup\wtf\finish.exe
2010-08-14 10:30 . 2010-08-14 10:30        77824        ----a-w-        c:\programdata\Kodak\EasyShareSetup\ess\bindbins\bindbins.exe
2010-08-14 10:30 . 2010-08-14 10:30        175104        ----a-w-        c:\programdata\Kodak\EasyShareSetup\reduced_contents_PrintCreation_expanded\setup.exe
2010-08-14 10:30 . 2010-08-14 10:30        45056        ----a-w-        c:\programdata\Kodak\EasyShareSetup\sysfiles\kb945060\kb945060.exe
2010-08-14 10:30 . 2010-08-14 10:50        225280        ----a-w-        c:\programdata\Kodak\EasyShareSetup\wtf\start.exe
2010-08-14 10:29 . 2010-08-14 10:29        1187840        ----a-w-        c:\programdata\Kodak\EasyShareSetup\$SETUP_1e0001_9d1764\EasyShrx.Dll
2010-08-14 10:29 . 2010-02-01 13:41        2635152        ----a-w-        c:\programdata\Kodak\EasyShareSetup\$SETUP_1e0001_9d1764\Setup.exe
2010-08-14 10:29 . 2010-08-14 10:36        --------        d-----w-        c:\programdata\Kodak
2010-08-14 10:29 . 2010-08-14 10:29        114688        ----a-w-        c:\programdata\Kodak\EasyShareSetup\$Registration\KodakCameraAPI_8.2.30.1.dll
2010-08-14 07:15 . 2010-08-14 07:15        --------        d-----w-        c:\program files\Hewlett-Packard
2010-08-14 07:15 . 2010-08-14 07:15        --------        d-----w-        c:\programdata\Hewlett-Packard
2010-08-14 07:14 . 2010-06-18 07:35        302080        ----a-w-        c:\windows\system32\Spool\prtprocs\w32x86\hpcpp104.dll
2010-08-14 07:14 . 2010-06-18 07:25        326656        ----a-w-        c:\windows\system32\hpmml104.dll
2010-08-14 07:14 . 2010-06-18 07:24        243200        ----a-w-        c:\windows\system32\hpmpm081.dll
2010-08-14 07:14 . 2010-06-18 07:24        179200        ----a-w-        c:\windows\system32\hpmpw081.dll
2010-08-14 07:14 . 2010-06-18 07:24        223232        ----a-w-        c:\windows\system32\hpmtp104.dll
2010-08-14 07:14 . 2010-06-15 11:26        49252        ----a-w-        c:\windows\system32\hpmnque.dll
2010-08-14 07:14 . 2010-06-15 11:26        49250        ----a-w-        c:\windows\system32\hpmnndps.dll
2010-08-14 07:14 . 2010-03-04 12:10        79872        ----a-w-        c:\windows\system32\hppccompio.dll
2010-08-14 07:14 . 2009-02-25 17:57        18944        ----a-w-        c:\windows\system32\hppmopjl.dll
2010-08-14 07:14 . 2010-06-18 07:35        179200        ----a-w-        c:\windows\system32\hpcpn104.dll

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-24 19:38 . 2009-12-06 12:36        --------        d-----w-        c:\programdata\NVIDIA
2010-08-24 19:37 . 2009-12-05 19:36        0        ----a-w-        c:\windows\system32\drivers\lvuvc.hs
2010-08-24 19:35 . 2010-07-01 15:02        --------        d-----w-        c:\users\Dirk\AppData\Roaming\ICQ
2010-08-24 14:04 . 2009-12-06 14:20        --------        d-----w-        c:\users\Dirk\AppData\Roaming\skypePM
2010-08-24 08:41 . 2010-07-02 10:24        188152        ----a-w-        c:\users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\tlduxcgd.default\FlashGot.exe
2010-08-24 08:19 . 2009-12-06 14:19        --------        d-----w-        c:\users\Dirk\AppData\Roaming\Skype
2010-08-24 08:02 . 2010-07-01 15:02        --------        d-----w-        c:\program files\ICQ7.2
2010-08-24 08:01 . 2009-12-06 12:36        --------        d-----w-        c:\program files\SpeedFan
2010-08-24 00:28 . 2009-12-08 20:24        --------        d-----w-        c:\program files\Java
2010-08-23 21:09 . 2009-12-06 10:38        --------        d-----w-        c:\users\Dirk\AppData\Roaming\uTorrent
2010-08-20 09:49 . 2009-12-06 14:19        --------        d-----r-        c:\program files\Skype
2010-08-20 08:53 . 2009-12-06 13:46        --------        d-----w-        c:\programdata\Microsoft Help
2010-08-20 08:27 . 2010-08-20 08:27        262144        ----a-w-        c:\programdata\ntuser.dat
2010-08-20 08:24 . 2009-12-06 12:04        --------        d--h--w-        c:\program files\InstallShield Installation Information
2010-08-19 09:54 . 2010-06-06 10:35        --------        d-----w-        c:\programdata\WebcamMax
2010-08-19 09:44 . 2009-07-14 08:47        676232        ----a-w-        c:\windows\system32\perfh007.dat
2010-08-19 09:44 . 2009-07-14 08:47        138964        ----a-w-        c:\windows\system32\perfc007.dat
2010-08-19 07:02 . 2010-07-21 17:30        --------        d-----w-        c:\program files\Cisco
2010-08-14 17:49 . 2009-12-11 12:04        66872        ----a-w-        c:\windows\system32\PnkBstrA.exe
2010-08-14 09:40 . 2010-04-27 19:42        --------        d-----w-        c:\program files\Google
2010-08-14 07:08 . 2009-12-06 13:35        --------        d-----w-        c:\program files\Realtek
2010-08-14 07:03 . 2009-12-06 12:35        --------        d-----w-        c:\program files\NVIDIA Corporation
2010-08-14 07:03 . 2009-12-06 12:35        --------        d-----w-        c:\program files\Common Files\Wise Installation Wizard
2010-08-14 07:02 . 2009-12-06 13:35        --------        d--h--w-        c:\program files\Temp
2010-08-13 16:04 . 2010-01-23 07:36        --------        d-----w-        c:\programdata\Media Center Programs
2010-08-12 10:08 . 2009-12-11 12:04        138184        ----a-w-        c:\windows\system32\drivers\PnkBstrK.sys
2010-08-12 10:08 . 2009-12-11 12:04        183112        ----a-w-        c:\windows\system32\PnkBstrB.exe
2010-08-12 08:49 . 2010-04-24 07:56        --------        d-----w-        c:\program files\MSECache
2010-08-06 12:28 . 2010-07-23 13:53        --------        d-----w-        c:\users\Dirk\AppData\Roaming\vlc
2010-08-06 12:28 . 2010-01-01 12:02        --------        d-----w-        c:\users\Dirk\AppData\Roaming\CyberLink
2010-08-06 07:02 . 2009-12-05 19:57        157776        ----a-w-        c:\users\Dirk\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-05 09:07 . 2010-01-01 11:55        --------        d-----w-        c:\users\Dirk\AppData\Roaming\dvdcss
2010-08-04 10:04 . 2010-02-18 15:49        --------        d-----w-        c:\program files\ffdshow
2010-08-04 07:29 . 2010-01-01 10:32        --------        d-----w-        c:\program files\XviD
2010-08-04 07:28 . 2010-01-01 10:32        --------        d-----w-        c:\program files\AviSynth 2.5
2010-08-04 06:01 . 2010-01-01 10:23        --------        d-----w-        c:\program files\DVD Shrink DE
2010-08-02 08:40 . 2010-08-02 02:59        --------        d-----w-        c:\program files\Notarzt Simulator
2010-08-02 07:03 . 2010-08-02 07:03        --------        d-----w-        c:\program files\ConvertHelper
2010-08-02 05:47 . 2010-08-02 05:47        --------        d-----w-        c:\programdata\ArbZeit
2010-08-02 03:19 . 2010-08-02 03:19        43520        ----a-w-        c:\windows\system32\CmdLineExt03.dll
2010-08-02 03:12 . 2010-08-02 03:12        --------        d-----w-        c:\program files\Common Files\PocketSoft
2010-08-02 03:10 . 2010-08-02 03:09        --------        d-----w-        c:\program files\QuickTime
2010-08-02 03:09 . 2010-08-02 03:09        --------        d-----w-        c:\programdata\Apple Computer
2010-07-31 12:23 . 2010-06-16 11:03        --------        d-----w-        c:\program files\Winterberg Configurator
2010-07-29 15:40 . 2010-06-23 13:55        --------        d-----w-        c:\program files\OO Software
2010-07-29 15:23 . 2010-06-06 10:35        --------        d-----w-        c:\program files\WebcamMax
2010-07-29 15:18 . 2010-03-17 20:33        --------        d-----w-        c:\program files\AutoShutdownManager
2010-07-29 15:11 . 2009-12-08 14:14        --------        d-----w-        c:\program files\Common Files\Adobe
2010-07-29 14:59 . 2010-05-01 17:17        --------        d-----w-        c:\program files\OnlineControl
2010-07-29 14:52 . 2010-07-06 12:21        --------        d-----w-        c:\program files\TachoPlusFreeDriver
2010-07-29 14:49 . 2010-07-17 08:25        --------        d-----w-        c:\programdata\GloboFleet
2010-07-29 06:30 . 2010-08-11 07:15        197632        ----a-w-        c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-11 07:15        82944        ----a-w-        c:\windows\system32\iccvid.dll
2010-07-25 02:15 . 2010-03-11 06:42        --------        d-----w-        c:\program files\Ubisoft
2010-07-24 16:19 . 2010-07-24 16:19        --------        d-----w-        c:\program files\Common Files\Skype
2010-07-24 16:10 . 2010-07-24 16:10        3472        ------w-        C:\bootsqm.dat
2010-07-24 09:54 . 2009-12-13 21:00        --------        d-----w-        c:\programdata\WinZip
2010-07-24 09:31 . 2010-07-24 09:31        --------        d-----w-        c:\program files\Xirrus
2010-07-20 12:09 . 2010-07-20 12:09        114149208        ----a-w-        c:\programdata\Corel\Downloads\540215253_610005\1270498514694\CDGSX5SP1.exe
2010-07-18 22:40 . 2010-07-18 22:40        61952        ----a-w-        c:\windows\system32\execryptorvb.dll
2010-07-17 08:56 . 2010-07-17 08:56        --------        d-----w-        c:\users\Dirk\AppData\Roaming\TeamViewer
2010-07-17 08:50 . 2010-07-17 08:50        --------        d-----w-        c:\programdata\Subsembly
2010-07-17 08:50 . 2010-07-17 08:50        --------        d-----w-        c:\programdata\CALpublicdata
2010-07-17 08:50 . 2010-07-17 08:50        --------        d-----w-        c:\programdata\CAL Consult GmbH
2010-07-17 03:00 . 2010-05-12 07:46        423656        ----a-w-        c:\windows\system32\deployJava1.dll
2010-07-15 17:12 . 2009-12-15 23:05        --------        d-----w-        c:\programdata\Installations
2010-07-15 17:12 . 2009-12-15 23:05        --------        d-----w-        c:\program files\Nokia
2010-07-15 17:11 . 2010-07-15 17:11        3351812        ----a-w-        c:\programdata\Installations\{09C468CA-2940-466A-AAE8-DCC0C6E9323C}\Installer\CommonCustomActions\msxml6Exec.exe
2010-07-15 17:11 . 2010-07-15 17:11        36864        ----a-w-        c:\programdata\Installations\{09C468CA-2940-466A-AAE8-DCC0C6E9323C}\Installer\CommonCustomActions\Sleep.exe
2010-07-15 17:11 . 2010-07-15 17:11        3203453        ----a-w-        c:\programdata\Installations\{09C468CA-2940-466A-AAE8-DCC0C6E9323C}\Installer\CommonCustomActions\vcredistExec.exe
2010-07-15 17:10 . 2010-07-15 17:11        35644808        ----a-w-        c:\programdata\Installations\{09C468CA-2940-466A-AAE8-DCC0C6E9323C}\NokiaSoftwareUpdaterSetup_2.5.2DE.exe
2010-07-15 13:41 . 2010-07-15 13:41        --------        d-----w-        c:\program files\PC Connectivity Solution
2010-07-15 13:38 . 2010-07-03 08:15        12212040        ----a-w-        c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X86-ENU.exe
2010-07-15 13:38 . 2010-07-03 08:15        13930312        ----a-w-        c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMFDist11-WindowsXP-X64-ENU.exe
2010-07-15 13:38 . 2010-07-03 08:15        77824        ----a-w-        c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\Run_XML6_SP1.exe
2010-07-15 13:38 . 2010-07-03 08:15        38912        ----a-w-        c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMF11Runx86.exe
2010-07-15 13:38 . 2010-07-03 08:15        38912        ----a-w-        c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\WMF11Runx64.exe
2010-07-15 13:38 . 2010-07-03 08:15        50000        ----a-w-        c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer\CommonCustomActions\pcswpc.exe
2010-07-15 13:37 . 2010-07-03 08:15        103412296        ----a-w-        c:\programdata\NokiaInstallerCache\ProductCache\{D5878294-C113-43c5-A24F-FC333C52015A}\Installer.exe
2010-07-15 13:30 . 2010-07-15 13:30        --------        d-----w-        c:\program files\Common Files\PCSuite
2010-07-15 13:30 . 2009-12-15 23:06        --------        d-----w-        c:\program files\Common Files\Nokia
2010-07-15 13:29 . 2010-07-15 13:29        95232        ----a-w-        c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\pcswpcsi.exe
2010-07-15 13:29 . 2010-07-15 13:29        8192        ----a-w-        c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\UninstCCD.exe
2010-07-15 13:29 . 2010-07-15 13:29        61440        ----a-w-        c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-07-15 13:29 . 2010-07-15 13:29        10240        ----a-w-        c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Installer\CommonCustomActions\UninstPCS.exe
2010-07-15 13:28 . 2010-07-15 13:29        36426336        ----a-w-        c:\programdata\Installations\{225DB4AA-3CFF-47E8-B3C8-6DAD713E986E}\Nokia_PC_Suite_ger.exe
2010-07-15 13:14 . 2010-07-15 13:14        0        ---ha-w-        c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-07-14 12:34 . 2010-07-14 12:34        --------        d-----w-        c:\users\Dirk\AppData\Roaming\Malwarebytes
2010-07-14 12:34 . 2010-07-14 12:34        --------        d-----w-        c:\programdata\Malwarebytes
2010-07-11 11:31 . 2010-07-11 11:05        --------        d-----w-        c:\program files\Police
2010-07-09 22:37 . 2010-08-14 07:02        10920        ----a-w-        c:\windows\system32\drivers\nvBridge.kmd
2010-07-09 22:37 . 2009-12-06 12:35        1625192        ----a-w-        c:\windows\system32\nvapi.dll
2010-07-09 22:37 . 2009-07-13 22:09        5107816        ----a-w-        c:\windows\system32\nvwgf2um.dll
2010-07-09 22:37 . 2009-06-10 21:19        9818728        ----a-w-        c:\windows\system32\nvd3dum.dll
2010-07-09 14:20 . 2010-07-09 14:20        110696        ----a-w-        c:\windows\system32\nvmctray.dll
2010-07-09 14:20 . 2010-07-09 14:20        1881704        ----a-w-        c:\windows\system32\nvsvcr.dll
2010-07-09 14:20 . 2010-07-09 14:20        1469544        ----a-w-        c:\windows\system32\nvsvc.dll
2010-07-09 14:20 . 2010-07-09 14:20        13939816        ----a-w-        c:\windows\system32\nvcpl.dll
2010-07-09 14:20 . 2010-07-09 14:20        129640        ----a-w-        c:\windows\system32\nvvsvc.exe
2010-07-06 12:21 . 2010-07-06 12:21        --------        d-----w-        c:\users\Dirk\AppData\Roaming\TachoPlus-FreeDriver
2009-06-10 21:26 . 2009-07-14 02:04        9633792        --sha-r-        c:\windows\Fonts\StaticCache.dat
2010-04-24 11:44 . 2010-04-24 11:44        87552        --sh--w-        c:\windows\System32\h4x0r.dll
2010-04-24 11:44 . 2010-04-24 11:44        164352        --sh--w-        c:\windows\System32\SCS.dll
2009-07-14 01:14 . 2009-07-13 23:42        396800        --sha-w-        c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2010-02-28 00:20        561552        ----a-w-        c:\progra~1\MICROS~2\Office14\URLREDIR.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-11-20 2363392]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"WebcamMaxAutoRun"="c:\program files\WebcamMax\WebcamMax.exe" [2010-06-06 6043888]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2010-08-22 133432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-13 50472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-04-12 611712]
"Adobe_ID0ENQBO"="c:\progra~1\COMMON~1\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe" [2008-08-15 378224]
"NokiaMusic FastStart"="c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe" [2010-03-04 2192672]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2009-12-19 500208]
"FontExpertType1Loader"="c:\program files\FontExpert\Type1Loader.exe" [2008-12-14 294152]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"DpTsClnt"="c:\program files\DigitalPersona\Bin\DpTsClnt.dll" [2008-01-30 200704]
"ooccctrl.exe"="c:\program files\OO Software\CleverCache\ooccctrl.exe" [2009-12-09 2876744]
"iSaverCtrl"="c:\program files\iSaver\iSaverCtrl.exe" [2009-06-08 1160192]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-06-19 38840]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-06-19 640440]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2010-05-11 2528584]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"cFosSpeed"="c:\program files\Topos\cFosSpeed\cFosSpeed.exe" [2009-10-30 977624]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-08-13 2065760]
"TaskTray"="c:\program files\Driver-Soft\DriverGenius\TaskTray.exe" [2010-07-15 284016]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-02-22 1226024]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\users\Dirk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SpeedFan.lnk - c:\program files\SpeedFan\speedfan.exe [2009-11-25 4009592]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ISDNWatch.lnk - c:\comcenter\IWatch.exe [2009-12-6 275760]
Kodak EasyShare Software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2010-1-27 323584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave2"=AvmSnd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-27 136176]
R2 KMService;KMService;c:\windows\system32\srvany.exe [2003-04-18 8192]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 AsrOcDrv;AsrOcDrv;c:\windows\system32\Drivers\AsrOcDrv.sys [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;d:\dragon age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 2010 CBE\Dfsdks.exe [2009-08-24 406016]
R3 GigasetGenericUSB;GigasetGenericUSB;c:\windows\system32\DRIVERS\GigasetGenericUSB.sys [2009-02-20 44032]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 NETPPPOI;PPP over ISDN;c:\windows\system32\DRIVERS\NETPPPOI.SYS [2007-10-15 334640]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-21 1343400]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-12-06 691696]
S1 AvgLdx86;AVG Free SB AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-08-13 216400]
S1 AvgTdiX;AVG Free SB Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-08-13 243024]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 avg9wd;AVG Free SB WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-08-13 308136]
S2 AVMPORT;AVMPORT;c:\windows\System32\drivers\avmport.sys [2009-10-02 66472]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-02-18 462632]
S2 O&O CleverCache;O&O CleverCache;c:\program files\OO Software\CleverCache\ooccag.exe [2009-12-09 701768]
S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2010-05-11 1619272]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
S3 AVMCOWAN;AVMCOWAN;c:\windows\system32\DRIVERS\AVMCOWAN.sys [2007-08-15 64512]
S3 fxusbase;Eumex 400;c:\windows\system32\DRIVERS\fxusbase.sys [2007-08-15 567936]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-03-03 710144]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile        REG_MULTI_SZ          wcescomm rapimgr
LocalServiceRestricted        REG_MULTI_SZ          WcesComm RapiMgr
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-11-20 13:28        451872        ----a-w-        c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners

2010-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb0c24723cb029.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-27 19:42]

2010-08-05 c:\windows\Tasks\SidebarExecute.job
- c:\program files\Windows Sidebar\sidebar.exe [2009-07-13 01:14]

2010-07-24 c:\windows\Tasks\{234E3102-E7D6-42B3-8B64-8E575FA9FCC6}.job
- c:\program files\Skype\Phone\Skype.exe [2010-05-13 15:57]

2010-08-14 c:\windows\Tasks\{975A21F9-1931-4360-994C-B08FEE630381}.job
- c:\program files\Skype\Phone\Skype.exe [2010-05-13 15:57]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {0DEEBD5F-433C-4048-85DA-07197A7A0F50} = 0.0.0.0,192.168.0.2
TCP: {2AFB036A-7D54-4FF0-A073-09122504F42A} = 192.168.121.252,192.168.121.253
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath - c:\users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\tlduxcgd.default\
FF - prefs.js: browser.search.selectedEngine - foxsearch
FF - prefs.js: keyword.URL - hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmieze.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppdf32.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: c:\users\Dirk\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\Dirk\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll
FF - plugin: c:\users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\tlduxcgd.default\extensions\maps@ovi.com\plugins\npNMapNPR.dll

---- FIREFOX Richtlinien ----
FF - user.js: browser.search.selectedEngine - foxsearch
FF - user.js: browser.search.order.1 - foxsearch
FF - user.js: browser.search.defaultenginename - foxsearch
FF - user.js: keyword.URL - hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - user.js: privacy.item.cookies - false
FF - user.js: privacy.sanitize.promptOnSanitize - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

HKCU-Run-3PlanesoftAnimatedWallpaper - (no file)
AddRemove-CoreAAC Audio Decoder - c:\windows\system32\CoreAAC-uninstall.exe


.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OOCC06.00.00.01WSSV"="CDC868B75EF86CC4EE3924CF64845DEFC249A8A99C1EFE08A82775190FABB7115EC751734EB80C8F2FAA672C2289E2AA90B93685F6401E67F1B2574DA50C86686FA089AC84EC014BCF6591855286198ACA56ED60628358F72A66556FA6856DBC35DF0917042AAA786EAF710F731AC5E01DBD12117BB0F57B2BDAC8186EAA5C6154B75FAB8469BB9B9D736AC3BDC5FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452A6171C11EC38DE3DC038D530D6EB345216B401CF9591C1D155B5095568961BCFE8440A995FAD1F4214CAC0714587F8DE0731033D57CE01A99DAF3CF1A9811CC6653E3331D060785974823076E772897C165BE3D35E8AE23FBEF325B41AEED73D576CFAC0E50176BA5791FC40B401435B289F801B2ED4D5E4611D0EE09372B90FD1BC36E16EC221E853562A600F26ECC7F9EF2740E0827FCD87CD355A06E0617A3720B2D5CE9AB6CB51B3AF0FF19A017299BC1F1423AB3695842ACBADF252A421410DAC7EFB4328AE0F107AA9E6592DEF69FE210BB72B053700D97A8771A48B0BFCFB59E204B99C411E566AAE8FA0D4B721B25A3FF1222C17F589D7392AF852A0CAEBDEAD0442EB1665F552C29FF28F27CA576A6CBC749E78B4EB74B95BB4EAB15F5DD82EB0E0A4A51EDF7BAD609AA6FD4570697394CA8584E1B2D0215981F7F0C457D4D6506107CA560BA05AAC9E18624485DC5A0B90BA4A751A64AF0ACA527356E1D6BDBE510AC5EEF2745B76D117D94CA1C34945F6CDBAB8DB18C665C30834450CD61F6A0357389D969761C0458AD23AD58E0EFBF0832A4EB8C9EAFB5F58919567BDDAD70B4BAB6D772446A3CF8C9D3CB422977D375153A8F6CB47EE58B74E22886CF01DC57709BB1D2605CC8D6B6E55D6D8FCAAC565520FDEE4A8752B4E10950A360BE6D0A1A2BA111CBD7A5E2A5C5C56FD75785D9CA91EBB4E0258997AE1F1885F71F30E43A8EE63FB3683E37F65FA5453DEF0020D3EC5DF36E978284B328B27A51617A38AB532A62DD2CD86D4E932740EBA30FA7C5A491FBE1845A005D28B0BB78937FBD94333708AA2D6EF4AAC52DD572BE755662940D1FD6CC610A17B6D5CB6045044C33173DAE553AE903058033C4B7C5E607B3E9755FDE695C64CC403CABB5EF16F1443498702BAF91C10F7BEBEFA1AEBB19E8E8D0ABCAF625BE62E7107511A3FB3C7205C95174EEF87A1FB561AEC947E9FE672B6D42C8F6D25049AB14776D8EE8B9053ADAE52ACDE0F5539E985192196C72129FA9DB1738EC2EDCF8F449D614CB3D2CC8C7B5214A4B24CE7713C6D19490ACBD2955129EE2F9420F62CBCAD1F3730AA5F1F2BABE8B6355D24B7FDC978C00A1A7497E0DE374DC04CA0FBF002A022C5E242607066339C9C94EFDB8E"
"OOCC7.00.00.01PROSTATION"="DFEA51D306DB7EBDA20580E625576D06C27565F77AEE5EA17562D633E8BF2119B034AA60D07D175027AFFC78D52B0C04D6CC16052C9B18929DED555C7F56199FE7DBAF9EE136B7F86A9C411154677ED8690A663BD0AA826D18CDEDE2F2F49639001958CAA9D212BDFCB6A4C9F7A02979C4712EAFC815D23287BBFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CA6171C11EC38DE3DA9C6AECB7A5D1407FA29A56D215C8DDECE57DF9BF8398DA5650EA509FE1D648375E75F53D6239B3A1EDAB1F0692CC011C39F523AC7A9FEFEFCDDE642A9BBCCB215BDF97FE617A36195AEFEC01C4C4A62E997607C454AB0A489C0A4E37C41586EB62322CBBCC9D36BD1743FE837E74C0F330CC4D23E539BC71BA0C3E1B7917A78ADBF04D3A4EABACF87AC08473A1C0DE4D57E1F81036D602A88980C079C86CB2A116D2F07759E071D2C91D192AA7C75C548A2F0A1ECB942236C7C27F0F26A8870BB3A19A705008FF47F8DFACF110D94A8CA62A19F514BA69EA5D12691047D0FC9CC6A19CCAE1B4B0CFE41445C79C89C97DCD779BC91A71A1C55CFFB2E20F4E3CCA772EC5F53EF59AC6F7E53E7759C61AFC255A80E8BCAC9ADE166FEE11877309F747D34A1D67579B1DACD317698EC5FA487DD407C29A38AFB75B6EB9844223E009CEA73239F930F8F0AEB4D5F7C8D323CF7AB3844D016D1417E15E115FE83FEBD50CC13CB1A2726C89046F54DBC491DD024AA6AF471F73B4DAD0CE36D2621853D83E85E56350269773F0162417BDE0550627A94F47D140583FA58D90A1D728A756BB98752E567AAC9B1F3AC0FDC7FF53ECA715AFCE72B13D920EC8E2BC9E3E974836F22A123935E0141AACF5E88D09B2FBB9640992D6DEA5E9A6DB1DF1854A2DA8B6B28FAE7309D710F63AF2A2BECC84ED4A6B22BC985B82D2DB5568FF519D85B87C4F2E93460A5847F159044F76372D97C93FE67400B4A7BDDD0F4F355F955BD3DC444CC0C3856B73BE21C4E2035B324DB00D7D5938F9390F60268992D3183E039EB41D6F7C0361D2DABDD41DE58CA135FC4D2D3D0942B46073E6F647872F2B2C96A728D81F76C58867D4A686F371821B7EE6B9204914C0EDE2EAD08B6DDD7388129C2CCB94EC6A4BA9CB5E392AEA3DC5C3F0095BEF1D46994312C8FE88E8B8A37C084C2B3A8374D8200D8260E91156883A9D2389694C8EF05D75358178E075508006973085FCFB4D9D25179A9A6BAF92DD70A24254BCDCDCAE67514CADD6BD8D1EA0DB4D1C0CCD080F421F73227075C9825AF5C895F30C14B59C44893727E68B736E830300E08A97A7AAD11F7C011ECCA22B3B4E38ADD1FA95C57CF84B225EEA14EDF67C77A055C902A3F09CF96901E0E93E656597B6ACCD2502B57B27A"
"OODEFRAG12.00.00.01PROFESSIONAL"="8E53E8C0E9ACEC859E1F90B0C2106588562448CF454E89E0CF9CC8B9C12BFDD71B3486B38CAB2FAA6F6C7FAC18C4510EAF90EA3B6810333BC336AFBA471BDD0F38CF2AEC58BE81B734504A34718BBC743D5CF55645C3A662CE0F46D8E6E6B15BBAC88C600E48DDE7DF16AEAB38BFB6372E1DCA9997DCA4B27C26B43D46BA101BAA27FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D67949DB7CE019D40AA5C9DB7CE019D40AA5C5236C8B71EAF559B8E612F4F78AA6EB6753BC337ABD709931589F669D0410E723E14B348E60E115DFC449B6070297AB5E04812C9E8E9775A1647180D7F5143574EAAFB232DDEB4AAF67453FA10682B1544A5C7181F8E3AFB09B134B8AA34B6E05D0B92952B15055A9BB333A5635D3F3323E5CF02CF5C2D80754DE345E7C0035C9AC75B0F2DE977A5DF440E0B0EC1AE52D71E0909132EE251BA9DB2ADE313F58009F9312694D8BAA80AEFA7F644119E198DE7C5D51423A1BF0930A012608913E37FBCDF9257A2AAE6B6833D5C538EED91C5E2CE31921BE0FD6892A036B1471005272FA832FCCB5DC356D07BD2173EAB2AD5AE5D8C603E502330561C83BDB3D7C28175C084A51B1909AB2A8311036A9C36E5F0A0F8E676CFAB1093EF8303F80862DEB65130801ED9E3CDE96CF79D9D3AEA72D33D2D9F7076F609E4E8681108750AE69F76FCD2A3CFE72BEC410780AB30624C06C8859A9E8CC771684E040B132449145EC258F6415D870112FCE55AA85F1D1A374E007B388FC5724157502C90D00FB6A73AD2D9CD9A9EE3BE14DD6CED5C7B521ECC3FF7B732FB89152EE7BD3CE8306FB2D521FB6653683C5CECDB8D986FC441F4380BDD59585A098FF48AA1950E65373B829C746B860844D7DEF3290A94A38A77F6CD0A219C34965E3F1DCBDF9749D50222426A7FE7810E20BA5A3CE5FD25A06AE416F0544D402CB515A5C421905D6D4988321C8C5FBFFAABC069D9188E3DCC90CE1799FC6A1C184BF1D129263786EED80132D93D878F4471A89F27CB5FC1AC347A291F6A2A44F9D94671277CFD0D21FCC4AB0B02B0A1F56F1B9D60723DECB0A39D44B1AD751EC92075F805788A9C200588A92790DD0CEEA5362AD141A75D1D31630A931C6B6F51DFD8FD1AB1B8C6D8C3EFDD3D5F4748E21A0C2F5E3255958AB06A3B1C52DBE52C613B3ED38117FD0E92139EECAA5833D9D2233BFB012CFA677DC5BFB7ABCC0ECE6DDD98B107669C584C8063EA73B00F315E75FDB6AFCA5972737DA364CC78DD7D54F292C7A89FDD225039C882FD230095CD704F2A03805E41768A14B6994BABD1E824523E09EA63A802B0908F5137910DB3F6290B05D19C3CE9DEE3D3BE67323A008D25D19729B07FC9519F05BAA82E6F2B5E281E82"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0016\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0017\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2010-08-24  21:51:22
ComboFix-quarantined-files.txt  2010-08-24 19:51

Vor Suchlauf: 4.153.749.504 Bytes frei
Nach Suchlauf: 7.998.914.560 Bytes frei

- - End Of File - - 4369AE86DAF61F96441263A0220FC46F

markusg 25.08.2010 10:07
Start programme zubehör, editor, kopiere rein:

Killall::
Rootkit::
c:\windows\system32\_KAYNEII.dll


datei speichern unter, typ alle, ort dort wo sich combofix.exe befindet, name cfscript.txt
cfscript auf combofix ziehen, programm startet, log posten

funmaster78 25.08.2010 10:34
Code:
ComboFix 10-08-24.02 - Dirk 25.08.2010  11:12:37.2.2 - x86
Microsoft Windows 7 Ultimate  6.1.7600.0.1252.49.1031.18.3071.1485 [GMT 2:00]
ausgeführt von:: p:\misc\ComboFix.exe
Benutzte Befehlsschalter :: p:\misc\cfscript.txt
.

((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Dirk\AppData\Local\Temp\sfamcc00001.dll
c:\users\Dirk\AppData\Local\Temp\sfareca00001.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
(((((((((((((((((((((((  Dateien erstellt von 2010-07-25 bis 2010-08-25  ))))))))))))))))))))))))))))))
.

2010-08-25 09:20 . 2010-08-25 09:20        --------        d-----w-        c:\users\Public\AppData\Local\temp
2010-08-25 09:20 . 2010-08-25 09:20        --------        d-----w-        c:\users\Default\AppData\Local\temp
2010-08-25 09:20 . 2010-08-25 09:20        --------        d-----w-        c:\users\Dani\AppData\Local\temp
2010-08-25 00:43 . 2010-04-07 07:10        571904        ----a-w-        c:\windows\system32\oleaut32.dll
2010-08-24 19:51 . 2010-08-25 09:24        --------        d-----w-        c:\users\Dirk\AppData\Local\temp
2010-08-24 00:28 . 2010-08-24 00:28        --------        d-----w-        c:\program files\Common Files\Java
2010-08-23 21:46 . 2010-04-29 13:39        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys
2010-08-23 21:46 . 2010-08-23 21:46        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2010-08-23 21:46 . 2010-04-29 13:39        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys
2010-08-23 21:04 . 2010-08-23 21:04        --------        d-----w-        c:\program files\Trojancheck 6
2010-08-23 07:34 . 2010-08-23 07:34        --------        d-----w-        c:\users\Dirk\AppData\Roaming\wds.NET
2010-08-23 07:34 . 2010-08-23 07:34        --------        d-----w-        c:\programdata\wds.NET
2010-08-23 07:34 . 2010-08-23 07:34        --------        d-----w-        c:\program files\wds.NET
2010-08-22 22:15 . 2009-08-19 21:50        22872        ----a-r-        c:\windows\system32\AdobePDFUI.dll
2010-08-22 00:53 . 2010-08-22 00:53        --------        d-----w-        c:\users\Dirk\AppData\Roaming\NeroDCTemplates
2010-08-21 13:18 . 2010-08-21 13:26        --------        d-----w-        c:\program files\The Lost Watch 3D Screensaver
2010-08-21 13:18 . 2010-08-21 13:18        --------        d-----w-        c:\program files\Watermill 3D Screensaver
2010-08-21 13:18 . 2010-08-21 13:18        --------        d-----w-        c:\program files\Valentine 3D Screensaver
2010-08-21 13:18 . 2007-02-07 14:53        770048        ----a-w-        c:\windows\system32\Valentine_3D_Screensaver.scr
2010-08-21 13:18 . 2007-02-07 14:53        5868544        ----a-w-        c:\windows\system32\Valentine 3D Screensaver.exe
2010-08-21 13:18 . 2010-08-21 13:26        --------        d-----w-        c:\program files\The One Ring 3D Screensaver
2010-08-21 13:18 . 2010-08-21 13:26        --------        d-----w-        c:\program files\Spirit of Fire 3D Screensaver
2010-08-21 13:17 . 2010-08-21 13:26        --------        d-----w-        c:\program files\Nautilus 3D Screensaver
2010-08-21 13:17 . 2010-08-21 13:26        --------        d-----w-        c:\program files\Nature 3D Screensaver
2010-08-21 13:17 . 2010-08-21 13:26        --------        d-----w-        c:\program files\Lantern 3D Screensaver
2010-08-21 13:17 . 2010-08-21 13:17        --------        d-----w-        c:\program files\Lagoon 3D Screensaver
2010-08-21 13:17 . 2006-10-06 13:51        883200        ----a-w-        c:\windows\system32\Lagoon_3D_Screensaver.scr
2010-08-21 13:17 . 2006-10-06 13:51        10638336        ----a-w-        c:\windows\system32\Lagoon 3D Screensaver.exe
2010-08-21 13:17 . 2010-08-21 13:17        --------        d-----w-        c:\program files\Koi Fish 3D Screensaver
2010-08-21 13:17 . 2007-02-27 04:28        9907200        ----a-w-        c:\windows\system32\Koi Fish 3D Screensaver.exe
2010-08-21 13:17 . 2007-02-27 00:00        769536        ----a-w-        c:\windows\system32\Koi_Fish_3D_Screensaver.scr
2010-08-21 13:16 . 2010-08-21 13:16        --------        d-----w-        c:\program files\Ice Clock 3D Screensaver
2010-08-21 13:16 . 2006-11-03 15:16        889856        ----a-w-        c:\windows\system32\Ice_Clock_3D_Screensaver.scr
2010-08-21 13:16 . 2006-11-03 15:16        8516096        ----a-w-        c:\windows\system32\Ice Clock 3D Screensaver.exe
2010-08-21 13:16 . 2010-08-21 13:26        --------        d-----w-        c:\program files\Halloween 3D Screensaver
2010-08-21 13:16 . 2010-08-21 13:26        --------        d-----w-        c:\program files\Galleon 3D Screensaver
2010-08-21 13:15 . 2010-08-21 13:26        --------        d-----w-        c:\program files\Fantasy Moon 3D Screensaver
2010-08-21 13:15 . 2010-08-21 13:25        --------        d-----w-        c:\program files\Fireside Christmas 3D Screensaver
2010-08-21 13:15 . 2010-06-02 14:19        915456        ----a-w-        c:\windows\system32\Fireside_Christmas_3D_Screensaver.scr
2010-08-21 13:15 . 2006-11-30 22:09        8326144        ----a-w-        c:\windows\system32\Fireside Christmas 3D Screensaver.exe
2010-08-21 13:15 . 2010-08-21 13:26        --------        d-----w-        c:\program files\Discovery 3D Screensaver
2010-08-21 13:14 . 2010-08-21 13:14        --------        d-----w-        c:\program files\Cuckoo Clock 3D Screensaver
2010-08-21 13:14 . 2006-07-29 12:33        19063808        ----a-w-        c:\windows\system32\Cuckoo Clock 3D Screensaver.exe
2010-08-21 13:14 . 2006-07-29 02:14        1000960        ----a-w-        c:\windows\system32\Cuckoo_Clock_3D_Screensaver.scr
2010-08-21 13:14 . 2010-08-21 13:26        --------        d-----w-        c:\program files\Coral Clock 3D Screensaver
2010-08-21 13:14 . 2010-08-21 13:25        --------        d-----w-        c:\program files\Voyage of Columbus 3D Screensaver
2010-08-21 13:14 . 2010-08-21 13:26        --------        d-----w-        c:\program files\Mechanical Clock 3D Screensaver
2010-08-21 13:13 . 2010-08-21 13:26        --------        d-----w-        c:\program files\Christmas 3D Screensaver
2010-08-21 13:13 . 2010-08-21 13:13        --------        d-----w-        c:\program files\Christmas Tree 3D Screensaver
2010-08-21 13:12 . 2010-08-21 13:12        --------        d-----w-        c:\windows\system32\3Planesoft
2010-08-21 13:12 . 2010-08-21 13:26        --------        d-----w-        c:\program files\Ancient Castle 3D Screensaver
2010-08-21 12:47 . 2010-08-21 12:47        --------        d-----w-        c:\program files\Deep Space 3D Screensaver
2010-08-21 12:47 . 2010-06-02 14:18        920576        ----a-w-        c:\windows\system32\Deep_Space_3D_Screensaver.scr
2010-08-21 12:45 . 2010-08-21 12:45        --------        d-----w-        c:\program files\Earth 3D Screensaver
2010-08-21 12:45 . 2010-06-02 14:19        977920        ----a-w-        c:\windows\system32\Earth_3D_Screensaver.scr
2010-08-21 11:52 . 2010-08-21 12:38        --------        d-----w-        c:\program files\Trillian
2010-08-21 08:51 . 2010-08-21 08:51        --------        d-----w-        c:\program files\Lighthouse Point 3D Screensaver
2010-08-21 08:51 . 2010-06-02 14:22        920576        ----a-w-        c:\windows\system32\Lighthouse_Point_3D_Screensaver.scr
2010-08-21 08:42 . 2010-08-21 08:42        --------        d-----w-        c:\program files\Battleship Missouri 3D Screensaver
2010-08-21 08:42 . 2010-06-02 14:15        917504        ----a-w-        c:\windows\system32\Battleship_Missouri_3D_Screensaver.scr
2010-08-21 08:38 . 2010-08-21 13:15        --------        d-----w-        c:\program files\Tropical Fish 3D Screensaver
2010-08-21 08:38 . 2005-04-29 15:24        262144        ----a-w-        c:\windows\system32\Tropical_Fish_3D_Screensaver.scr
2010-08-21 08:35 . 2010-08-21 08:35        --------        d-----w-        c:\program files\Fireplace 3D Screensaver
2010-08-21 08:35 . 2010-06-02 14:19        975360        ----a-w-        c:\windows\system32\Fireplace_3D_Screensaver.scr
2010-08-21 08:19 . 2010-08-21 13:25        --------        d-----w-        c:\programdata\3Planesoft
2010-08-21 08:19 . 2010-08-21 13:25        --------        d-----w-        c:\program files\3Planesoft Screensaver Manager
2010-08-21 08:19 . 2010-06-02 11:22        688640        ----a-w-        c:\windows\system32\3Planesoft_Screensaver_Manager.scr
2010-08-21 08:19 . 2010-08-21 08:19        --------        d-----w-        c:\program files\Clock Tower 3D Screensaver
2010-08-21 08:19 . 2010-06-02 14:16        975360        ----a-w-        c:\windows\system32\Clock_Tower_3D_Screensaver.scr
2010-08-21 07:53 . 2010-08-21 08:15        --------        d-----w-        c:\program files\Simple Port Forwarding
2010-08-21 07:53 . 2010-08-21 07:53        --------        d-----w-        c:\windows\Simple Port Forwarding
2010-08-20 13:07 . 2010-08-20 13:07        --------        d-----w-        c:\users\Dirk\AppData\Local\119614890733741300
2010-08-20 13:07 . 2010-08-20 13:07        --------        d-----w-        c:\users\Dirk\AppData\Local\119611678098203892
2010-08-20 12:52 . 2010-08-20 12:52        286720        ----a-w-        c:\windows\system32\_KAYNEII.dll
2010-08-20 11:42 . 2010-08-20 11:42        --------        d-----w-        c:\users\Dirk\AppData\Roaming\Nero
2010-08-20 10:21 . 2010-08-20 10:28        --------        d-----w-        c:\programdata\Nero
2010-08-20 10:21 . 2010-08-20 10:21        --------        d-----w-        c:\program files\Common Files\Nero
2010-08-20 10:20 . 2010-08-20 10:28        --------        d-----w-        c:\program files\Nero
2010-08-19 10:51 . 2010-08-19 10:51        --------        d-----w-        c:\users\Dirk\AppData\Local\119614890735314164
2010-08-19 10:51 . 2010-08-19 10:51        --------        d-----w-        c:\users\Dirk\AppData\Local\119611678099776756
2010-08-19 08:31 . 2009-03-03 12:09        221184        ----a-w-        c:\windows\system32\RaCoInst.dll
2010-08-19 08:31 . 2009-03-03 12:09        13931        ----a-w-        c:\windows\system32\RaCoInst.dat
2010-08-19 08:31 . 2009-03-03 12:21        710144        ----a-w-        c:\windows\system32\drivers\netr28u.sys
2010-08-19 08:31 . 2010-08-19 08:31        --------        d-----w-        c:\programdata\Ralink Driver
2010-08-19 07:50 . 2010-08-19 07:50        --------        d-----w-        c:\users\Dirk\AppData\Local\119614890734200052
2010-08-19 07:50 . 2010-08-19 07:50        --------        d-----w-        c:\users\Dirk\AppData\Local\119611678098662644
2010-08-14 12:34 . 2010-08-14 12:34        --------        d-----w-        c:\program files\Lavalys
2010-08-14 10:37 . 2010-08-14 10:37        --------        d-----w-        c:\users\Dirk\AppData\Roaming\KodakCredentialStore
2010-08-14 10:37 . 2010-08-14 13:27        --------        d-----w-        c:\users\Dirk\AppData\Local\KodakGallery
2010-08-14 10:36 . 2010-08-14 10:36        --------        d-----w-        c:\users\Dirk\AppData\Roaming\Skinux
2010-08-14 10:35 . 2010-08-14 10:35        --------        d-----w-        c:\users\Dirk\AppData\Local\Programs
2010-08-14 10:34 . 2010-08-14 10:34        --------        d-----w-        c:\users\Dirk\AppData\Local\ArcSoft
2010-08-14 10:34 . 2010-08-14 10:35        --------        d-----w-        c:\users\Dirk\AppData\Roaming\ArcSoft
2010-08-14 10:34 . 2010-08-14 10:35        --------        d-----w-        c:\programdata\ArcSoft
2010-08-14 10:34 . 2010-08-20 08:24        --------        d-----w-        c:\program files\Common Files\ArcSoft
2010-08-14 10:34 . 2010-08-20 08:24        --------        d-----w-        c:\program files\ArcSoft
2010-08-14 10:32 . 2010-08-14 10:33        --------        d-----w-        c:\program files\Common Files\Kodak
2010-08-14 10:32 . 2010-08-14 10:33        --------        d-----w-        c:\program files\Kodak
2010-08-14 10:29 . 2010-08-14 10:36        --------        d-----w-        c:\programdata\Kodak
2010-08-14 07:15 . 2010-08-14 07:15        --------        d-----w-        c:\program files\Hewlett-Packard
2010-08-14 07:15 . 2010-08-14 07:15        --------        d-----w-        c:\programdata\Hewlett-Packard
2010-08-14 07:14 . 2010-06-18 07:35        302080        ----a-w-        c:\windows\system32\Spool\prtprocs\w32x86\hpcpp104.dll
2010-08-14 07:14 . 2010-06-18 07:25        326656        ----a-w-        c:\windows\system32\hpmml104.dll
2010-08-14 07:14 . 2010-06-18 07:24        243200        ----a-w-        c:\windows\system32\hpmpm081.dll
2010-08-14 07:14 . 2010-06-18 07:24        179200        ----a-w-        c:\windows\system32\hpmpw081.dll
2010-08-14 07:14 . 2010-06-18 07:24        223232        ----a-w-        c:\windows\system32\hpmtp104.dll
2010-08-14 07:14 . 2010-06-15 11:26        49252        ----a-w-        c:\windows\system32\hpmnque.dll
2010-08-14 07:14 . 2010-06-15 11:26        49250        ----a-w-        c:\windows\system32\hpmnndps.dll
2010-08-14 07:14 . 2010-03-04 12:10        79872        ----a-w-        c:\windows\system32\hppccompio.dll
2010-08-14 07:14 . 2009-02-25 17:57        18944        ----a-w-        c:\windows\system32\hppmopjl.dll
2010-08-14 07:14 . 2010-06-18 07:35        179200        ----a-w-        c:\windows\system32\hpcpn104.dll
2010-08-14 07:14 . 2010-06-18 07:24        275968        ----a-w-        c:\windows\system32\hpmja104.dll
2010-08-14 07:14 . 2009-02-25 15:32        59928        ----a-w-        c:\windows\system32\fxcompchannel.dll
2010-08-14 07:11 . 2010-08-14 07:11        --------        d-----w-        c:\users\Dirk\AppData\Roaming\AVG9
2010-08-14 07:08 . 2010-06-23 15:10        275048        ----a-w-        c:\windows\system32\drivers\Rt86win7.sys
2010-08-14 07:08 . 2010-06-08 21:33        100896        ----a-w-        c:\windows\system32\RTNUninst32.dll
2010-08-14 07:08 . 2009-12-03 15:27        80416        ----a-w-        c:\windows\system32\RtNicProp32.dll
2010-08-14 07:06 . 2010-08-14 07:06        --------        d-----w-        C:\$AVG
2010-08-14 07:03 . 2010-08-14 07:03        --------        d-----w-        c:\programdata\NVIDIA Corporation
2010-08-14 07:02 . 2010-07-09 22:37        56936        ----a-w-        c:\windows\system32\OpenCL.dll
2010-08-14 07:02 . 2010-07-09 22:37        314984        ----a-w-        c:\windows\system32\nvdecodemft.dll
2010-08-14 07:02 . 2010-07-09 22:37        14092904        ----a-w-        c:\windows\system32\nvoglv32.dll
2010-08-14 07:02 . 2010-07-09 22:37        11008040        ----a-w-        c:\windows\system32\drivers\nvlddmkm.sys
2010-08-14 07:02 . 2010-07-09 22:37        4553832        ----a-w-        c:\windows\system32\nvcuda.dll
2010-08-14 07:02 . 2010-07-09 22:37        2892904        ----a-w-        c:\windows\system32\nvcuvid.dll

.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-25 09:27 . 2009-12-06 14:19        --------        d-----w-        c:\users\Dirk\AppData\Roaming\Skype
2010-08-25 09:27 . 2009-12-06 14:20        --------        d-----w-        c:\users\Dirk\AppData\Roaming\skypePM
2010-08-25 09:23 . 2009-12-06 12:36        --------        d-----w-        c:\program files\SpeedFan
2010-08-25 09:23 . 2009-12-06 12:36        --------        d-----w-        c:\programdata\NVIDIA
2010-08-25 09:22 . 2009-12-05 19:36        0        ----a-w-        c:\windows\system32\drivers\lvuvc.hs
2010-08-25 09:12 . 2009-12-06 10:38        --------        d-----w-        c:\users\Dirk\AppData\Roaming\uTorrent
2010-08-25 09:08 . 2010-07-02 10:24        188152        ----a-w-        c:\users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\tlduxcgd.default\FlashGot.exe
2010-08-25 01:22 . 2010-07-01 15:02        --------        d-----w-        c:\users\Dirk\AppData\Roaming\ICQ
2010-08-24 08:02 . 2010-07-01 15:02        --------        d-----w-        c:\program files\ICQ7.2
2010-08-24 00:28 . 2009-12-08 20:24        --------        d-----w-        c:\program files\Java
2010-08-20 09:49 . 2009-12-06 14:19        --------        d-----r-        c:\program files\Skype
2010-08-20 08:53 . 2009-12-06 13:46        --------        d-----w-        c:\programdata\Microsoft Help
2010-08-20 08:29 . 2010-08-04 05:56        47360        ----a-w-        c:\users\Dirk\AppData\Roaming\pcouffin.sys
2010-08-20 08:29 . 2010-08-04 05:56        47360        ----a-w-        c:\users\Dirk\AppData\Roaming\pcouffin.sys
2010-08-20 08:27 . 2010-08-20 08:27        262144        ----a-w-        c:\programdata\ntuser.dat
2010-08-20 08:24 . 2009-12-06 12:04        --------        d--h--w-        c:\program files\InstallShield Installation Information
2010-08-19 09:54 . 2010-06-06 10:35        --------        d-----w-        c:\programdata\WebcamMax
2010-08-19 09:44 . 2009-07-14 08:47        676232        ----a-w-        c:\windows\system32\perfh007.dat
2010-08-19 09:44 . 2009-07-14 08:47        138964        ----a-w-        c:\windows\system32\perfc007.dat
2010-08-19 07:02 . 2010-07-21 17:30        --------        d-----w-        c:\program files\Cisco
2010-08-15 10:38 . 2010-08-14 10:34        720        ----a-w-        c:\programdata\ArcSoft\kodak-printcreations-22-080812-oem\acforall.dll
2010-08-14 17:49 . 2009-12-11 12:04        66872        ----a-w-        c:\windows\system32\PnkBstrA.exe
2010-08-14 10:50 . 2010-08-14 10:50        225280        ----a-w-        c:\programdata\Kodak\EasyShareSetup\wtf\update.exe
2010-08-14 10:50 . 2010-08-14 10:30        225280        ----a-w-        c:\programdata\Kodak\EasyShareSetup\wtf\finish.exe
2010-08-14 10:50 . 2010-08-14 10:30        225280        ----a-w-        c:\programdata\Kodak\EasyShareSetup\wtf\start.exe
2010-08-14 10:50 . 2010-08-14 10:50        1187840        ----a-w-        c:\programdata\Kodak\EasyShareSetup\$SETUP_1e0001_afc4d3\EasyShrx.Dll
2010-08-14 10:49 . 2010-08-14 10:49        114688        ----a-w-        c:\programdata\Kodak\EasyShareSetup\$Registration\KodakCameraAPI_7.4.30.2.dll
2010-08-14 10:30 . 2010-08-14 10:30        77824        ----a-w-        c:\programdata\Kodak\EasyShareSetup\ess\bindbins\bindbins.exe
2010-08-14 10:30 . 2010-08-14 10:30        175104        ----a-w-        c:\programdata\Kodak\EasyShareSetup\reduced_contents_PrintCreation_expanded\setup.exe
2010-08-14 10:30 . 2010-08-14 10:30        45056        ----a-w-        c:\programdata\Kodak\EasyShareSetup\sysfiles\kb945060\kb945060.exe
2010-08-14 10:29 . 2010-08-14 10:29        1187840        ----a-w-        c:\programdata\Kodak\EasyShareSetup\$SETUP_1e0001_9d1764\EasyShrx.Dll
2010-08-14 10:29 . 2010-08-14 10:29        114688        ----a-w-        c:\programdata\Kodak\EasyShareSetup\$Registration\KodakCameraAPI_8.2.30.1.dll
2010-08-14 09:40 . 2010-04-27 19:42        --------        d-----w-        c:\program files\Google
2010-08-14 07:08 . 2009-12-06 13:35        --------        d-----w-        c:\program files\Realtek
2010-08-14 07:03 . 2009-12-06 12:35        --------        d-----w-        c:\program files\NVIDIA Corporation
2010-08-14 07:03 . 2009-12-06 12:35        --------        d-----w-        c:\program files\Common Files\Wise Installation Wizard
2010-08-14 07:02 . 2009-12-06 13:35        --------        d--h--w-        c:\program files\Temp
2010-08-13 16:04 . 2010-01-23 07:36        --------        d-----w-        c:\programdata\Media Center Programs
2010-08-12 10:08 . 2009-12-11 12:04        138184        ----a-w-        c:\windows\system32\drivers\PnkBstrK.sys
2010-08-12 10:08 . 2009-12-11 12:04        183112        ----a-w-        c:\windows\system32\PnkBstrB.exe
2010-08-12 08:49 . 2010-04-24 07:56        --------        d-----w-        c:\program files\MSECache
2010-08-10 23:33 . 2010-08-20 09:50        11776        ----a-w-        c:\users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\tlduxcgd.default\extensions\{d9284e50-81fc-11da-a72b-0800200c9a66}\lib\WINNT_x86-msvc\1.9.1\yoono.dll
2010-08-06 12:28 . 2010-07-23 13:53        --------        d-----w-        c:\users\Dirk\AppData\Roaming\vlc
2010-08-06 12:28 . 2010-01-01 12:02        --------        d-----w-        c:\users\Dirk\AppData\Roaming\CyberLink
2010-08-06 07:02 . 2009-12-05 19:57        157776        ----a-w-        c:\users\Dirk\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-05 09:07 . 2010-01-01 11:55        --------        d-----w-        c:\users\Dirk\AppData\Roaming\dvdcss
2010-08-04 10:04 . 2010-02-18 15:49        --------        d-----w-        c:\program files\ffdshow
2010-08-04 07:29 . 2010-01-01 10:32        --------        d-----w-        c:\program files\XviD
2010-08-04 07:28 . 2010-01-01 10:32        --------        d-----w-        c:\program files\AviSynth 2.5
2010-08-04 06:01 . 2010-01-01 10:23        --------        d-----w-        c:\program files\DVD Shrink DE
2010-08-02 08:40 . 2010-08-02 02:59        --------        d-----w-        c:\program files\Notarzt Simulator
2010-08-02 07:03 . 2010-08-02 07:03        --------        d-----w-        c:\program files\ConvertHelper
2010-08-02 05:47 . 2010-08-02 05:47        --------        d-----w-        c:\programdata\ArbZeit
2010-08-02 03:19 . 2010-08-02 03:19        43520        ----a-w-        c:\windows\system32\CmdLineExt03.dll
2010-08-02 03:12 . 2010-08-02 03:12        --------        d-----w-        c:\program files\Common Files\PocketSoft
2010-08-02 03:10 . 2010-08-02 03:09        --------        d-----w-        c:\program files\QuickTime
2010-08-02 03:09 . 2010-08-02 03:09        --------        d-----w-        c:\programdata\Apple Computer
2010-07-31 12:23 . 2010-06-16 11:03        --------        d-----w-        c:\program files\Winterberg Configurator
2010-07-31 09:40 . 2010-07-31 09:40        83456        ----a-w-        c:\users\Dirk\AppData\Roaming\GoPal Assistant\Library\111F0E7A-2DB9-4760-8528-2785C017C1D8\1\module.exe
2010-07-31 09:40 . 2010-07-31 09:40        27648        ----a-w-        c:\users\Dirk\AppData\Roaming\GoPal Assistant\Library\111F0E7A-2DB9-4760-8528-2785C017C1D8\AutoRunCE.exe
2010-07-31 09:40 . 2010-07-31 09:40        83456        ----a-w-        c:\users\Dirk\AppData\Roaming\GoPal Assistant\Library\5EE508BD-C899-4CB2-BBE3-62FCD67404B6\1\module.exe
2010-07-31 09:40 . 2010-07-31 09:40        27648        ----a-w-        c:\users\Dirk\AppData\Roaming\GoPal Assistant\Library\5EE508BD-C899-4CB2-BBE3-62FCD67404B6\AutoRunCE.exe
2010-07-31 09:40 . 2010-07-31 09:40        83456        ----a-w-        c:\users\Dirk\AppData\Roaming\GoPal Assistant\Library\1CADA16C-FCEB-4D38-80ED-DD7D46697D95\1\module.exe
2010-07-31 09:40 . 2010-07-31 09:40        27648        ----a-w-        c:\users\Dirk\AppData\Roaming\GoPal Assistant\Library\1CADA16C-FCEB-4D38-80ED-DD7D46697D95\AutoRunCE.exe
2010-07-31 09:40 . 2010-07-31 09:40        83456        ----a-w-        c:\users\Dirk\AppData\Roaming\GoPal Assistant\Library\F5843E0A-B28B-4E3E-BCCD-B6C7CA6FF718\1\module.exe
2010-07-31 09:40 . 2010-07-31 09:40        27648        ----a-w-        c:\users\Dirk\AppData\Roaming\GoPal Assistant\Library\F5843E0A-B28B-4E3E-BCCD-B6C7CA6FF718\AutoRunCE.exe
2010-07-31 09:40 . 2010-07-31 09:40        83456        ----a-w-        c:\users\Dirk\AppData\Roaming\GoPal Assistant\Library\4741C5BD-E412-4F96-A025-644D7DF59C27\1\module.exe
2010-07-31 09:40 . 2010-07-31 09:40        27648        ----a-w-        c:\users\Dirk\AppData\Roaming\GoPal Assistant\Library\4741C5BD-E412-4F96-A025-644D7DF59C27\AutoRunCE.exe
2010-07-30 15:37 . 2010-07-30 15:37        1078        ----a-r-        c:\users\Dirk\AppData\Roaming\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_4ae13d6c.exe
2010-07-30 15:37 . 2010-07-30 15:37        1078        ----a-r-        c:\users\Dirk\AppData\Roaming\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_2cd672ae.exe
2010-07-30 15:37 . 2010-07-30 15:37        1078        ----a-r-        c:\users\Dirk\AppData\Roaming\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_294823.exe
2010-07-30 15:37 . 2010-07-30 15:37        1078        ----a-r-        c:\users\Dirk\AppData\Roaming\Microsoft\Installer\{0F9196C6-58B4-445B-B56E-B1200FECC151}\_18be6784.exe
2010-07-29 15:40 . 2010-06-23 13:55        --------        d-----w-        c:\program files\OO Software
2010-07-29 15:23 . 2010-06-06 10:35        --------        d-----w-        c:\program files\WebcamMax
2010-07-29 15:18 . 2010-03-17 20:33        --------        d-----w-        c:\program files\AutoShutdownManager
2010-07-29 15:11 . 2009-12-08 14:14        --------        d-----w-        c:\program files\Common Files\Adobe
2010-07-29 14:59 . 2010-05-01 17:17        --------        d-----w-        c:\program files\OnlineControl
2010-07-29 14:52 . 2010-07-06 12:21        --------        d-----w-        c:\program files\TachoPlusFreeDriver
2010-07-29 14:49 . 2010-07-17 08:25        --------        d-----w-        c:\programdata\GloboFleet
2010-07-29 06:30 . 2010-08-11 07:15        197632        ----a-w-        c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-11 07:15        82944        ----a-w-        c:\windows\system32\iccvid.dll
2010-07-26 12:56 . 2010-07-26 12:56        3140        --sha-w-        c:\programdata\Protexis\KGyGaAvL.sys
2010-07-25 02:15 . 2010-03-11 06:42        --------        d-----w-        c:\program files\Ubisoft
2010-07-24 16:19 . 2010-07-24 16:19        --------        d-----w-        c:\program files\Common Files\Skype
2010-07-24 16:10 . 2010-07-24 16:10        3472        ------w-        C:\bootsqm.dat
2010-07-24 09:54 . 2009-12-13 21:00        --------        d-----w-        c:\programdata\WinZip
2010-07-24 09:31 . 2010-07-24 09:31        --------        d-----w-        c:\program files\Xirrus
2010-07-20 12:09 . 2010-07-20 12:09        114149208        ----a-w-        c:\programdata\Corel\Downloads\540215253_610005\1270498514694\CDGSX5SP1.exe
2010-07-18 22:40 . 2010-07-18 22:40        61952        ----a-w-        c:\windows\system32\execryptorvb.dll
2010-07-17 08:56 . 2010-07-17 08:56        --------        d-----w-        c:\users\Dirk\AppData\Roaming\TeamViewer
2010-07-17 08:50 . 2010-07-17 08:50        --------        d-----w-        c:\programdata\Subsembly
2010-07-17 08:50 . 2010-07-17 08:50        --------        d-----w-        c:\programdata\CALpublicdata
2010-07-17 08:50 . 2010-07-17 08:50        --------        d-----w-        c:\programdata\CAL Consult GmbH
2010-07-17 03:00 . 2010-05-12 07:46        423656        ----a-w-        c:\windows\system32\deployJava1.dll
2010-07-15 17:12 . 2009-12-15 23:05        --------        d-----w-        c:\programdata\Installations
2010-07-15 17:12 . 2009-12-15 23:05        --------        d-----w-        c:\program files\Nokia
2010-07-15 17:11 . 2010-07-15 17:11        3351812        ----a-w-        c:\programdata\Installations\{09C468CA-2940-466A-AAE8-DCC0C6E9323C}\Installer\CommonCustomActions\msxml6Exec.exe
2010-07-15 17:11 . 2010-07-15 17:11        36864        ----a-w-        c:\programdata\Installations\{09C468CA-2940-466A-AAE8-DCC0C6E9323C}\Installer\CommonCustomActions\Sleep.exe
2010-07-15 17:11 . 2010-07-15 17:11        3203453        ----a-w-        c:\programdata\Installations\{09C468CA-2940-466A-AAE8-DCC0C6E9323C}\Installer\CommonCustomActions\vcredistExec.exe
2010-07-15 17:10 . 2010-07-15 17:11        35644808        ----a-w-        c:\programdata\Installations\{09C468CA-2940-466A-AAE8-DCC0C6E9323C}\NokiaSoftwareUpdaterSetup_2.5.2DE.exe
2009-06-10 21:26 . 2009-07-14 02:04        9633792        --sha-r-        c:\windows\Fonts\StaticCache.dat
2010-04-24 11:44 . 2010-04-24 11:44        87552        --sh--w-        c:\windows\System32\h4x0r.dll
2010-04-24 11:44 . 2010-04-24 11:44        164352        --sh--w-        c:\windows\System32\SCS.dll
2009-07-14 01:14 . 2009-07-13 23:42        396800        --sha-w-        c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2010-02-28 00:20        561552        ----a-w-        c:\progra~1\MICROS~2\Office14\URLREDIR.DLL

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883840]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-11-20 2363392]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2010-03-16 718208]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"WebcamMaxAutoRun"="c:\program files\WebcamMax\WebcamMax.exe" [2010-06-06 6043888]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"ICQ"="c:\program files\ICQ7.2\ICQ.exe" [2010-08-22 133432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336]
"PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-13 50472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2010-04-12 611712]
"Adobe_ID0ENQBO"="c:\progra~1\COMMON~1\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe" [2008-08-15 378224]
"NokiaMusic FastStart"="c:\program files\Nokia\Ovi Player\NokiaOviPlayer.exe" [2010-03-04 2192672]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2009-12-19 500208]
"FontExpertType1Loader"="c:\program files\FontExpert\Type1Loader.exe" [2008-12-14 294152]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"DpTsClnt"="c:\program files\DigitalPersona\Bin\DpTsClnt.dll" [2008-01-30 200704]
"ooccctrl.exe"="c:\program files\OO Software\CleverCache\ooccctrl.exe" [2009-12-09 2876744]
"iSaverCtrl"="c:\program files\iSaver\iSaverCtrl.exe" [2009-06-08 1160192]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-06-19 38840]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2010-06-19 640440]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2010-05-11 2528584]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"cFosSpeed"="c:\program files\Topos\cFosSpeed\cFosSpeed.exe" [2009-10-30 977624]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-08-13 2065760]
"TaskTray"="c:\program files\Driver-Soft\DriverGenius\TaskTray.exe" [2010-07-15 284016]
"NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-02-22 1226024]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\users\Dirk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
SpeedFan.lnk - c:\program files\SpeedFan\speedfan.exe [2009-11-25 4009592]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ISDNWatch.lnk - c:\comcenter\IWatch.exe [2009-12-6 275760]
Kodak EasyShare Software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2010-1-27 323584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave2"=AvmSnd.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-27 136176]
R2 KMService;KMService;c:\windows\system32\srvany.exe [2003-04-18 8192]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-08-15 284016]
R3 AsrOcDrv;AsrOcDrv;c:\windows\system32\Drivers\AsrOcDrv.sys [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;d:\dragon age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 2010 CBE\Dfsdks.exe [2009-08-24 406016]
R3 GigasetGenericUSB;GigasetGenericUSB;c:\windows\system32\DRIVERS\GigasetGenericUSB.sys [2009-02-20 44032]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 NETPPPOI;PPP over ISDN;c:\windows\system32\DRIVERS\NETPPPOI.SYS [2007-10-15 334640]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-02-26 137344]
R3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-02-26 8320]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-02-21 1343400]
R4 sptd;sptd;c:\windows\system32\Drivers\sptd.sys [2009-12-06 691696]
S1 AvgLdx86;AVG Free SB AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-08-13 216400]
S1 AvgTdiX;AVG Free SB Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2010-08-13 243024]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 avg9wd;AVG Free SB WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-08-13 308136]
S2 AVMPORT;AVMPORT;c:\windows\System32\drivers\avmport.sys [2009-10-02 66472]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-02-18 462632]
S2 O&O CleverCache;O&O CleverCache;c:\program files\OO Software\CleverCache\ooccag.exe [2009-12-09 701768]
S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2010-05-11 1619272]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
S3 AVMCOWAN;AVMCOWAN;c:\windows\system32\DRIVERS\AVMCOWAN.sys [2007-08-15 64512]
S3 fxusbase;Eumex 400;c:\windows\system32\DRIVERS\fxusbase.sys [2007-08-15 567936]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [2009-03-03 710144]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-06-23 275048]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile        REG_MULTI_SZ          wcescomm rapimgr
LocalServiceRestricted        REG_MULTI_SZ          WcesComm RapiMgr
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-11-20 13:28        451872        ----a-w-        c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners

2010-06-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb0c24723cb029.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-27 19:42]

2010-08-05 c:\windows\Tasks\SidebarExecute.job
- c:\program files\Windows Sidebar\sidebar.exe [2009-07-13 01:14]

2010-07-24 c:\windows\Tasks\{234E3102-E7D6-42B3-8B64-8E575FA9FCC6}.job
- c:\program files\Skype\Phone\Skype.exe [2010-05-13 15:57]

2010-08-14 c:\windows\Tasks\{975A21F9-1931-4360-994C-B08FEE630381}.job
- c:\program files\Skype\Phone\Skype.exe [2010-05-13 15:57]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {0DEEBD5F-433C-4048-85DA-07197A7A0F50} = 0.0.0.0,192.168.0.2
TCP: {2AFB036A-7D54-4FF0-A073-09122504F42A} = 192.168.121.252,192.168.121.253
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
DPF: CabBuilder - hxxp://kiw.imgag.com/imgag/kiw/toolbar/download/InstallerControl.cab
FF - ProfilePath - c:\users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\tlduxcgd.default\
FF - prefs.js: browser.search.selectedEngine - foxsearch
FF - prefs.js: keyword.URL - hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: c:\program files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll
FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmieze.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnul32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nppdf32.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: c:\program files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: c:\users\Dirk\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\Dirk\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll
FF - plugin: c:\users\Dirk\AppData\Roaming\Mozilla\Firefox\Profiles\tlduxcgd.default\extensions\maps@ovi.com\plugins\npNMapNPR.dll

---- FIREFOX Richtlinien ----
FF - user.js: browser.search.selectedEngine - foxsearch
FF - user.js: browser.search.order.1 - foxsearch
FF - user.js: browser.search.defaultenginename - foxsearch
FF - user.js: keyword.URL - hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - user.js: privacy.item.cookies - false
FF - user.js: privacy.sanitize.promptOnSanitize - false
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OOCC06.00.00.01WSSV"="CDC868B75EF86CC4EE3924CF64845DEFC249A8A99C1EFE08A82775190FABB7115EC751734EB80C8F2FAA672C2289E2AA90B93685F6401E67F1B2574DA50C86686FA089AC84EC014BCF6591855286198ACA56ED60628358F72A66556FA6856DBC35DF0917042AAA786EAF710F731AC5E01DBD12117BB0F57B2BDAC8186EAA5C6154B75FAB8469BB9B9D736AC3BDC5FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452A6171C11EC38DE3DC038D530D6EB345216B401CF9591C1D155B5095568961BCFE8440A995FAD1F4214CAC0714587F8DE0731033D57CE01A99DAF3CF1A9811CC6653E3331D060785974823076E772897C165BE3D35E8AE23FBEF325B41AEED73D576CFAC0E50176BA5791FC40B401435B289F801B2ED4D5E4611D0EE09372B90FD1BC36E16EC221E853562A600F26ECC7F9EF2740E0827FCD87CD355A06E0617A3720B2D5CE9AB6CB51B3AF0FF19A017299BC1F1423AB3695842ACBADF252A421410DAC7EFB4328AE0F107AA9E6592DEF69FE210BB72B053700D97A8771A48B0BFCFB59E204B99C411E566AAE8FA0D4B721B25A3FF1222C17F589D7392AF852A0CAEBDEAD0442EB1665F552C29FF28F27CA576A6CBC749E78B4EB74B95BB4EAB15F5DD82EB0E0A4A51EDF7BAD609AA6FD4570697394CA8584E1B2D0215981F7F0C457D4D6506107CA560BA05AAC9E18624485DC5A0B90BA4A751A64AF0ACA527356E1D6BDBE510AC5EEF2745B76D117D94CA1C34945F6CDBAB8DB18C665C30834450CD61F6A0357389D969761C0458AD23AD58E0EFBF0832A4EB8C9EAFB5F58919567BDDAD70B4BAB6D772446A3CF8C9D3CB422977D375153A8F6CB47EE58B74E22886CF01DC57709BB1D2605CC8D6B6E55D6D8FCAAC565520FDEE4A8752B4E10950A360BE6D0A1A2BA111CBD7A5E2A5C5C56FD75785D9CA91EBB4E0258997AE1F1885F71F30E43A8EE63FB3683E37F65FA5453DEF0020D3EC5DF36E978284B328B27A51617A38AB532A62DD2CD86D4E932740EBA30FA7C5A491FBE1845A005D28B0BB78937FBD94333708AA2D6EF4AAC52DD572BE755662940D1FD6CC610A17B6D5CB6045044C33173DAE553AE903058033C4B7C5E607B3E9755FDE695C64CC403CABB5EF16F1443498702BAF91C10F7BEBEFA1AEBB19E8E8D0ABCAF625BE62E7107511A3FB3C7205C95174EEF87A1FB561AEC947E9FE672B6D42C8F6D25049AB14776D8EE8B9053ADAE52ACDE0F5539E985192196C72129FA9DB1738EC2EDCF8F449D614CB3D2CC8C7B5214A4B24CE7713C6D19490ACBD2955129EE2F9420F62CBCAD1F3730AA5F1F2BABE8B6355D24B7FDC978C00A1A7497E0DE374DC04CA0FBF002A022C5E242607066339C9C94EFDB8E"
"OOCC7.00.00.01PROSTATION"="DFEA51D306DB7EBDA20580E625576D06C27565F77AEE5EA17562D633E8BF2119B034AA60D07D175027AFFC78D52B0C04D6CC16052C9B18929DED555C7F56199FE7DBAF9EE136B7F86A9C411154677ED8690A663BD0AA826D18CDEDE2F2F49639001958CAA9D212BDFCB6A4C9F7A02979C4712EAFC815D23287BBFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808FEBC9E127BECC74CA6171C11EC38DE3DA9C6AECB7A5D1407FA29A56D215C8DDECE57DF9BF8398DA5650EA509FE1D648375E75F53D6239B3A1EDAB1F0692CC011C39F523AC7A9FEFEFCDDE642A9BBCCB215BDF97FE617A36195AEFEC01C4C4A62E997607C454AB0A489C0A4E37C41586EB62322CBBCC9D36BD1743FE837E74C0F330CC4D23E539BC71BA0C3E1B7917A78ADBF04D3A4EABACF87AC08473A1C0DE4D57E1F81036D602A88980C079C86CB2A116D2F07759E071D2C91D192AA7C75C548A2F0A1ECB942236C7C27F0F26A8870BB3A19A705008FF47F8DFACF110D94A8CA62A19F514BA69EA5D12691047D0FC9CC6A19CCAE1B4B0CFE41445C79C89C97DCD779BC91A71A1C55CFFB2E20F4E3CCA772EC5F53EF59AC6F7E53E7759C61AFC255A80E8BCAC9ADE166FEE11877309F747D34A1D67579B1DACD317698EC5FA487DD407C29A38AFB75B6EB9844223E009CEA73239F930F8F0AEB4D5F7C8D323CF7AB3844D016D1417E15E115FE83FEBD50CC13CB1A2726C89046F54DBC491DD024AA6AF471F73B4DAD0CE36D2621853D83E85E56350269773F0162417BDE0550627A94F47D140583FA58D90A1D728A756BB98752E567AAC9B1F3AC0FDC7FF53ECA715AFCE72B13D920EC8E2BC9E3E974836F22A123935E0141AACF5E88D09B2FBB9640992D6DEA5E9A6DB1DF1854A2DA8B6B28FAE7309D710F63AF2A2BECC84ED4A6B22BC985B82D2DB5568FF519D85B87C4F2E93460A5847F159044F76372D97C93FE67400B4A7BDDD0F4F355F955BD3DC444CC0C3856B73BE21C4E2035B324DB00D7D5938F9390F60268992D3183E039EB41D6F7C0361D2DABDD41DE58CA135FC4D2D3D0942B46073E6F647872F2B2C96A728D81F76C58867D4A686F371821B7EE6B9204914C0EDE2EAD08B6DDD7388129C2CCB94EC6A4BA9CB5E392AEA3DC5C3F0095BEF1D46994312C8FE88E8B8A37C084C2B3A8374D8200D8260E91156883A9D2389694C8EF05D75358178E075508006973085FCFB4D9D25179A9A6BAF92DD70A24254BCDCDCAE67514CADD6BD8D1EA0DB4D1C0CCD080F421F73227075C9825AF5C895F30C14B59C44893727E68B736E830300E08A97A7AAD11F7C011ECCA22B3B4E38ADD1FA95C57CF84B225EEA14EDF67C77A055C902A3F09CF96901E0E93E656597B6ACCD2502B57B27A"
"OODEFRAG12.00.00.01PROFESSIONAL"="8E53E8C0E9ACEC859E1F90B0C2106588562448CF454E89E0CF9CC8B9C12BFDD71B3486B38CAB2FAA6F6C7FAC18C4510EAF90EA3B6810333BC336AFBA471BDD0F38CF2AEC58BE81B734504A34718BBC743D5CF55645C3A662CE0F46D8E6E6B15BBAC88C600E48DDE7DF16AEAB38BFB6372E1DCA9997DCA4B27C26B43D46BA101BAA27FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808BA7FD869164D67949DB7CE019D40AA5C9DB7CE019D40AA5C5236C8B71EAF559B8E612F4F78AA6EB6753BC337ABD709931589F669D0410E723E14B348E60E115DFC449B6070297AB5E04812C9E8E9775A1647180D7F5143574EAAFB232DDEB4AAF67453FA10682B1544A5C7181F8E3AFB09B134B8AA34B6E05D0B92952B15055A9BB333A5635D3F3323E5CF02CF5C2D80754DE345E7C0035C9AC75B0F2DE977A5DF440E0B0EC1AE52D71E0909132EE251BA9DB2ADE313F58009F9312694D8BAA80AEFA7F644119E198DE7C5D51423A1BF0930A012608913E37FBCDF9257A2AAE6B6833D5C538EED91C5E2CE31921BE0FD6892A036B1471005272FA832FCCB5DC356D07BD2173EAB2AD5AE5D8C603E502330561C83BDB3D7C28175C084A51B1909AB2A8311036A9C36E5F0A0F8E676CFAB1093EF8303F80862DEB65130801ED9E3CDE96CF79D9D3AEA72D33D2D9F7076F609E4E8681108750AE69F76FCD2A3CFE72BEC410780AB30624C06C8859A9E8CC771684E040B132449145EC258F6415D870112FCE55AA85F1D1A374E007B388FC5724157502C90D00FB6A73AD2D9CD9A9EE3BE14DD6CED5C7B521ECC3FF7B732FB89152EE7BD3CE8306FB2D521FB6653683C5CECDB8D986FC441F4380BDD59585A098FF48AA1950E65373B829C746B860844D7DEF3290A94A38A77F6CD0A219C34965E3F1DCBDF9749D50222426A7FE7810E20BA5A3CE5FD25A06AE416F0544D402CB515A5C421905D6D4988321C8C5FBFFAABC069D9188E3DCC90CE1799FC6A1C184BF1D129263786EED80132D93D878F4471A89F27CB5FC1AC347A291F6A2A44F9D94671277CFD0D21FCC4AB0B02B0A1F56F1B9D60723DECB0A39D44B1AD751EC92075F805788A9C200588A92790DD0CEEA5362AD141A75D1D31630A931C6B6F51DFD8FD1AB1B8C6D8C3EFDD3D5F4748E21A0C2F5E3255958AB06A3B1C52DBE52C613B3ED38117FD0E92139EECAA5833D9D2233BFB012CFA677DC5BFB7ABCC0ECE6DDD98B107669C584C8063EA73B00F315E75FDB6AFCA5972737DA364CC78DD7D54F292C7A89FDD225039C882FD230095CD704F2A03805E41768A14B6994BABD1E824523E09EA63A802B0908F5137910DB3F6290B05D19C3CE9DEE3D3BE67323A008D25D19729B07FC9519F05BAA82E6F2B5E281E82"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0016\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0017\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'Explorer.exe'(4532)
c:\windows\system32\AvmSnd.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ger.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\DigitalPersona\Bin\DpHostW.exe
c:\windows\system32\conhost.exe
c:\program files\Topos\cFosSpeed\spd.exe
c:\program files\Common Files\AVM\de_serv.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\System32\tcpsvcs.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\AVG\AVG9\avgtray.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Windows Live\Contacts\wlcomm.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\WerFault.exe
c:\programdata\Skype\Plugins\Plugins\E12C95FCBD1240FEAE314D89676CA6F8\LieDetector.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2010-08-25  11:32:15 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2010-08-25 09:32
ComboFix2.txt  2010-08-24 19:51

Vor Suchlauf: 7.407.616.000 Bytes frei
Nach Suchlauf: 7.229.644.800 Bytes frei

- - End Of File - - F5759F17D3463960DFC03362090062F8

markusg 25.08.2010 10:42
öffne p: rechtsklick auf qoobox und zu qoobox.rar oder zip hinzufügen, das archiv geht an uns :-)
http://www.trojaner-board.de/54791-a...ner-board.html
wenn das erledigt ist gehts weiter:
download:
RootRepeal
trenne dann die internetverbindung, schalte aktieve programme aus.
http://ad13.geekstogo.com/RootRepeal_beta.exe
doppelklicke das programm
klicke auf report und scan,hake an:
Drivers
Files
Processes
SSDT
Stealth Objects
Hidden Services
Shadow SSDT
klicke ok
nun wirst du gefragt welches laufwerk, klicke c: klicke ok.
wenn fertig, wähle safe report
speichere das log als RootRepeal.txt auf dem desktop
poste den inhalt.

funmaster78 25.08.2010 10:48
qoobox??? was meinst du damit???

EDIT: Gefunden. Ist aber auf C:

markusg 25.08.2010 11:21
sorry den link vergessen
http://ad13.geekstogo.com/RootRepeal_beta.exe

funmaster78 26.08.2010 00:21
Bei Rootrepeal bekomme ich einen Crash Report. Ich habs viermal versucht

Code:
ROOTREPEAL CRASH REPORT
-------------------------
Windows Version: Windows 7 SP0
Exception Code: 0xc0000005
Exception Address: 0x009cc06a
Attempt to read from address: 0x0000000c
Code:
ROOTREPEAL CRASH REPORT
-------------------------
Windows Version: Windows 7 SP0
Exception Code: 0xc0000005
Exception Address: 0x00f67e70
Attempt to read from address: 0x00000000
Code:
ROOTREPEAL CRASH REPORT
-------------------------
Windows Version: Windows 7 SP0
Exception Code: 0xc0000005
Exception Address: 0x00287e70
Attempt to read from address: 0x00000000
Code:
ROOTREPEAL CRASH REPORT
-------------------------
Windows Version: Windows 7 SP0
Exception Code: 0xc0000005
Exception Address: 0x01340c1a
Attempt to write to address: 0x000096f8
Ich muss dann die Checkbox mit OK bestätigen und das Proggi schließt

markusg 26.08.2010 08:52
was ist wenn du das programm mit rechtsklick und als admin ausführen, ausführst?
hast du alle laufenden programme ausgeschalten?

funmaster78 26.08.2010 08:56
Wenn ich als Admin ausführe ist das gleiche.
Was heißt alle laufenden Programme? Soweit ich konnte.
AVG, cfos, Office Uploadtool kann ich aus der Taskleiste heraus und aus dem Programm heraus nicht beenden

EDIT: Habe über den Taskmanager noch den Rest beendet (außer AVG, der aktiviert sich von alleine neu) und versuche es nochmal

markusg 26.08.2010 09:07
ok hattest du eig über das neu aufsetzen nachgedacht? die frage hatten wir ja irgendwie nicht geklärt. es wäre im prinzip das sicherste da du geld transfairs mit dem computer machst. würd dir dann sagn wie du ihn dann absicherst.

funmaster78 26.08.2010 09:20
okay. dann muss ich wohl in den sauren apfel beissen und über 200 gb Programme neu einspielen. Wird wohl ein paar Tage dauern.

Aber du kannst mir ja schon mal erklären, wie das dann absichere.

markusg 26.08.2010 09:32
klar.
also erst windows instalieren, dann alle windows updates drauf, dann avg oder ein antivirus deiner wahl.
1. solltest du nur noch als eingeschrenkter nutzer arbeiten , das admin konto ist nur für instalationen gedacht.
klicke start, tippe unter suchen (ausführen) systemsteuerung. wähle dort Benutzerkonten hinzufügen/entfernen.
wähle "neues konto erstellen"
Wähle standard benutzer.

die konten sollten mit einem passwort geschützt werden.
dazu auf konto endern klicken und passwörter vergeben.

die uac sollte auf maximum stehen.
klicke auf start, ausführen (suchen) tippe
uac
enter
nachfrage bestätigen, regler auf höchste stufe.
so ist es schwiriger heimlich etwas auf dem pc zu instalieren.
Die folgenden konfigurationen als admin ausführen:
2. dep aktivieren:
dep für alle prozesse:
Datenausführungsverhinderung (DEP)
• "Datenausführungsverhinderung für alle Programme und Dienste mit Ausnahme der ausgewählten einschalten:".
wenn es zu problemen kommen sollte, kann man die betroffenen prozesse aus der Überwachung entfernen.

3. sehop aktivieren:
SEHOP aktivieren:
Aktivieren von SEHOP (Structured Exception Handling Overwrite Protection) in Windows-Betriebssystemen
klicke auf "Feature automatisch aktivieren"
und folge den anweisungen

4. als browser den firefox nutzen:
Webbrowser Firefox | Schneller, sicherer & anpassbar | Mozilla Europe
5. als adon noscript, es werden dadurch alle scripts (java) zb blockiert, du kannst diese dann frei geben, in dem du auf der seite, die freigegeben werden
soll, nen rechtsklick machst, noscript wählst, und temporär alle berectigungen aufheben wählst, somit werden sie für den besuch aufgehoben, oder alle beschrenkungen
aufheben, somit wird die seite freigegeben. das kann man natürlich wieder rückgängig machen.
http://filepony.de/download-noscript//
6.

adblock+ um werbung zu blockieren:
http://filepony.de/download-adblock_firefox//
hier gibt es noch filterlisten:
Adblock Plus: Bekannte Filterlisten für Adblock Plus
hier würde ich 2 oder 3 deutsche filter auswählen.

unter sonstiges die malware blocklist.
7.
um das surfen sicherer zu machen, würde ich sandboxie empfehlen.
Download:
Sandboxie Download
anleitung:
drop.io
(als pdf)
wenn du mit dem programm gut auskommst, ist ne lizenz zu empfehlen.
1. es gibt dann noch ein paar mehr funktionen.
2. kommt nach nem monat die anzeige, dass das programm freeware ist, die verschwindet erst nach ner zeit, find ich n bissel nerfig.
3. ist die lizenz lebenslang gültig, kostenpunkt rund 25 €, und du kannst sie auf allen pcs in deinem haushalt einsetzen.
ab sofort also nur noch in der sanbox surfen bitte.
8. autorun für usb deaktivieren:
über diesen weg werden sehr häufig schaddateien verbreitet, schalte die funktion also ab.
Tipparchiv - Autorun/Autoplay gezielt für Laufwerkstypen oder -buchstaben abschalten - WinTotal.de
9. um deine software aktuell zu halten, instaliere secunia.
http://www.trojaner-board.de/83959-s...ector-psi.html
und file hippo update checker:
FileHippo.com Update Checker - FileHippo.com
10.
regelmäßige Backups des systems sind sehr wichtig, du weist nie, ob deine festplatte mal kaputt geht.
Acronis True Image 2011 - Festplatten-Backup-Software, Datei-Backup und Disk Imaging, Wiederherstellung von Anwendungseinstellungen, Backup von Musik, Videos, Fotos und Outlook-Mails
außerdem kannst du, bei neuerlichem malware befall das system zurücksetzen.
Das Backup sollte möglichst auf eine externe festplatte etc emacht werden, nicht auf die selbe, wo sich die zu sichernden daten befinden.
Von sehr wichtigen Daten könnte man noch eine zusätzliche Sicherung auf dvds/cds erstellen, dazu könnte man auch wiederbeschreibbare verwenden (rws) falls die sammlung mal erneuert werden soll.
11. passwörter alle endern.
so ab jetzt nur noch im standard nutzerkonto arbeiten und dort nur noch in der sandbox surfen.
klicke dazu auf "sandboxed web browser".

p.s
ps, wenn du nach dem neu aufsetzen immer schön backups erstellst kann dir nichts mehr passieren, dann ists nicht mehr nötig 200 gb programme zu instaliren, dann kannst du schön bequem zurücksetzen in 10 minuten.

funmaster78 26.08.2010 09:37
Alles klar.

Ich danke Dir erstmal recht herzlich und falls ich noch Fragen habe, wende ich mich nochmal an dich.


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:44 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131