Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   autorun- funktion/ selbstgebastelte viren (https://www.trojaner-board.de/97319-autorun-funktion-selbstgebastelte-viren.html)

babrina 10.04.2011 20:13

autorun- funktion/ selbstgebastelte viren
 
hallo, wie findet man denn selbstgebastelte viren? immer, wenn ich meinen stick starte, wird eine autorun- funktion blockiert. das war früher nicht so. ich vermute einen selbstgebastelten virus, da ich über normale virenscanner nichts gefunden habe. vielen dank im voraus! gruß, babrina

anbei mein logfile:

OTL logfile created on: 19.11.2010 21:13:15 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\babsi01\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138,95 Gb Total Space | 75,34 Gb Free Space | 54,22% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 3,75 Gb Free Space | 37,48% Space Free | Partition Type: NTFS

Computer Name: BABSI01-PC | User Name: babsi01 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010.11.19 20:46:51 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\babsi01\Downloads\OTL.exe
PRC - [2010.09.21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 14:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010.08.26 01:31:58 | 000,030,192 | ---- | M] (Google) -- C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2010.07.28 08:07:16 | 002,404,488 | ---- | M] (mobile concepts GmbH) -- C:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe
PRC - [2010.07.27 10:13:40 | 000,025,984 | ---- | M] (Uniblue Systems Limited) -- C:\Programme\Uniblue\RegistryBooster\rbmonitor.exe
PRC - [2010.04.10 07:45:46 | 000,979,344 | ---- | M] (The Eraser Project) -- C:\Programme\Eraser\Eraser.exe
PRC - [2010.04.05 13:50:00 | 000,494,920 | R--- | M] (WinZip Computing, S.L.) -- C:\Programme\WinZip\WZQKPICK.EXE
PRC - [2010.03.09 03:28:26 | 011,989,960 | ---- | M] (Adobe Systems, Inc.) -- C:\Programme\Adobe\Adobe Bridge CS5\Bridge.exe
PRC - [2010.03.01 23:28:12 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010.03.01 23:28:11 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010.02.06 23:43:42 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Java\jre6\bin\javaw.exe
PRC - [2010.01.26 10:22:42 | 002,740,224 | ---- | M] () -- C:\Windows\System32\PrivacyProvider.exe
PRC - [2010.01.08 00:36:58 | 000,974,848 | ---- | M] (Spigot, Inc.) -- C:\Programme\pdfforge Toolbar\SearchSettings.exe
PRC - [2010.01.07 23:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) -- C:\Programme\Application Updater\ApplicationUpdater.exe
PRC - [2009.08.21 09:15:32 | 000,900,816 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psi.exe
PRC - [2009.08.19 09:32:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2009.08.19 09:32:20 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.20 07:36:58 | 000,210,216 | ---- | M] (Synaptics Incorporated) -- C:\Programme\Synaptics\SynTP\SynToshiba.exe
PRC - [2009.03.05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.05.28 17:47:16 | 000,578,264 | ---- | M] (Expert System S.p.A.) -- C:\Programme\Duden\Duden Korrektor\DKTray.exe
PRC - [2008.05.28 17:47:08 | 000,447,192 | ---- | M] (Expert System S.p.A.) -- C:\Programme\Duden\Duden Korrektor\DKCore.exe
PRC - [2008.02.22 16:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\QuickSet\quickset.exe
PRC - [2008.02.22 06:14:18 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2007.07.25 15:41:42 | 000,647,168 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007.07.25 15:22:44 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007.05.24 09:15:27 | 000,039,472 | ---- | M] (AOL, LLC.) -- C:\Programme\AOL 9.0 VRa\waol.exe
PRC - [2006.10.23 13:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Programme\Common Files\aol\acs\AOLacsd.exe
PRC - [2006.09.26 01:52:48 | 000,050,736 | ---- | M] (America Online, Inc.) -- C:\Programme\Common Files\aol\1236284668\ee\aolsoftware.exe
PRC - [2006.09.11 03:40:32 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Programme\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2005.03.17 16:39:52 | 000,057,393 | ---- | M] (ScanSoft, Inc.) -- C:\Programme\ScanSoft\PaperPort\pptd40nt.exe


========== Modules (SafeList) ==========

MOD - [2010.11.19 20:46:51 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\babsi01\Downloads\OTL.exe
MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Fighters\configservice.exe -- (PTK SharedAccess-FIGHTERS-297811811)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Fighters\ScannerService.exe -- (PTK Scanner-FIGHTERS-297811811)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Fighters\updateservice.exe -- (PTK Live Update-FIGHTERS-297811811)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Fighters\licenseservice.exe -- (PTK License-FIGHTERS-297811811)
SRV - [2010.11.13 09:59:28 | 003,019,352 | ---- | M] () [Auto | Running] -- c:\Programme\Common Files\Akamai\netsession_win_4176eef.dll -- (Akamai)
SRV - [2010.09.23 00:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010.09.22 16:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.08.26 01:31:58 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010.07.28 08:07:16 | 002,404,488 | ---- | M] (mobile concepts GmbH) [Auto | Running] -- C:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.01 23:28:11 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.26 10:22:42 | 002,740,224 | ---- | M] () [On_Demand | Running] -- C:\Windows\System32\PrivacyProvider.exe -- (PrivacyProvider)
SRV - [2010.01.07 23:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2009.09.25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.08.07 11:44:18 | 000,045,816 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.02.22 06:14:18 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.07.25 15:41:42 | 000,647,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2007.07.25 15:22:44 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2006.10.23 13:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV - [2010.10.28 17:59:38 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010.09.23 00:21:24 | 000,039,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2010.06.23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010.02.25 17:51:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2009.12.08 23:48:23 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.06.17 13:20:34 | 000,012,648 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.26 22:28:24 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009.04.11 05:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.03.20 07:37:42 | 000,208,688 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.11.18 10:01:46 | 000,015,496 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\vffilter.sys -- (Vfscan)
DRV - [2008.10.09 15:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008.03.18 14:59:36 | 000,305,176 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2008.02.22 06:38:34 | 000,043,480 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2008.02.22 06:38:28 | 000,048,472 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2008.02.22 06:14:22 | 002,054,872 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.02.11 19:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008.01.21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 03:23:25 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (VST_DPV)
DRV - [2008.01.21 03:23:25 | 000,654,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (winachsf)
DRV - [2008.01.21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 03:23:25 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2008.01.21 03:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2008.01.21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007.09.26 08:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2006.11.29 23:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.09.03 00:53:54 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2006.09.03 00:53:38 | 000,053,248 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrSerIf.sys -- (BrSerIf)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://partnerpage.google.com/smallbiz.dell.com/de_de?hl=de&client=dell-row&channel=de-smb&ibd=5080925
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/home
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.4
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}:2.3.0.4
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p="
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.28 17:51:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.28 17:51:00 | 000,000,000 | ---D | M]

[2008.10.01 18:01:29 | 000,000,000 | ---D | M] -- C:\Users\babsi01\AppData\Roaming\mozilla\Extensions
[2010.11.19 16:10:51 | 000,000,000 | ---D | M] -- C:\Users\babsi01\AppData\Roaming\mozilla\Firefox\Profiles\i0lowoeb.default\extensions
[2010.09.18 23:24:42 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\babsi01\AppData\Roaming\mozilla\Firefox\Profiles\i0lowoeb.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}(20)
[2010.06.06 12:43:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\babsi01\AppData\Roaming\mozilla\Firefox\Profiles\i0lowoeb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.06 12:43:22 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\babsi01\AppData\Roaming\mozilla\Firefox\Profiles\i0lowoeb.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.11.01 22:28:49 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\babsi01\AppData\Roaming\mozilla\Firefox\Profiles\i0lowoeb.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.10.24 18:13:43 | 000,000,000 | ---D | M] (WOT) -- C:\Users\babsi01\AppData\Roaming\mozilla\Firefox\Profiles\i0lowoeb.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010.09.18 23:24:42 | 000,000,000 | ---D | M] (WOT) -- C:\Users\babsi01\AppData\Roaming\mozilla\Firefox\Profiles\i0lowoeb.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}(21)
[2009.09.23 01:21:30 | 000,000,000 | ---D | M] (WOT) -- C:\Users\babsi01\AppData\Roaming\mozilla\Firefox\Profiles\i0lowoeb.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}(82)
[2009.12.17 23:06:28 | 000,000,000 | ---D | M] (myBabylon English Toolbar) -- C:\Users\babsi01\AppData\Roaming\mozilla\Firefox\Profiles\i0lowoeb.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
[2009.09.11 23:46:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\babsi01\AppData\Roaming\mozilla\Firefox\Profiles\i0lowoeb.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.10.25 19:49:58 | 000,000,000 | ---D | M] -- C:\Users\babsi01\AppData\Roaming\mozilla\Firefox\Profiles\i0lowoeb.default\extensions\firebug@software.joehewitt.com
[2009.12.16 18:37:09 | 000,001,201 | ---- | M] () -- C:\Users\babsi01\AppData\Roaming\Mozilla\FireFox\Profiles\i0lowoeb.default\searchplugins\winamp-search.xml
[2010.07.01 03:11:25 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.01.28 22:22:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}
[2010.09.30 19:29:43 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.12.17 23:06:35 | 000,002,204 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\babylon.xml
[2010.09.30 19:29:43 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.30 19:29:43 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.30 19:29:43 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.30 19:29:43 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Eraser] C:\Programme\Eraser\Eraser.exe (The Eraser Project)
O4 - HKLM..\Run: [Everything] C:\Program Files\Everything\Everything.exe ()
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [HostManager] C:\Programme\Common Files\aol\1236284668\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [IndexSearch] C:\Programme\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [IPHider] C:\Programme\IP Hider\IP Hider.exe (AllAnonymity)
O4 - HKLM..\Run: [PaperPort PTD] C:\Programme\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [SearchSettings] C:\Programme\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeBridge] C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe (Adobe Systems, Inc.)
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\AOL 9.0 VRa\AOL.EXE (AOL, LLC.)
O4 - HKCU..\Run: [Duden Korrektor SysTray] C:\Programme\Duden\Duden Korrektor\DKTray.exe (Expert System S.p.A.)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\babsi01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O8 - Extra context menu item: &AOL Toolbar-Suche - c:\Programme\AOL\AOL Toolbar 4.0\resources\de-DE\local\search.html ()
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O9 - Extra Button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\PrivacyProvider.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\PrivacyProvider.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\PrivacyProvider.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\PrivacyProvider.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\PrivacyProvider.dll ()
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: secunia.com ([psi] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1DLL) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbddll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3dll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\adialhkdll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehkdll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{bb4bc654-ea05-11dd-8465-002170aaabe3}\Shell\AutoRun\command - "" = F:\Torpark.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.11.17 01:40:07 | 001,228,408 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\babsi01\WebPremium_CS5_LS4.exe
[2010.11.15 03:42:23 | 000,000,000 | ---D | C] -- C:\Users\babsi01\AppData\Roaming\scriptocean
[2010.11.15 03:42:18 | 000,000,000 | ---D | C] -- C:\Programme\Scriptocean
[2010.11.15 00:02:27 | 000,000,000 | ---D | C] -- C:\Users\babsi01\AppData\Roaming\kompozer.net
[2010.11.15 00:02:27 | 000,000,000 | ---D | C] -- C:\Users\babsi01\AppData\Local\kompozer.net
[2010.11.15 00:01:36 | 000,000,000 | ---D | C] -- C:\Programme\KompoZer
[2010.11.14 23:52:29 | 000,000,000 | ---D | C] -- C:\Programme\Paint.NET
[2010.11.14 23:50:57 | 000,000,000 | ---D | C] -- C:\Users\babsi01\AppData\Local\Paint.NET
[2010.11.14 23:22:38 | 000,000,000 | ---D | C] -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\SUB8-Dateien
[2010.11.14 23:17:48 | 000,000,000 | ---D | C] -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\SUB7-Dateien
[2010.11.14 23:06:53 | 000,000,000 | ---D | C] -- C:\Users\babsi01\AppData\Roaming\Dropbox
[2010.11.14 16:11:42 | 000,000,000 | ---D | C] -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\Adobe Scripts
[2010.11.14 16:10:12 | 000,000,000 | ---D | C] -- C:\Users\babsi01\My Documents
[2010.11.14 16:04:01 | 000,000,000 | ---D | C] -- C:\Users\babsi01\AppData\Local\Aptana Studio 2.0
[2010.11.05 23:31:56 | 000,000,000 | -H-D | C] -- C:\ProgramData\{1CAD5672-4524-4B57-9E7F-6A36F9CA770A}
[2010.11.05 23:31:41 | 000,000,000 | -H-D | C] -- C:\ProgramData\{9B7A2D35-FBC5-45CA-96D7-5BD50D7075A4}
[2010.11.05 23:31:41 | 000,000,000 | ---D | C] -- C:\Programme\WEB.DE
[2010.11.05 23:31:33 | 000,000,000 | ---D | C] -- C:\ProgramData\IEConfiguration1und1
[2010.11.05 23:31:20 | 000,000,000 | ---D | C] -- C:\Users\babsi01\AppData\Local\PackageAware
[2010.11.02 21:28:47 | 000,000,000 | ---D | C] -- C:\Programme\XeroBank
[2010.11.02 18:10:16 | 000,000,000 | ---D | C] -- C:\Users\babsi01\AppData\Roaming\Windows Live Writer
[2010.11.02 18:10:16 | 000,000,000 | ---D | C] -- C:\Users\babsi01\AppData\Local\Windows Live Writer
[2010.11.01 12:54:16 | 000,000,000 | ---D | C] -- C:\Users\babsi01\AppData\Roaming\EurekaLog
[2010.11.01 12:09:28 | 000,025,216 | ---- | C] (The OpenVPN Project) -- C:\Windows\System32\drivers\tap0901.sys
[2010.11.01 12:09:25 | 000,000,000 | ---D | C] -- C:\Programme\S.A.D
[2010.11.01 03:10:50 | 000,000,000 | ---D | C] -- C:\Users\babsi01\AppData\Local\Microsoft_Corporation
[2010.11.01 02:54:46 | 000,000,000 | ---D | C] -- C:\Windows\de
[2010.11.01 02:52:05 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft SQL Server Compact Edition
[2010.11.01 02:50:33 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010.11.01 02:50:08 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live
[2010.11.01 02:49:40 | 000,000,000 | ---D | C] -- C:\Programme\Bing Bar Installer
[2010.11.01 02:47:54 | 000,000,000 | ---D | C] -- C:\Users\babsi01\AppData\Local\Windows Live
[2010.11.01 02:47:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2010.11.01 01:52:42 | 000,000,000 | ---D | C] -- C:\Programme\IP Hider
[2010.10.28 19:05:06 | 000,000,000 | ---D | C] -- C:\Users\babsi01\AppData\Roaming\TrueCrypt
[2010.10.28 17:59:38 | 000,231,248 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\System32\drivers\truecrypt.sys
[2010.10.28 17:59:11 | 000,000,000 | ---D | C] -- C:\Programme\TrueCrypt
[2010.10.24 18:37:33 | 000,000,000 | ---D | C] -- C:\Users\babsi01\Desktop\javascript
[2010.10.24 18:34:11 | 000,000,000 | ---D | C] -- C:\Users\babsi01\Desktop\JavaScript Guide
[2010.10.24 18:29:21 | 000,000,000 | ---D | C] -- C:\Users\babsi01\javascptmanual
[2010.10.24 18:24:40 | 000,000,000 | ---D | C] -- C:\unzipper
[2010.10.24 18:21:41 | 000,000,000 | ---D | C] -- C:\Programme\WinAce
[1 C:\Users\babsi01\*.tmp files -> C:\Users\babsi01\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.11.19 21:12:30 | 000,001,952 | ---- | M] () -- C:\Windows\System32\PrivacyProvider.ini
[2010.11.19 21:12:30 | 000,000,016 | ---- | M] () -- C:\Windows\System32\PCProxyOff.ini
[2010.11.19 21:12:05 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2010.11.19 21:12:04 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.11.19 21:04:26 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.11.19 21:04:26 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.11.19 21:04:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.11.19 21:03:14 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2010.11.19 20:26:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.11.19 08:52:28 | 000,001,356 | ---- | M] () -- C:\Users\babsi01\AppData\Local\d3d9caps.dat
[2010.11.18 22:28:34 | 000,022,950 | ---- | M] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\das schweigen ( in ) der luft.odt
[2010.11.17 01:39:09 | 000,351,816 | ---- | M] () -- C:\Users\babsi01\Adobe_Creative_Suite_5_Web_Premium-AkamaiDLM.exe
[2010.11.17 01:29:34 | 003,099,848 | ---- | M] () -- C:\Users\babsi01\TeamViewer_Setup.exe
[2010.11.17 01:22:47 | 003,099,848 | ---- | M] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\TeamViewer_Setup.exe
[2010.11.17 01:18:31 | 000,351,816 | ---- | M] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\Adobe_Dreamweaver_CS5-AkamaiDLM.exe
[2010.11.16 20:45:24 | 000,022,864 | ---- | M] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\das schweigen in der luft.odt
[2010.11.15 23:28:45 | 000,000,474 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.11.15 03:42:58 | 000,004,607 | ---- | M] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\newproject.fns
[2010.11.15 03:42:19 | 000,001,068 | ---- | M] () -- C:\Users\babsi01\Desktop\Flash News Scroller Wizard.lnk
[2010.11.15 00:01:48 | 000,000,754 | ---- | M] () -- C:\Users\Public\Desktop\KompoZer.lnk
[2010.11.14 23:54:04 | 000,000,992 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2010.11.14 23:22:38 | 000,061,033 | ---- | M] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\SUB8.htm
[2010.11.14 23:17:48 | 000,061,045 | ---- | M] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\SUB7.htm
[2010.11.14 22:56:01 | 000,006,403 | ---- | M] () -- C:\Users\babsi01\Desktop\sub3.html
[2010.11.14 22:54:28 | 000,006,403 | ---- | M] () -- C:\Users\babsi01\Desktop\sub2.html
[2010.11.14 22:54:26 | 000,006,403 | ---- | M] () -- C:\Users\babsi01\Desktop\sub.html
[2010.11.14 16:23:05 | 000,000,250 | ---- | M] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\Untitled HTML 2.html
[2010.11.14 16:23:04 | 000,000,250 | ---- | M] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\Untitled HTML 1.html
[2010.11.14 16:04:59 | 000,000,948 | ---- | M] () -- C:\Users\babsi01\Desktop\Aptana Studio 2.0.lnk
[2010.11.14 15:17:34 | 000,018,076 | ---- | M] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\tel.- nr. aktuell.rtf
[2010.11.12 08:58:01 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.11.12 08:58:01 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.11.12 08:58:01 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.11.12 08:58:01 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.11.11 01:33:04 | 000,010,822 | ---- | M] () -- C:\Users\babsi01\Desktop\img-0010.jpg
[2010.11.11 01:33:03 | 000,027,675 | ---- | M] () -- C:\Users\babsi01\.recently-used.xbel
[2010.11.11 01:30:34 | 000,009,863 | ---- | M] () -- C:\Users\babsi01\Desktop\img-008.jpg
[2010.11.11 01:26:50 | 000,050,665 | ---- | M] () -- C:\Users\babsi01\Desktop\img0031.png
[2010.11.11 01:25:58 | 000,042,447 | ---- | M] () -- C:\Users\babsi01\Desktop\img0030.png
[2010.11.11 01:20:48 | 000,048,809 | ---- | M] () -- C:\Users\babsi01\Desktop\img0024.png
[2010.11.11 01:19:16 | 000,132,183 | ---- | M] () -- C:\Users\babsi01\Desktop\img0023.png
[2010.11.11 01:17:46 | 000,051,353 | ---- | M] () -- C:\Users\babsi01\Desktop\img0022.png
[2010.11.11 01:13:04 | 000,030,496 | ---- | M] () -- C:\Users\babsi01\Desktop\img0019.png
[2010.11.11 01:12:32 | 000,047,606 | ---- | M] () -- C:\Users\babsi01\Desktop\img0018.png
[2010.11.11 01:11:18 | 000,038,320 | ---- | M] () -- C:\Users\babsi01\Desktop\img0016.png
[2010.11.11 01:10:10 | 000,049,284 | ---- | M] () -- C:\Users\babsi01\Desktop\img0014.png
[2010.11.11 01:05:04 | 000,009,750 | ---- | M] () -- C:\Users\babsi01\Desktop\img004.jpg
[2010.11.10 20:32:35 | 000,000,176 | ---- | M] () -- C:\WirelessDiagLog.csv
[2010.11.09 22:25:08 | 000,056,877 | ---- | M] () -- C:\Users\babsi01\Desktop\sub1.html
[2010.11.09 20:21:21 | 000,040,765 | ---- | M] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\bild1.odt
[2010.11.09 17:31:48 | 000,002,474 | ---- | M] () -- C:\Users\babsi01\Desktop\javaticker2.html
[2010.11.09 17:23:40 | 000,000,837 | ---- | M] () -- C:\Users\babsi01\Desktop\javaticker.htm
[2010.11.07 15:27:08 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010.11.04 01:06:34 | 000,080,103 | ---- | M] () -- C:\Users\babsi01\Desktop\BWB_November_2010.pdf
[2010.11.02 18:50:01 | 000,009,216 | ---- | M] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\rechnungen-vorlagen.doc
[2010.11.02 11:53:31 | 000,080,103 | ---- | M] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\BWB_November_2010.pdf
[2010.11.02 01:42:06 | 000,549,387 | ---- | M] () -- C:\Users\babsi01OTL logfile created on: 19.11.2010 21:13:15 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\babsi01\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 42,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 69,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138,95 Gb Total Space | 75,34 Gb Free Space | 54,22% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 3,75 Gb Free Space | 37,48% Space Free | Partition Type: NTFS

Computer Name: BABSI01-PC | User Name: babsi01 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010.11.19 20:46:51 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\babsi01\Downloads\OTL.exe
PRC - [2010.09.21 14:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 14:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010.08.26 01:31:58 | 000,030,192 | ---- | M] (Google) -- C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe
PRC - [2010.07.28 08:07:16 | 002,404,488 | ---- | M] (mobile concepts GmbH) -- C:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe
PRC - [2010.07.27 10:13:40 | 000,025,984 | ---- | M] (Uniblue Systems Limited) -- C:\Programme\Uniblue\RegistryBooster\rbmonitor.exe
PRC - [2010.04.10 07:45:46 | 000,979,344 | ---- | M] (The Eraser Project) -- C:\Programme\Eraser\Eraser.exe
PRC - [2010.04.05 13:50:00 | 000,494,920 | R--- | M] (WinZip Computing, S.L.) -- C:\Programme\WinZip\WZQKPICK.EXE
PRC - [2010.03.09 03:28:26 | 011,989,960 | ---- | M] (Adobe Systems, Inc.) -- C:\Programme\Adobe\Adobe Bridge CS5\Bridge.exe
PRC - [2010.03.01 23:28:12 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010.03.01 23:28:11 | 001,029,456 | ---- | M] (Lavasoft) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2010.02.06 23:43:42 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Java\jre6\bin\javaw.exe
PRC - [2010.01.26 10:22:42 | 002,740,224 | ---- | M] () -- C:\Windows\System32\PrivacyProvider.exe
PRC - [2010.01.08 00:36:58 | 000,974,848 | ---- | M] (Spigot, Inc.) -- C:\Programme\pdfforge Toolbar\SearchSettings.exe
PRC - [2010.01.07 23:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) -- C:\Programme\Application Updater\ApplicationUpdater.exe
PRC - [2009.08.21 09:15:32 | 000,900,816 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psi.exe
PRC - [2009.08.19 09:32:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2009.08.19 09:32:20 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.20 07:36:58 | 000,210,216 | ---- | M] (Synaptics Incorporated) -- C:\Programme\Synaptics\SynTP\SynToshiba.exe
PRC - [2009.03.05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.03.02 13:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008.05.28 17:47:16 | 000,578,264 | ---- | M] (Expert System S.p.A.) -- C:\Programme\Duden\Duden Korrektor\DKTray.exe
PRC - [2008.05.28 17:47:08 | 000,447,192 | ---- | M] (Expert System S.p.A.) -- C:\Programme\Duden\Duden Korrektor\DKCore.exe
PRC - [2008.02.22 16:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\QuickSet\quickset.exe
PRC - [2008.02.22 06:14:18 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2007.07.25 15:41:42 | 000,647,168 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe
PRC - [2007.07.25 15:22:44 | 000,327,680 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
PRC - [2007.05.24 09:15:27 | 000,039,472 | ---- | M] (AOL, LLC.) -- C:\Programme\AOL 9.0 VRa\waol.exe
PRC - [2006.10.23 13:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Programme\Common Files\aol\acs\AOLacsd.exe
PRC - [2006.09.26 01:52:48 | 000,050,736 | ---- | M] (America Online, Inc.) -- C:\Programme\Common Files\aol\1236284668\ee\aolsoftware.exe
PRC - [2006.09.11 03:40:32 | 000,218,032 | ---- | M] (Macrovision Corporation) -- C:\Programme\Common Files\InstallShield\UpdateService\ISUSPM.exe
PRC - [2005.03.17 16:39:52 | 000,057,393 | ---- | M] (ScanSoft, Inc.) -- C:\Programme\ScanSoft\PaperPort\pptd40nt.exe


========== Modules (SafeList) ==========

MOD - [2010.11.19 20:46:51 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\babsi01\Downloads\OTL.exe
MOD - [2010.08.31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Fighters\configservice.exe -- (PTK SharedAccess-FIGHTERS-297811811)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Fighters\ScannerService.exe -- (PTK Scanner-FIGHTERS-297811811)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Fighters\updateservice.exe -- (PTK Live Update-FIGHTERS-297811811)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Fighters\licenseservice.exe -- (PTK License-FIGHTERS-297811811)
SRV - [2010.11.13 09:59:28 | 003,019,352 | ---- | M] () [Auto | Running] -- c:\Programme\Common Files\Akamai\netsession_win_4176eef.dll -- (Akamai)
SRV - [2010.09.23 00:21:24 | 001,493,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc)
SRV - [2010.09.22 16:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.08.26 01:31:58 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010.07.28 08:07:16 | 002,404,488 | ---- | M] (mobile concepts GmbH) [Auto | Running] -- C:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV - [2010.03.18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.01 23:28:11 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.26 10:22:42 | 002,740,224 | ---- | M] () [On_Demand | Running] -- C:\Windows\System32\PrivacyProvider.exe -- (PrivacyProvider)
SRV - [2010.01.07 23:51:02 | 000,380,928 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2009.09.25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009.08.07 11:44:18 | 000,045,816 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2009.07.21 14:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009.05.13 16:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008.02.22 06:14:18 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.07.25 15:41:42 | 000,647,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Wireless\Bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV - [2007.07.25 15:22:44 | 000,327,680 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Wireless\Bin\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV - [2006.10.23 13:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\Apfiltr.sys -- (ApfiltrService)
DRV - [2010.10.28 17:59:38 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010.09.23 00:21:24 | 000,039,272 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV - [2010.06.23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010.02.25 17:51:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2009.12.08 23:48:23 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009.06.17 13:20:34 | 000,012,648 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2009.05.11 10:12:20 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.26 22:28:24 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009.04.11 05:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB-Audiotreiber (WDM)
DRV - [2009.03.30 10:33:03 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009.03.20 07:37:42 | 000,208,688 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2009.02.13 12:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.11.18 10:01:46 | 000,015,496 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\vffilter.sys -- (Vfscan)
DRV - [2008.10.09 15:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008.03.18 14:59:36 | 000,305,176 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\iastor.sys -- (iaStor)
DRV - [2008.02.22 06:38:34 | 000,043,480 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2008.02.22 06:38:28 | 000,048,472 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2008.02.22 06:14:22 | 002,054,872 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008.02.11 19:36:10 | 002,302,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2008.01.21 03:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008.01.21 03:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008.01.21 03:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008.01.21 03:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008.01.21 03:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008.01.21 03:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008.01.21 03:23:25 | 000,987,648 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (VST_DPV)
DRV - [2008.01.21 03:23:25 | 000,654,336 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (winachsf)
DRV - [2008.01.21 03:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008.01.21 03:23:25 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2008.01.21 03:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2008.01.21 03:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008.01.21 03:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008.01.21 03:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2008.01.21 03:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008.01.21 03:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008.01.21 03:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008.01.21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008.01.21 03:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008.01.21 03:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008.01.21 03:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008.01.21 03:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008.01.21 03:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008.01.21 03:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008.01.21 03:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008.01.21 03:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008.01.21 03:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2007.09.26 08:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2006.11.29 23:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2006.11.02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006.11.02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006.11.02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006.11.02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006.11.02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006.11.02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006.11.02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006.11.02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006.11.02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006.11.02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006.11.02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006.11.02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006.11.02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006.11.02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006.11.02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006.11.02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006.11.02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006.11.02 08:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006.09.03 00:53:54 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2006.09.03 00:53:38 | 000,053,248 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BrSerIf.sys -- (BrSerIf)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://partnerpage.google.com/smallbiz.dell.com/de_de?hl=de&client=dell-row&channel=de-smb&ibd=5080925
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/home
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: firebug@software.joehewitt.com:1.5.4
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.4
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}:2.3.0.4
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p="
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Mozilla Firefox 3.5.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.10.28 17:51:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.10.28 17:51:00 | 000,000,000 | ---D | M]

[2008.10.01 18:01:29 | 000,000,000 | ---D | M] -- C:\Users\babsi01\AppData\Roaming\mozilla\Extensions
[2010.11.19 16:10:51 | 000,000,000 | ---D | M] -- C:\Users\babsi01\AppData\Roaming\mozilla\Firefox\Profiles\i0lowoeb.default\extensions
[2010.09.18 23:24:42 | 000,000,000 | ---D | M] (Winamp Toolbar) -- C:\Users\babsi01\AppData\Roaming\mozilla\Firefox\Profiles\i0lowoeb.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}(20)
[2010.06.06 12:43:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\babsi01\AppData\Roaming\mozilla\Firefox\Profiles\i0lowoeb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.06.06 12:43:22 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\babsi01\AppData\Roaming\mozilla\Firefox\Profiles\i0lowoeb.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.11.01 22:28:49 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\babsi01\AppData\Roaming\mozilla\Firefox\Profiles\i0lowoeb.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010.10.24 18:13:43 | 000,000,000 | ---D | M] (WOT) -- C:\Users\babsi01\AppData\Roaming\mozilla\Firefox\Profiles\i0lowoeb.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010.09.18 23:24:42 | 000,000,000 | ---D | M] (WOT) -- C:\Users\babsi01\AppData\Roaming\mozilla\Firefox\Profiles\i0lowoeb.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}(21)
[2009.09.23 01:21:30 | 000,000,000 | ---D | M] (WOT) -- C:\Users\babsi01\AppData\Roaming\mozilla\Firefox\Profiles\i0lowoeb.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}(82)
[2009.12.17 23:06:28 | 000,000,000 | ---D | M] (myBabylon English Toolbar) -- C:\Users\babsi01\AppData\Roaming\mozilla\Firefox\Profiles\i0lowoeb.default\extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
[2009.09.11 23:46:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\babsi01\AppData\Roaming\mozilla\Firefox\Profiles\i0lowoeb.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2010.10.25 19:49:58 | 000,000,000 | ---D | M] -- C:\Users\babsi01\AppData\Roaming\mozilla\Firefox\Profiles\i0lowoeb.default\extensions\firebug@software.joehewitt.com
[2009.12.16 18:37:09 | 000,001,201 | ---- | M] () -- C:\Users\babsi01\AppData\Roaming\Mozilla\FireFox\Profiles\i0lowoeb.default\searchplugins\winamp-search.xml
[2010.07.01 03:11:25 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2009.01.28 22:22:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}
[2010.09.30 19:29:43 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.12.17 23:06:35 | 000,002,204 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\babylon.xml
[2010.09.30 19:29:43 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.09.30 19:29:43 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.09.30 19:29:43 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.09.30 19:29:43 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Programme\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Eraser] C:\Programme\Eraser\Eraser.exe (The Eraser Project)
O4 - HKLM..\Run: [Everything] C:\Program Files\Everything\Everything.exe ()
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [HostManager] C:\Programme\Common Files\aol\1236284668\ee\aolsoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [IndexSearch] C:\Programme\ScanSoft\PaperPort\IndexSearch.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [IPHider] C:\Programme\IP Hider\IP Hider.exe (AllAnonymity)
O4 - HKLM..\Run: [PaperPort PTD] C:\Programme\ScanSoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [SearchSettings] C:\Programme\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeBridge] C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe (Adobe Systems, Inc.)
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\AOL 9.0 VRa\AOL.EXE (AOL, LLC.)
O4 - HKCU..\Run: [Duden Korrektor SysTray] C:\Programme\Duden\Duden Korrektor\DKTray.exe (Expert System S.p.A.)
O4 - HKCU..\Run: [ISUSPM] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\babsi01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O8 - Extra context menu item: &AOL Toolbar-Suche - c:\Programme\AOL\AOL Toolbar 4.0\resources\de-DE\local\search.html ()
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O9 - Extra Button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\PrivacyProvider.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\PrivacyProvider.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\PrivacyProvider.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\PrivacyProvider.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\PrivacyProvider.dll ()
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: secunia.com ([psi] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1DLL) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbddll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3dll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\adialhkdll) - File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehkdll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{bb4bc654-ea05-11dd-8465-002170aaabe3}\Shell\AutoRun\command - "" = F:\Torpark.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010.11.17 01:40:07 | 001,228,408 | ---- | C] (Adobe Systems Incorporated) -- C:\Users\babsi01\WebPremium_CS5_LS4.exe
[2010.11.15 03:42:23 | 000,000,000 | ---D | C] -- C:\Users\babsi01\AppData\Roaming\scriptocean
[2010.11.15 03:42:18 | 000,000,000 | ---D | C] -- C:\Programme\Scriptocean
[2010.11.15 00:02:27 | 000,000,000 | ---D | C] -- C:\Users\babsi01\AppData\Roaming\kompozer.net
[2010.11.15 00:02:27 | 000,000,000 | ---D | C] -- C:\Users\babsi01\AppData\Local\kompozer.net
[2010.11.15 00:01:36 | 000,000,000 | ---D | C] -- C:\Programme\KompoZer
[2010.11.14 23:52:29 | 000,000,000 | ---D | C] -- C:\Programme\Paint.NET
[2010.11.14 23:50:57 | 000,000,000 | ---D | C] -- C:\Users\babsi01\AppData\Local\Paint.NET
[2010.11.14 23:22:38 | 000,000,000 | ---D | C] -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\SUB8-Dateien
[2010.11.14 23:17:48 | 000,000,000 | ---D | C] -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\SUB7-Dateien
[2010.11.14 23:06:53 | 000,000,000 | ---D | C] -- C:\Users\babsi01\AppData\Roaming\Dropbox
[2010.11.14 16:11:42 | 000,000,000 | ---D | C] -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\Adobe Scripts
[2010.11.14 16:10:12 | 000,000,000 | ---D | C] -- C:\Users\babsi01\My Documents
[2010.11.14 16:04:01 | 000,000,000 | ---D | C] -- C:\Users\babsi01\AppData\Local\Aptana Studio 2.0
[2010.11.05 23:31:56 | 000,000,000 | -H-D | C] -- C:\ProgramData\{1CAD5672-4524-4B57-9E7F-6A36F9CA770A}
[2010.11.05 23:31:41 | 000,000,000 | -H-D | C] -- C:\ProgramData\{9B7A2D35-FBC5-45CA-96D7-5BD50D7075A4}
[2010.11.05 23:31:41 | 000,000,000 | ---D | C] -- C:\Programme\WEB.DE
[2010.11.05 23:31:33 | 000,000,000 | ---D | C] -- C:\ProgramData\IEConfiguration1und1
[2010.11.05 23:31:20 | 000,000,000 | ---D | C] -- C:\Users\babsi01\AppData\Local\PackageAware
[2010.11.02 21:28:47 | 000,000,000 | ---D | C] -- C:\Programme\XeroBank
[2010.11.02 18:10:16 | 000,000,000 | ---D | C] -- C:\Users\babsi01\AppData\Roaming\Windows Live Writer
[2010.11.02 18:10:16 | 000,000,000 | ---D | C] -- C:\Users\babsi01\AppData\Local\Windows Live Writer
[2010.11.01 12:54:16 | 000,000,000 | ---D | C] -- C:\Users\babsi01\AppData\Roaming\EurekaLog
[2010.11.01 12:09:28 | 000,025,216 | ---- | C] (The OpenVPN Project) -- C:\Windows\System32\drivers\tap0901.sys
[2010.11.01 12:09:25 | 000,000,000 | ---D | C] -- C:\Programme\S.A.D
[2010.11.01 03:10:50 | 000,000,000 | ---D | C] -- C:\Users\babsi01\AppData\Local\Microsoft_Corporation
[2010.11.01 02:54:46 | 000,000,000 | ---D | C] -- C:\Windows\de
[2010.11.01 02:52:05 | 000,000,000 | ---D | C] -- C:\Programme\Microsoft SQL Server Compact Edition
[2010.11.01 02:50:33 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
[2010.11.01 02:50:08 | 000,000,000 | ---D | C] -- C:\Programme\Windows Live
[2010.11.01 02:49:40 | 000,000,000 | ---D | C] -- C:\Programme\Bing Bar Installer
[2010.11.01 02:47:54 | 000,000,000 | ---D | C] -- C:\Users\babsi01\AppData\Local\Windows Live
[2010.11.01 02:47:04 | 000,000,000 | ---D | C] -- C:\Windows\System32\WindowsPowerShell
[2010.11.01 01:52:42 | 000,000,000 | ---D | C] -- C:\Programme\IP Hider
[2010.10.28 19:05:06 | 000,000,000 | ---D | C] -- C:\Users\babsi01\AppData\Roaming\TrueCrypt
[2010.10.28 17:59:38 | 000,231,248 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\System32\drivers\truecrypt.sys
[2010.10.28 17:59:11 | 000,000,000 | ---D | C] -- C:\Programme\TrueCrypt
[2010.10.24 18:37:33 | 000,000,000 | ---D | C] -- C:\Users\babsi01\Desktop\javascript
[2010.10.24 18:34:11 | 000,000,000 | ---D | C] -- C:\Users\babsi01\Desktop\JavaScript Guide
[2010.10.24 18:29:21 | 000,000,000 | ---D | C] -- C:\Users\babsi01\javascptmanual
[2010.10.24 18:24:40 | 000,000,000 | ---D | C] -- C:\unzipper
[2010.10.24 18:21:41 | 000,000,000 | ---D | C] -- C:\Programme\WinAce
[1 C:\Users\babsi01\*.tmp files -> C:\Users\babsi01\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010.11.19 21:12:30 | 000,001,952 | ---- | M] () -- C:\Windows\System32\PrivacyProvider.ini
[2010.11.19 21:12:30 | 000,000,016 | ---- | M] () -- C:\Windows\System32\PCProxyOff.ini
[2010.11.19 21:12:05 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2010.11.19 21:12:04 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.11.19 21:04:26 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.11.19 21:04:26 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.11.19 21:04:09 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.11.19 21:03:14 | 2137,448,448 | -HS- | M] () -- C:\hiberfil.sys
[2010.11.19 20:26:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.11.19 08:52:28 | 000,001,356 | ---- | M] () -- C:\Users\babsi01\AppData\Local\d3d9caps.dat
[2010.11.18 22:28:34 | 000,022,950 | ---- | M] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\das schweigen ( in ) der luft.odt
[2010.11.17 01:39:09 | 000,351,816 | ---- | M] () -- C:\Users\babsi01\Adobe_Creative_Suite_5_Web_Premium-AkamaiDLM.exe
[2010.11.17 01:29:34 | 003,099,848 | ---- | M] () -- C:\Users\babsi01\TeamViewer_Setup.exe
[2010.11.17 01:22:47 | 003,099,848 | ---- | M] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\TeamViewer_Setup.exe
[2010.11.17 01:18:31 | 000,351,816 | ---- | M] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\Adobe_Dreamweaver_CS5-AkamaiDLM.exe
[2010.11.16 20:45:24 | 000,022,864 | ---- | M] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\das schweigen in der luft.odt
[2010.11.15 23:28:45 | 000,000,474 | ---- | M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job
[2010.11.15 03:42:58 | 000,004,607 | ---- | M] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\newproject.fns
[2010.11.15 03:42:19 | 000,001,068 | ---- | M] () -- C:\Users\babsi01\Desktop\Flash News Scroller Wizard.lnk
[2010.11.15 00:01:48 | 000,000,754 | ---- | M] () -- C:\Users\Public\Desktop\KompoZer.lnk
[2010.11.14 23:54:04 | 000,000,992 | ---- | M] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2010.11.14 23:22:38 | 000,061,033 | ---- | M] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\SUB8.htm
[2010.11.14 23:17:48 | 000,061,045 | ---- | M] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\SUB7.htm
[2010.11.14 22:56:01 | 000,006,403 | ---- | M] () -- C:\Users\babsi01\Desktop\sub3.html
[2010.11.14 22:54:28 | 000,006,403 | ---- | M] () -- C:\Users\babsi01\Desktop\sub2.html
[2010.11.14 22:54:26 | 000,006,403 | ---- | M] () -- C:\Users\babsi01\Desktop\sub.html
[2010.11.14 16:23:05 | 000,000,250 | ---- | M] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\Untitled HTML 2.html
[2010.11.14 16:23:04 | 000,000,250 | ---- | M] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\Untitled HTML 1.html
[2010.11.14 16:04:59 | 000,000,948 | ---- | M] () -- C:\Users\babsi01\Desktop\Aptana Studio 2.0.lnk
[2010.11.14 15:17:34 | 000,018,076 | ---- | M] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\tel.- nr. aktuell.rtf
[2010.11.12 08:58:01 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.11.12 08:58:01 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.11.12 08:58:01 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.11.12 08:58:01 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.11.11 01:33:04 | 000,010,822 | ---- | M] () -- C:\Users\babsi01\Desktop\img-0010.jpg
[2010.11.11 01:33:03 | 000,027,675 | ---- | M] () -- C:\Users\babsi01\.recently-used.xbel
[2010.11.11 01:30:34 | 000,009,863 | ---- | M] () -- C:\Users\babsi01\Desktop\img-008.jpg
[2010.11.11 01:26:50 | 000,050,665 | ---- | M] () -- C:\Users\babsi01\Desktop\img0031.png
[2010.11.11 01:25:58 | 000,042,447 | ---- | M] () -- C:\Users\babsi01\Desktop\img0030.png
[2010.11.11 01:20:48 | 000,048,809 | ---- | M] () -- C:\Users\babsi01\Desktop\img0024.png
[2010.11.11 01:19:16 | 000,132,183 | ---- | M] () -- C:\Users\babsi01\Desktop\img0023.png
[2010.11.11 01:17:46 | 000,051,353 | ---- | M] () -- C:\Users\babsi01\Desktop\img0022.png
[2010.11.11 01:13:04 | 000,030,496 | ---- | M] () -- C:\Users\babsi01\Desktop\img0019.png
[2010.11.11 01:12:32 | 000,047,606 | ---- | M] () -- C:\Users\babsi01\Desktop\img0018.png
[2010.11.11 01:11:18 | 000,038,320 | ---- | M] () -- C:\Users\babsi01\Desktop\img0016.png
[2010.11.11 01:10:10 | 000,049,284 | ---- | M] () -- C:\Users\babsi01\Desktop\img0014.png
[2010.11.11 01:05:04 | 000,009,750 | ---- | M] () -- C:\Users\babsi01\Desktop\img004.jpg
[2010.11.10 20:32:35 | 000,000,176 | ---- | M] () -- C:\WirelessDiagLog.csv
[2010.11.09 22:25:08 | 000,056,877 | ---- | M] () -- C:\Users\babsi01\Desktop\sub1.html
[2010.11.09 20:21:21 | 000,040,765 | ---- | M] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\bild1.odt
[2010.11.09 17:31:48 | 000,002,474 | ---- | M] () -- C:\Users\babsi01\Desktop\javaticker2.html
[2010.11.09 17:23:40 | 000,000,837 | ---- | M] () -- C:\Users\babsi01\Desktop\javaticker.htm
[2010.11.07 15:27:08 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010.11.04 01:06:34 | 000,080,103 | ---- | M] () -- C:\Users\babsi01\Desktop\BWB_November_2010.pdf
[2010.11.02 18:50:01 | 000,009,216 | ---- | M] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\rechnungen-vorlagen.doc
[2010.11.02 11:53:31 | 000,080,103 | ---- | M] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\BWB_November_2010.pdf
[2010.11.02 01:42:06 | 000,549,387 | ---- | M] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\Deprexis_Selbsttest_Auswertung.pdf
[2010.11.01 12:09:31 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\CyberGhost VPN.lnk
[2010.11.01 05:42:45 | 003,692,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.11.01 03:15:00 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01007.Wdf
[2010.11.01 01:21:07 | 000,073,728 | ---- | M] () -- C:\Windows\System32\VistaInfo32.dll
[2010.10.31 02:19:34 | 000,000,758 | ---- | M] () -- C:\Users\babsi01\Desktop\java7.htm
[2010.10.30 13:57:28 | 000,150,243 | ---- | M] () -- C:\Users\babsi01\Desktop\Gesetzentwurf-der-Bundesregierung-zur-Regelung-des-Beschaeftigtendatenschutzes.pdf
[2010.10.29 20:02:19 | 000,000,817 | ---- | M] () -- C:\Users\babsi01\Desktop\java6.html
[2010.10.29 20:00:03 | 000,000,788 | ---- | M] () -- C:\Users\babsi01\Desktop\java4.html
[2010.10.28 17:59:42 | 000,000,764 | ---- | M] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2010.10.28 17:59:38 | 000,231,248 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\System32\drivers\truecrypt.sys
[2010.10.25 19:46:02 | 000,000,585 | ---- | M] () -- C:\Users\babsi01\Desktop\java1.html
[2010.10.24 18:21:48 | 000,000,762 | ---- | M] () -- C:\Users\Public\Desktop\WinAce Archiver.lnk
[2010.10.24 12:46:37 | 000,371,601 | ---- | M] () -- C:\Users\babsi01\Desktop\special_edition_using_jscript.rar
[2010.10.24 12:46:22 | 000,490,388 | ---- | M] () -- C:\Users\babsi01\Desktop\JavaScript_Manual_of_Style.zip
[2010.10.24 12:45:36 | 000,305,900 | ---- | M] () -- C:\Users\babsi01\Desktop\JavaScript Guide.rar
[2010.10.24 12:45:11 | 000,465,542 | ---- | M] () -- C:\Users\babsi01\Desktop\Javascript Manual of Style.zip
[2010.10.24 12:43:38 | 000,268,685 | ---- | M] () -- C:\Users\babsi01\Desktop\Learn JavaScript In A Week.rar
[2010.10.24 12:42:03 | 000,106,690 | ---- | M] () -- C:\Users\babsi01\Desktop\JavaScript Manual Of Style.rar
[1 C:\Users\babsi01\*.tmp files -> C:\Users\babsi01\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.11.18 22:09:22 | 000,022,950 | ---- | C] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\das schweigen ( in ) der luft.odt
[2010.11.18 21:55:00 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys
[2010.11.17 02:06:51 | 000,000,758 | ---- | C] () -- C:\Users\babsi01\Desktop\DA da starten.lnk
[2010.11.17 01:39:08 | 000,351,816 | ---- | C] () -- C:\Users\babsi01\Adobe_Creative_Suite_5_Web_Premium-AkamaiDLM.exe
[2010.11.17 01:27:53 | 003,099,848 | ---- | C] () -- C:\Users\babsi01\TeamViewer_Setup.exe
[2010.11.17 01:15:05 | 000,351,816 | ---- | C] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\Adobe_Dreamweaver_CS5-AkamaiDLM.exe
[2010.11.15 03:42:35 | 000,004,607 | ---- | C] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\newproject.fns
[2010.11.15 03:42:19 | 000,001,068 | ---- | C] () -- C:\Users\babsi01\Desktop\Flash News Scroller Wizard.lnk
[2010.11.15 00:01:48 | 000,000,754 | ---- | C] () -- C:\Users\Public\Desktop\KompoZer.lnk
[2010.11.14 23:54:04 | 000,000,992 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2010.11.14 23:36:52 | 003,099,848 | ---- | C] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\TeamViewer_Setup.exe
[2010.11.14 23:22:38 | 000,061,033 | ---- | C] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\SUB8.htm
[2010.11.14 23:17:48 | 000,061,045 | ---- | C] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\SUB7.htm
[2010.11.14 22:56:01 | 000,006,403 | ---- | C] () -- C:\Users\babsi01\Desktop\sub3.html
[2010.11.14 22:54:40 | 000,006,403 | ---- | C] () -- C:\Users\babsi01\Desktop\sub2.html
[2010.11.14 22:54:26 | 000,006,403 | ---- | C] () -- C:\Users\babsi01\Desktop\sub.html
[2010.11.14 19:55:33 | 000,010,822 | ---- | C] () -- C:\Users\babsi01\Desktop\img-0010.jpg
[2010.11.14 18:45:57 | 000,030,496 | ---- | C] () -- C:\Users\babsi01\Desktop\img0019.png
[2010.11.14 18:45:43 | 000,051,353 | ---- | C] () -- C:\Users\babsi01\Desktop\img0022.png
[2010.11.14 18:45:31 | 000,132,183 | ---- | C] () -- C:\Users\babsi01\Desktop\img0023.png
[2010.11.14 18:45:19 | 000,048,809 | ---- | C] () -- C:\Users\babsi01\Desktop\img0024.png
[2010.11.14 18:45:03 | 000,042,447 | ---- | C] () -- C:\Users\babsi01\Desktop\img0030.png
[2010.11.14 18:44:53 | 000,050,665 | ---- | C] () -- C:\Users\babsi01\Desktop\img0031.png
[2010.11.14 18:44:34 | 000,009,863 | ---- | C] () -- C:\Users\babsi01\Desktop\img-008.jpg
[2010.11.14 18:44:14 | 000,047,606 | ---- | C] () -- C:\Users\babsi01\Desktop\img0018.png
[2010.11.14 18:43:59 | 000,038,320 | ---- | C] () -- C:\Users\babsi01\Desktop\img0016.png
[2010.11.14 18:43:30 | 000,049,284 | ---- | C] () -- C:\Users\babsi01\Desktop\img0014.png
[2010.11.14 18:43:28 | 000,009,750 | ---- | C] () -- C:\Users\babsi01\Desktop\img004.jpg
[2010.11.14 16:23:05 | 000,000,250 | ---- | C] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\Untitled HTML 2.html
[2010.11.14 16:23:04 | 000,000,250 | ---- | C] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\Untitled HTML 1.html
[2010.11.14 16:04:55 | 000,000,948 | ---- | C] () -- C:\Users\babsi01\Desktop\Aptana Studio 2.0.lnk
[2010.11.11 01:33:03 | 000,027,675 | ---- | C] () -- C:\Users\babsi01\.recently-used.xbel
[2010.11.10 20:28:42 | 000,000,176 | ---- | C] () -- C:\WirelessDiagLog.csv
[2010.11.09 20:21:19 | 000,040,765 | ---- | C] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\bild1.odt
[2010.11.09 17:36:39 | 000,056,877 | ---- | C] () -- C:\Users\babsi01\Desktop\sub1.html
[2010.11.09 17:28:14 | 000,002,474 | ---- | C] () -- C:\Users\babsi01\Desktop\javaticker2.html
[2010.11.09 17:21:35 | 000,000,837 | ---- | C] () -- C:\Users\babsi01\Desktop\javaticker.htm
[2010.11.04 01:06:34 | 000,080,103 | ---- | C] () -- C:\Users\babsi01\Desktop\BWB_November_2010.pdf
[2010.11.02 18:49:59 | 000,009,216 | ---- | C] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\rechnungen-vorlagen.doc
[2010.11.02 11:53:30 | 000,080,103 | ---- | C] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\BWB_November_2010.pdf
[2010.11.02 01:41:59 | 000,549,387 | ---- | C] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\Deprexis_Selbsttest_Auswertung.pdf
[2010.11.01 12:09:31 | 000,000,890 | ---- | C] () -- C:\Users\Public\Desktop\CyberGhost VPN.lnk
[2010.11.01 03:15:00 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01007.Wdf
[2010.11.01 02:44:43 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2010.11.01 02:44:43 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2010.11.01 02:44:43 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2010.11.01 01:52:44 | 000,001,952 | ---- | C] () -- C:\Windows\System32\PrivacyProvider.ini
[2010.11.01 01:52:43 | 002,740,224 | ---- | C] () -- C:\Windows\System32\PrivacyProvider.exe
[2010.11.01 01:52:43 | 000,471,040 | ---- | C] () -- C:\Windows\System32\RegisterLSP.exe
[2010.11.01 01:52:43 | 000,258,048 | ---- | C] () -- C:\Windows\System32\PrivacyProvider.dll
[2010.11.01 01:21:24 | 000,000,016 | ---- | C] () -- C:\Windows\System32\PCProxyOff.ini
[2010.11.01 01:21:07 | 000,073,728 | ---- | C] () -- C:\Windows\System32\VistaInfo32.dll
[2010.10.30 13:57:28 | 000,150,243 | ---- | C] () -- C:\Users\babsi01\Desktop\Gesetzentwurf-der-Bundesregierung-zur-Regelung-des-Beschaeftigtendatenschutzes.pdf
[2010.10.29 20:02:32 | 000,000,758 | ---- | C] () -- C:\Users\babsi01\Desktop\java7.htm
[2010.10.29 20:00:49 | 000,000,817 | ---- | C] () -- C:\Users\babsi01\Desktop\java6.html
[2010.10.28 20:22:01 | 000,000,788 | ---- | C] () -- C:\Users\babsi01\Desktop\java4.html
[2010.10.28 17:59:42 | 000,000,764 | ---- | C] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2010.10.25 19:22:06 | 000,000,585 | ---- | C] () -- C:\Users\babsi01\Desktop\java1.html
[2010.10.24 18:21:48 | 000,000,762 | ---- | C] () -- C:\Users\Public\Desktop\WinAce Archiver.lnk
[2010.10.24 12:39:08 | 000,490,388 | ---- | C] () -- C:\Users\babsi01\Desktop\JavaScript_Manual_of_Style.zip
[2010.10.24 12:39:08 | 000,465,542 | ---- | C] () -- C:\Users\babsi01\Desktop\Javascript Manual of Style.zip
[2010.10.24 12:39:08 | 000,371,601 | ---- | C] () -- C:\Users\babsi01\Desktop\special_edition_using_jscript.rar
[2010.10.24 12:39:08 | 000,305,900 | ---- | C] () -- C:\Users\babsi01\Desktop\JavaScript Guide.rar
[2010.10.24 12:39:08 | 000,268,685 | ---- | C] () -- C:\Users\babsi01\Desktop\Learn JavaScript In A Week.rar
[2010.10.24 12:39:08 | 000,106,690 | ---- | C] () -- C:\Users\babsi01\Desktop\JavaScript Manual Of Style.rar
[2010.07.01 03:10:31 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.06.12 23:42:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.03.09 00:18:41 | 000,000,021 | -H-- | C] () -- C:\ProgramData\.245548635012626446356421263181
[2010.02.28 03:30:59 | 000,327,168 | ---- | C] () -- C:\Windows\System32\cutil32.dll
[2010.01.24 15:24:00 | 000,000,023 | ---- | C] () -- C:\Windows\odbmai.ini
[2009.12.03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.08.30 23:18:23 | 000,441,801 | ---- | C] () -- C:\Users\babsi01\AppData\Local\hcvfsmo_nav.dat
[2009.08.30 23:17:51 | 000,003,268 | ---- | C] () -- C:\Users\babsi01\AppData\Local\hcvfsmo.dat
[2009.08.30 23:17:51 | 000,001,456 | ---- | C] () -- C:\Users\babsi01\AppData\Local\hcvfsmo_navps.dat
[2009.08.30 23:17:51 | 000,000,092 | ---- | C] () -- C:\Users\babsi01\AppData\Local\hcvfsmo.bat
[2009.08.30 18:10:53 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.30 05:31:43 | 000,002,282 | ---- | C] () -- C:\Users\babsi01\AppData\Roaming\install.txt
[2009.03.28 02:08:07 | 000,000,552 | ---- | C] () -- C:\Users\babsi01\AppData\Local\d3d8caps.dat
[2009.02.21 17:14:17 | 000,001,356 | ---- | C] () -- C:\Users\babsi01\AppData\Local\d3d9caps.dat
[2009.02.01 23:00:45 | 000,000,023 | -HS- | C] () -- C:\Windows\System32\bfbfbfdc7_g.dll
[2009.01.04 22:42:10 | 000,005,959 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008.12.12 01:08:41 | 000,024,206 | ---- | C] () -- C:\Users\babsi01\AppData\Roaming\UserTile.png
[2008.11.18 10:01:46 | 000,015,496 | ---- | C] () -- C:\Windows\System32\drivers\vffilter.sys
[2008.11.12 18:03:08 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2008.11.10 16:21:16 | 000,027,114 | ---- | C] () -- C:\Windows\maxlink.ini
[2008.11.03 23:27:55 | 000,000,145 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2008.11.03 23:27:55 | 000,000,023 | ---- | C] () -- C:\Windows\Brownie.ini
[2008.11.03 23:27:55 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2008.11.03 23:27:54 | 000,008,975 | ---- | C] () -- C:\Windows\HL-2030.INI
[2008.11.03 23:27:54 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini
[2008.11.03 23:27:06 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008.10.12 20:15:21 | 000,000,099 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008.10.12 19:52:08 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX3800G.ini
[2008.10.05 19:52:37 | 000,012,238 | ---- | C] () -- C:\Users\babsi01\AppData\Roaming\wklnhst.dat
[2008.10.01 17:28:30 | 000,031,232 | ---- | C] () -- C:\Users\babsi01\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.25 01:25:29 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008.09.25 01:25:29 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008.09.25 01:25:29 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008.09.25 01:25:29 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008.02.11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2007.07.25 15:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.02.25 05:15:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\EPSPTDV.DLL
[2002.03.04 10:16:34 | 000,110,592 | R--- | C] () -- C:\Windows\System32\Jpeg32.dll

========== LOP Check ==========

[2010.10.09 12:31:23 | 000,000,000 | ---D | M] -- C:\Users\babsi01\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010.11.16 00:50:09 | 000,000,000 | ---D | M] -- C:\Users\babsi01\AppData\Roaming\Dropbox
[2008.10.12 20:45:17 | 000,000,000 | ---D | M] -- C:\Users\babsi01\AppData\Roaming\EPSON
[2010.11.01 12:55:17 | 000,000,000 | ---D | M] -- C:\Users\babsi01\AppData\Roaming\EurekaLog
[2010.03.09 00:21:46 | 000,000,000 | ---D | M] -- C:\Users\babsi01\AppData\Roaming\Final Draft
[2009.09.12 18:17:33 | 000,000,000 | ---D | M] -- C:\Users\babsi01\AppData\Roaming\Gizmo5
[2010.11.11 01:48:52 | 000,000,000 | ---D | M] -- C:\Users\babsi01\AppData\Roaming\gtk-2.0
[2010.11.15 00:02:27 | 000,000,000 | ---D | M] -- C:\Users\babsi01\AppData\Roaming\kompozer.net
[2009.09.12 01:51:58 | 000,000,000 | ---D | M] -- C:\Users\babsi01\AppData\Roaming\MiniDm
[2009.10.14 02:59:18 | 000,000,000 | ---D | M] -- C:\Users\babsi01\AppData\Roaming\OpenOffice.org
[2008.12.12 01:08:40 | 000,000,000 | ---D | M] -- C:\Users\babsi01\AppData\Roaming\PeerNetworking
[2010.11.15 03:42:23 | 000,000,000 | ---D | M] -- C:\Users\babsi01\AppData\Roaming\scriptocean
[2010.11.18 22:28:38 | 000,000,000 | ---D | M] -- C:\Users\babsi01\AppData\Roaming\StarOffice8
[2009.07.30 20:30:00 | 000,000,000 | ---D | M] -- C:\Users\babsi01\AppData\Roaming\TeamViewer
[2008.10.05 19:55:11 | 000,000,000 | ---D | M] -- C:\Users\babsi01\AppData\Roaming\Template
[2009.08.30 03:55:35 | 000,000,000 | ---D | M] -- C:\Users\babsi01\AppData\Roaming\TrojanHunter
[2010.10.28 19:14:45 | 000,000,000 | ---D | M] -- C:\Users\babsi01\AppData\Roaming\TrueCrypt
[2010.08.04 22:07:14 | 000,000,000 | ---D | M] -- C:\Users\babsi01\AppData\Roaming\Uniblue
[2010.11.02 18:10:16 | 000,000,000 | ---D | M] -- C:\Users\babsi01\AppData\Roaming\Windows Live Writer
[2010.11.15 23:28:45 | 000,000,474 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010.07.04 19:35:05 | 000,000,508 | ---- | M] () -- C:\Windows\Tasks\Install.job
[2010.11.19 21:12:05 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job
[2010.11.06 12:52:53 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >


[2010.11.01 12:09:31 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\CyberGhost VPN.lnk
[2010.11.01 05:42:45 | 003,692,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.11.01 03:15:00 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01007.Wdf
[2010.11.01 01:21:07 | 000,073,728 | ---- | M] () -- C:\Windows\System32\VistaInfo32.dll
[2010.10.31 02:19:34 | 000,000,758 | ---- | M] () -- C:\Users\babsi01\Desktop\java7.htm
[2010.10.30 13:57:28 | 000,150,243 | ---- | M] () -- C:\Users\babsi01\Desktop\Gesetzentwurf-der-Bundesregierung-zur-Regelung-des-Beschaeftigtendatenschutzes.pdf
[2010.10.29 20:02:19 | 000,000,817 | ---- | M] () -- C:\Users\babsi01\Desktop\java6.html
[2010.10.29 20:00:03 | 000,000,788 | ---- | M] () -- C:\Users\babsi01\Desktop\java4.html
[2010.10.28 17:59:42 | 000,000,764 | ---- | M] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2010.10.28 17:59:38 | 000,231,248 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\System32\drivers\truecrypt.sys
[2010.10.25 19:46:02 | 000,000,585 | ---- | M] () -- C:\Users\babsi01\Desktop\java1.html
[2010.10.24 18:21:48 | 000,000,762 | ---- | M] () -- C:\Users\Public\Desktop\WinAce Archiver.lnk
[2010.10.24 12:46:37 | 000,371,601 | ---- | M] () -- C:\Users\babsi01\Desktop\special_edition_using_jscript.rar
[2010.10.24 12:46:22 | 000,490,388 | ---- | M] () -- C:\Users\babsi01\Desktop\JavaScript_Manual_of_Style.zip
[2010.10.24 12:45:36 | 000,305,900 | ---- | M] () -- C:\Users\babsi01\Desktop\JavaScript Guide.rar
[2010.10.24 12:45:11 | 000,465,542 | ---- | M] () -- C:\Users\babsi01\Desktop\Javascript Manual of Style.zip
[2010.10.24 12:43:38 | 000,268,685 | ---- | M] () -- C:\Users\babsi01\Desktop\Learn JavaScript In A Week.rar
[2010.10.24 12:42:03 | 000,106,690 | ---- | M] () -- C:\Users\babsi01\Desktop\JavaScript Manual Of Style.rar
[1 C:\Users\babsi01\*.tmp files -> C:\Users\babsi01\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010.11.18 22:09:22 | 000,022,950 | ---- | C] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\das schweigen ( in ) der luft.odt
[2010.11.18 21:55:00 | 2137,448,448 | -HS- | C] () -- C:\hiberfil.sys
[2010.11.17 02:06:51 | 000,000,758 | ---- | C] () -- C:\Users\babsi01\Desktop\DA da starten.lnk
[2010.11.17 01:39:08 | 000,351,816 | ---- | C] () -- C:\Users\babsi01\Adobe_Creative_Suite_5_Web_Premium-AkamaiDLM.exe
[2010.11.17 01:27:53 | 003,099,848 | ---- | C] () -- C:\Users\babsi01\TeamViewer_Setup.exe
[2010.11.17 01:15:05 | 000,351,816 | ---- | C] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\Adobe_Dreamweaver_CS5-AkamaiDLM.exe
[2010.11.15 03:42:35 | 000,004,607 | ---- | C] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\newproject.fns
[2010.11.15 03:42:19 | 000,001,068 | ---- | C] () -- C:\Users\babsi01\Desktop\Flash News Scroller Wizard.lnk
[2010.11.15 00:01:48 | 000,000,754 | ---- | C] () -- C:\Users\Public\Desktop\KompoZer.lnk
[2010.11.14 23:54:04 | 000,000,992 | ---- | C] () -- C:\Users\Public\Desktop\Paint.NET.lnk
[2010.11.14 23:36:52 | 003,099,848 | ---- | C] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\TeamViewer_Setup.exe
[2010.11.14 23:22:38 | 000,061,033 | ---- | C] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\SUB8.htm
[2010.11.14 23:17:48 | 000,061,045 | ---- | C] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\SUB7.htm
[2010.11.14 22:56:01 | 000,006,403 | ---- | C] () -- C:\Users\babsi01\Desktop\sub3.html
[2010.11.14 22:54:40 | 000,006,403 | ---- | C] () -- C:\Users\babsi01\Desktop\sub2.html
[2010.11.14 22:54:26 | 000,006,403 | ---- | C] () -- C:\Users\babsi01\Desktop\sub.html
[2010.11.14 19:55:33 | 000,010,822 | ---- | C] () -- C:\Users\babsi01\Desktop\img-0010.jpg
[2010.11.14 18:45:57 | 000,030,496 | ---- | C] () -- C:\Users\babsi01\Desktop\img0019.png
[2010.11.14 18:45:43 | 000,051,353 | ---- | C] () -- C:\Users\babsi01\Desktop\img0022.png
[2010.11.14 18:45:31 | 000,132,183 | ---- | C] () -- C:\Users\babsi01\Desktop\img0023.png
[2010.11.14 18:45:19 | 000,048,809 | ---- | C] () -- C:\Users\babsi01\Desktop\img0024.png
[2010.11.14 18:45:03 | 000,042,447 | ---- | C] () -- C:\Users\babsi01\Desktop\img0030.png
[2010.11.14 18:44:53 | 000,050,665 | ---- | C] () -- C:\Users\babsi01\Desktop\img0031.png
[2010.11.14 18:44:34 | 000,009,863 | ---- | C] () -- C:\Users\babsi01\Desktop\img-008.jpg
[2010.11.14 18:44:14 | 000,047,606 | ---- | C] () -- C:\Users\babsi01\Desktop\img0018.png
[2010.11.14 18:43:59 | 000,038,320 | ---- | C] () -- C:\Users\babsi01\Desktop\img0016.png
[2010.11.14 18:43:30 | 000,049,284 | ---- | C] () -- C:\Users\babsi01\Desktop\img0014.png
[2010.11.14 18:43:28 | 000,009,750 | ---- | C] () -- C:\Users\babsi01\Desktop\img004.jpg
[2010.11.14 16:23:05 | 000,000,250 | ---- | C] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\Untitled HTML 2.html
[2010.11.14 16:23:04 | 000,000,250 | ---- | C] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\Untitled HTML 1.html
[2010.11.14 16:04:55 | 000,000,948 | ---- | C] () -- C:\Users\babsi01\Desktop\Aptana Studio 2.0.lnk
[2010.11.11 01:33:03 | 000,027,675 | ---- | C] () -- C:\Users\babsi01\.recently-used.xbel
[2010.11.10 20:28:42 | 000,000,176 | ---- | C] () -- C:\WirelessDiagLog.csv
[2010.11.09 20:21:19 | 000,040,765 | ---- | C] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\bild1.odt
[2010.11.09 17:36:39 | 000,056,877 | ---- | C] () -- C:\Users\babsi01\Desktop\sub1.html
[2010.11.09 17:28:14 | 000,002,474 | ---- | C] () -- C:\Users\babsi01\Desktop\javaticker2.html
[2010.11.09 17:21:35 | 000,000,837 | ---- | C] () -- C:\Users\babsi01\Desktop\javaticker.htm
[2010.11.04 01:06:34 | 000,080,103 | ---- | C] () -- C:\Users\babsi01\Desktop\BWB_November_2010.pdf
[2010.11.02 18:49:59 | 000,009,216 | ---- | C] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\rechnungen-vorlagen.doc
[2010.11.02 11:53:30 | 000,080,103 | ---- | C] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\BWB_November_2010.pdf
[2010.11.02 01:41:59 | 000,549,387 | ---- | C] () -- C:\Users\babsi01
[2010.11.01 12:09:31 | 000,000,890 | ---- | C] () -- C:\Users\Public\Desktop\CyberGhost VPN.lnk
[2010.11.01 03:15:00 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01007.Wdf
[2010.11.01 02:44:43 | 000,201,184 | ---- | C] () -- C:\Windows\System32\winrm.vbs
[2010.11.01 02:44:43 | 000,004,675 | ---- | C] () -- C:\Windows\System32\wsmanconfig_schema.xml
[2010.11.01 02:44:43 | 000,002,426 | ---- | C] () -- C:\Windows\System32\WsmTxt.xsl
[2010.11.01 01:52:44 | 000,001,952 | ---- | C] () -- C:\Windows\System32\PrivacyProvider.ini
[2010.11.01 01:52:43 | 002,740,224 | ---- | C] () -- C:\Windows\System32\PrivacyProvider.exe
[2010.11.01 01:52:43 | 000,471,040 | ---- | C] () -- C:\Windows\System32\RegisterLSP.exe
[2010.11.01 01:52:43 | 000,258,048 | ---- | C] () -- C:\Windows\System32\PrivacyProvider.dll
[2010.11.01 01:21:24 | 000,000,016 | ---- | C] () -- C:\Windows\System32\PCProxyOff.ini
[2010.11.01 01:21:07 | 000,073,728 | ---- | C] () -- C:\Windows\System32\VistaInfo32.dll
[2010.10.30 13:57:28 | 000,150,243 | ---- | C] () -- C:\Users\babsi01\Desktop\Gesetzentwurf-der-Bundesregierung-zur-Regelung-des-Beschaeftigtendatenschutzes.pdf
[2010.10.29 20:02:32 | 000,000,758 | ---- | C] () -- C:\Users\babsi01\Desktop\java7.htm
[2010.10.29 20:00:49 | 000,000,817 | ---- | C] () -- C:\Users\babsi01\Desktop\java6.html
[2010.10.28 20:22:01 | 000,000,788 | ---- | C] () -- C:\Users\babsi01\Desktop\java4.html
[2010.10.28 17:59:42 | 000,000,764 | ---- | C] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2010.10.25 19:22:06 | 000,000,585 | ---- | C] () -- C:\Users\babsi01\Desktop\java1.html
[2010.10.24 18:21:48 | 000,000,762 | ---- | C] () -- C:\Users\Public\Desktop\WinAce Archiver.lnk
[2010.10.24 12:39:08 | 000,490,388 | ---- | C] () -- C:\Users\babsi01\Desktop\JavaScript_Manual_of_Style.zip
[2010.10.24 12:39:08 | 000,465,542 | ---- | C] () -- C:\Users\babsi01\Desktop\Javascript Manual of Style.zip
[2010.10.24 12:39:08 | 000,371,601 | ---- | C] () -- C:\Users\babsi01\Desktop\special_edition_using_jscript.rar
[2010.10.24 12:39:08 | 000,305,900 | ---- | C] () -- C:\Users\babsi01\Desktop\JavaScript Guide.rar
[2010.10.24 12:39:08 | 000,268,685 | ---- | C] () -- C:\Users\babsi01\Desktop\Learn JavaScript In A Week.rar
[2010.10.24 12:39:08 | 000,106,690 | ---- | C] () -- C:\Users\babsi01\Desktop\JavaScript Manual Of Style.rar
[2010.07.01 03:10:31 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.06.12 23:42:47 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.03.09 00:18:41 | 000,000,021 | -H-- | C] () -- C:\ProgramData\.245548635012626446356421263181
[2010.02.28 03:30:59 | 000,327,168 | ---- | C] () -- C:\Windows\System32\cutil32.dll
[2010.01.24 15:24:00 | 000,000,023 | ---- | C] () -- C:\Windows\odbmai.ini
[2009.12.03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.08.30 23:18:23 | 000,441,801 | ---- | C] () -- C:\Users\babsi01\AppData\Local\hcvfsmo_nav.dat
[2009.08.30 23:17:51 | 000,003,268 | ---- | C] () -- C:\Users\babsi01\AppData\Local\hcvfsmo.dat
[2009.08.30 23:17:51 | 000,001,456 | ---- | C] () -- C:\Users\babsi01\AppData\Local\hcvfsmo_navps.dat
[2009.08.30 23:17:51 | 000,000,092 | ---- | C] () -- C:\Users\babsi01\AppData\Local\hcvfsmo.bat
[2009.08.30 18:10:53 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.30 05:31:43 | 000,002,282 | ---- | C] () -- C:\Users\babsi01\AppData\Roaming\install.txt
[2009.03.28 02:08:07 | 000,000,552 | ---- | C] () -- C:\Users\babsi01\AppData\Local\d3d8caps.dat
[2009.02.21 17:14:17 | 000,001,356 | ---- | C] () -- C:\Users\babsi01\AppData\Local\d3d9caps.dat
[2009.02.01 23:00:45 | 000,000,023 | -HS- | C] () -- C:\Windows\System32\bfbfbfdc7_g.dll
[2009.01.04 22:42:10 | 000,005,959 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008.12.12 01:08:41 | 000,024,206 | ---- | C] () -- C:\Users\babsi01\AppData\Roaming\UserTile.png
[2008.11.18 10:01:46 | 000,015,496 | ---- | C] () -- C:\Windows\System32\drivers\vffilter.sys
[2008.11.12 18:03:08 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2008.11.10 16:21:16 | 000,027,114 | ---- | C] () -- C:\Windows\maxlink.ini
[2008.11.03 23:27:55 | 000,000,145 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2008.11.03 23:27:55 | 000,000,023 | ---- | C] () -- C:\Windows\Brownie.ini
[2008.11.03 23:27:55 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2008.11.03 23:27:54 | 000,008,975 | ---- | C] () -- C:\Windows\HL-2030.INI
[2008.11.03 23:27:54 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini
[2008.11.03 23:27:06 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008.10.12 20:15:21 | 000,000,099 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008.10.12 19:52:08 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX3800G.ini
[2008.10.05 19:52:37 | 000,012,238 | ---- | C] () -- C:\Users\babsi01\AppData\Roaming\wklnhst.dat
[2008.10.01 17:28:30 | 000,031,232 | ---- | C] () -- C:\Users\babsi01\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.09.25 01:25:29 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008.09.25 01:25:29 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008.09.25 01:25:29 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008.09.25 01:25:29 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008.02.11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2007.07.25 15:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2006.11.02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 11:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2005.02.25 05:15:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\EPSPTDV.DLL
[2002.03.04 10:16:34 | 000,110,592 | R--- | C] () -- C:\Windows\System32\Jpeg32.dll

========== LOP Check ==========

[2010.10.09 12:31:23 | 000,000,000 | ---D | M] -- C:\Users\babsi01\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010.11.16 00:50:09 | 000,000,000 | ---D | M] -- C:\Users\babsi01\AppData\Roaming\Dropbox
[2008.10.12 20:45:17 | 000,000,000 | ---D | M] -- C:\Users\babsi01\AppData\Roaming\EPSON
[2010.11.01 12:55:17 | 000,000,000 | ---D | M] -- C:\Users\babsi01\AppData\Roaming\EurekaLog
[2010.03.09 00:21:46 | 000,000,000 | ---D | M] -- C:\Users\babsi01\AppData\Roaming\Final Draft
[2009.09.12 18:17:33 | 000,000,000 | ---D | M] -- C:\Users\babsi01\AppData\Roaming\Gizmo5
[2010.11.11 01:48:52 | 000,000,000 | ---D | M] -- C:\Users\babsi01\AppData\Roaming\gtk-2.0
[2010.11.15 00:02:27 | 000,000,000 | ---D | M] -- C:\Users\babsi01\AppData\Roaming\kompozer.net
[2009.09.12 01:51:58 | 000,000,000 | ---D | M] -- C:\Users\babsi01\AppData\Roaming\MiniDm
[2009.10.14 02:59:18 | 000,000,000 | ---D | M] -- C:\Users\babsi01\AppData\Roaming\OpenOffice.org
[2008.12.12 01:08:40 | 000,000,000 | ---D | M] -- C:\Users\babsi01\AppData\Roaming\PeerNetworking
[2010.11.15 03:42:23 | 000,000,000 | ---D | M] -- C:\Users\babsi01\AppData\Roaming\scriptocean
[2010.11.18 22:28:38 | 000,000,000 | ---D | M] -- C:\Users\babsi01\AppData\Roaming\StarOffice8
[2009.07.30 20:30:00 | 000,000,000 | ---D | M] -- C:\Users\babsi01\AppData\Roaming\TeamViewer
[2008.10.05 19:55:11 | 000,000,000 | ---D | M] -- C:\Users\babsi01\AppData\Roaming\Template
[2009.08.30 03:55:35 | 000,000,000 | ---D | M] -- C:\Users\babsi01\AppData\Roaming\TrojanHunter
[2010.10.28 19:14:45 | 000,000,000 | ---D | M] -- C:\Users\babsi01\AppData\Roaming\TrueCrypt
[2010.08.04 22:07:14 | 000,000,000 | ---D | M] -- C:\Users\babsi01\AppData\Roaming\Uniblue
[2010.11.02 18:10:16 | 000,000,000 | ---D | M] -- C:\Users\babsi01\AppData\Roaming\Windows Live Writer
[2010.11.15 23:28:45 | 000,000,474 | ---- | M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2010.07.04 19:35:05 | 000,000,508 | ---- | M] () -- C:\Windows\Tasks\Install.job
[2010.11.19 21:12:05 | 000,000,336 | ---- | M] () -- C:\Windows\Tasks\RegistryBooster.job
[2010.11.06 12:52:53 | 000,032,586 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

cosinus 10.04.2011 20:39

Gibt es noch weitere Logs von Malwarebytes? Wenn ja bitte alle posten, die in Malwarebytes im Reiter Logdateien sichtbar sind.

Für zukünftige Scans die externen Datenträger mit einbeziehen.

babrina 27.04.2011 17:29

hallo, sorry, dass ich jetzt erst antworte. und nun habe ich noch ein zweites problem dazu. spybot findet ständig right media, ein verfolgendes cookie. ich habe mehrfach systemwiederherstellungen gemacht und spybot sicher zwanzig mal über den rechner laufen lassen- ohne erfolg. er findet es immer wieder. unter hijackthis habe ich auch einige probleme gefunden, einen schädlichen eintrag, yieldmanager. anbei maile ich einfach die letzen vier logfiles von malwarebytes. alle kann ich nicht schicken, es sind so viele.
vielen dank im voraus! gruß, babrina

----------------------------------------

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6458

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

27.04.2011 18:22:46
mbam-log-2011-04-27 (18-22-46).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 151939
Laufzeit: 7 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
...................

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 4020

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

22.04.2010 10:02:59
mbam-log-2010-04-22 (10-02-59).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|)
Durchsuchte Objekte: 404405
Laufzeit: 4 Stunde(n), 42 Minute(n), 32 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
..............

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 4020

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

23.04.2010 23:26:26
mbam-log-2010-04-23 (23-26-26).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 111309
Laufzeit: 9 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
.........

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 4020

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

24.04.2010 08:51:31
mbam-log-2010-04-24 (08-51-31).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 112096
Laufzeit: 14 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
...............

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 4020

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

24.04.2010 09:17:57
mbam-log-2010-04-24 (09-17-57).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 112007
Laufzeit: 13 Minute(n), 40 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
..............

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Datenbank Version: 4020

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

25.04.2010 22:44:35
mbam-log-2010-04-25 (22-44-35).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 112302
Laufzeit: 11 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
..............

und hier auch noch hijackthis:

HiJackthis Logfile:
Code:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:19:27, on 26.04.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Uniblue\RegistryBooster\rbmonitor.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Eraser\Eraser.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\FreePDF_XP\fpassist.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Secunia\PSI\psi_tray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\AOL 9.0 VRa\waol.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\AOL\1236284668\ee\aolsoftware.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\AOL 9.0 VRa\shellmon.exe
C:\Program Files\Common Files\AOL\Topspeed\3.0\aoltpsd3.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://partnerpage.google.com/smallbiz.dell.com/de_de?hl=de&client=dell-row&channel=de-smb&ibd=5080925
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer bereitgestellt von Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: PXCIEaddin - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (file missing)
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (file missing)
O3 - Toolbar: PDFXChange 4.0 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Program Files\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll
O3 - Toolbar: Gutscheinmieze - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\babsi01\AppData\Roaming\Gutscheinmieze\toolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [Free Download Manager] "C:\Program Files\Free Download Manager\fdm.exe" -autorun
O4 - HKCU\..\Run: [Software Informer] "C:\Program Files\Software Informer\softinfo.exe" -autorun
O4 - HKCU\..\Run: [RegistryBooster] "C:\Program Files\Uniblue\RegistryBooster\launcher.exe" delay 20000
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\AOL 9.0 VRa\AOL.EXE" -b
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &AOL Toolbar-Suche - c:\program files\aol\aol toolbar 4.0\resources\de-DE\local\search.html
O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
O9 - Extra button: HP Intelligente Auswahl - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\privacyprovider.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\privacyprovider.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\privacyprovider.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\privacyprovider.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\privacyprovider.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1DLL, C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbddll, C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3dll, C:\PROGRA~1\KASPER~1\KASPER~1\adialhkdll, C:\PROGRA~1\KASPER~1\KASPER~1\kloehkdll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Windows\system32\AERTSrv.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: CyberGhost VPN Client (CGVPNCliSrvc) - mobile concepts GmbH - C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: PrivacyProvider - Unknown owner - C:\Windows\system32\PrivacyProvider.exe
O23 - Service: PTK License-FIGHTERS-297811811 - Unknown owner - C:\Program Files\Fighters\licenseservice.exe (file missing)
O23 - Service: PTK Live Update-FIGHTERS-297811811 - Unknown owner - C:\Program Files\Fighters\updateservice.exe (file missing)
O23 - Service: PTK Scanner-FIGHTERS-297811811 - Unknown owner - C:\Program Files\Fighters\ScannerService.exe (file missing)
O23 - Service: PTK SharedAccess-FIGHTERS-297811811 - Unknown owner - C:\Program Files\Fighters\configservice.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 14709 bytes

--- --- ---

cosinus 27.04.2011 18:42

Mach bitte einen Vollscan mit Malwarebytes und aktuellen Signaturen.
Hijackthis will ich nicht sehen.

babrina 27.04.2011 22:23

hallo, anbei der vollständige scan. was sind denn aktuelle signaturen?


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 6458

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

27.04.2011 23:08:10
mbam-log-2011-04-27 (23-08-10).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Durchsuchte Objekte: 351098
Laufzeit: 2 Stunde(n), 25 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

cosinus 28.04.2011 12:38

Zitat:

ich vermute einen selbstgebastelten virus, da ich über normale virenscanner nichts gefunden habe. vielen dank im voraus! gruß, babrina
Keine Funde und die Logs sind unauffällig.
Nur weil früher AntiVir nichts gemeldet hat, heißt das nicht, dass dein Rechner verseucht ist. Es kommen ständig Programmupdates rein und irgendwann meldete AntiVir, dass ein Autorun blockiert wird. Autorun solltest du generell mal komplett deaktivieren, darüber kommen viele Schädlinge rein, v.a. über infizierte USB-Sticks!!

Einstellungen für automatische Wiedergabe ändern

babrina 05.05.2011 21:11

hallo, right media kommt immer wieder. falls das ein normales cookie wäre, könnte ich es doch löschen und/ oder entfernen? ich fühle mich etwas überwacht dadurch, da so ein cookie mein nutzerverhalten ausspionieren kann. deaktiviert man über diesen link nicht nur hardware- autorunfunktionen? wo kann man denn die autorun- funktionen von software deaktivieren?

und gibt es keine andere möglichkeit, dieses cookie loszuwerden? in einem anderen forum habe ich gelesen, dass man ihn angeblich über eine registry- reinigung loswerden kann. ich habe den ccleaner und auch die superantispyware auch schon über den rechner und ihn sämtliche cookies löschen lassen- ebenfalls ohne erfolg. grüße, barbrina

babrina 05.05.2011 21:19

anbei auch noch ein logfile von otl.OTL Logfile:
Code:

OTL logfile created on: 05.05.2011 22:07:15 - Run 2
OTL by OldTimer - Version 3.2.22.3    Folder = c:\Users\babsi01\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 38,00% Memory free
4,00 Gb Paging File | 2,00 Gb Available in Paging File | 50,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 138,95 Gb Total Space | 71,51 Gb Free Space | 51,46% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 4,82 Gb Free Space | 48,23% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: BABSI01-PC | User Name: babsi01 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.05.05 21:58:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- c:\Users\babsi01\Downloads\OTL.exe
PRC - [2011.05.01 08:55:31 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.22 09:33:35 | 000,748,336 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2011.04.14 18:40:02 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2011.03.19 20:32:29 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.03.14 17:31:03 | 000,025,472 | ---- | M] (Uniblue Systems Limited) -- C:\Programme\Uniblue\RegistryBooster\rbmonitor.exe
PRC - [2011.01.05 12:31:32 | 000,988,216 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psia.exe
PRC - [2011.01.05 12:31:32 | 000,291,896 | ---- | M] (Secunia) -- C:\Programme\Secunia\PSI\psi_tray.exe
PRC - [2010.12.02 11:24:25 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.09.21 15:03:14 | 001,710,464 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2010.09.21 15:03:14 | 000,193,408 | ---- | M] (Microsoft Corp.) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2010.07.28 09:07:16 | 002,404,488 | ---- | M] (mobile concepts GmbH) -- C:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe
PRC - [2010.06.17 22:56:44 | 000,370,176 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe
PRC - [2010.04.29 00:28:18 | 003,727,411 | ---- | M] (FreeDownloadManager.ORG) -- C:\Programme\Free Download Manager\fdm.exe
PRC - [2010.04.10 08:45:46 | 000,979,344 | ---- | M] (The Eraser Project) -- C:\Programme\Eraser\Eraser.exe
PRC - [2010.04.05 14:50:00 | 000,494,920 | R--- | M] (WinZip Computing, S.L.) -- C:\Programme\WinZip\WZQKPICK.EXE
PRC - [2010.03.02 00:28:12 | 000,524,632 | ---- | M] (Lavasoft) -- C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2010.01.14 23:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009.07.18 05:12:12 | 000,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.03.20 08:36:58 | 000,210,216 | ---- | M] (Synaptics Incorporated) -- C:\Programme\Synaptics\SynTP\SynToshiba.exe
PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008.02.22 17:01:38 | 001,193,240 | ---- | M] (Dell Inc.) -- C:\Programme\Dell\QuickSet\quickset.exe
PRC - [2008.02.22 07:14:18 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AERTSrv.exe
PRC - [2007.06.21 16:12:03 | 000,054,576 | ---- | M] (AOL, LLC.) -- C:\Programme\AOL 9.0 VRa\shellmon.exe
PRC - [2007.05.24 10:15:27 | 000,039,472 | ---- | M] (AOL, LLC.) -- C:\Programme\AOL 9.0 VRa\waol.exe
PRC - [2007.04.02 14:33:32 | 000,063,120 | ---- | M] (AOL LLC) -- C:\Programme\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe
PRC - [2007.03.14 12:54:43 | 000,095,792 | ---- | M] (AOL LLC) -- c:\Programme\AOL\AOL Toolbar 4.0\AolTbServer.exe
PRC - [2006.10.23 14:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Programme\Common Files\aol\acs\AOLacsd.exe
PRC - [2006.09.26 02:52:48 | 000,050,736 | ---- | M] (America Online, Inc.) -- C:\Programme\Common Files\aol\1236284668\ee\aolsoftware.exe
PRC - [2005.08.12 23:27:00 | 001,126,400 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Sun\StarOffice 8\program\soffice.bin
PRC - [2005.08.12 23:26:58 | 000,991,232 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Sun\StarOffice 8\program\soffice.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.05.05 21:58:50 | 000,580,608 | ---- | M] (OldTimer Tools) -- c:\Users\babsi01\Downloads\OTL.exe
MOD - [2010.08.31 17:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] --  -- (PTK SharedAccess-FIGHTERS-297811811)
SRV - File not found [Auto | Stopped] --  -- (PTK Scanner-FIGHTERS-297811811)
SRV - File not found [Auto | Stopped] --  -- (PTK Live Update-FIGHTERS-297811811)
SRV - File not found [Auto | Stopped] --  -- (PTK License-FIGHTERS-297811811)
SRV - [2011.05.03 23:29:05 | 003,274,328 | ---- | M] () [Auto | Running] -- c:\Programme\Common Files\Akamai\netsession_win_3f211bc.dll -- (Akamai)
SRV - [2011.05.01 08:55:31 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.19 20:32:29 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.01.05 12:31:32 | 000,988,216 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2010.07.28 09:07:16 | 002,404,488 | ---- | M] (mobile concepts GmbH) [Auto | Running] -- C:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV - [2010.03.02 00:28:11 | 001,029,456 | ---- | M] (Lavasoft) [Auto | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.26 11:22:42 | 002,740,224 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\System32\PrivacyProvider.exe -- (PrivacyProvider)
SRV - [2009.08.24 13:36:45 | 000,377,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2009.08.07 12:44:18 | 000,045,816 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2008.02.22 07:14:18 | 000,077,824 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AERTSrv.exe -- (AERTFilters)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.10.23 14:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.03.19 20:32:29 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010.12.02 11:24:30 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.10.28 18:59:38 | 000,231,248 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\System32\drivers\truecrypt.sys -- (truecrypt)
DRV - [2010.09.01 10:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI)
DRV - [2010.06.23 10:21:32 | 000,259,176 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010.02.25 18:51:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2009.05.11 11:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.04.26 23:28:24 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009.02.13 13:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008.11.18 11:01:46 | 000,015,496 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\vffilter.sys -- (Vfscan)
DRV - [2008.10.09 16:42:42 | 000,017,408 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV - [2008.02.22 07:38:34 | 000,043,480 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2sd.sys -- (O2SDRDR)
DRV - [2008.02.22 07:38:28 | 000,048,472 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2008.01.21 04:23:25 | 000,251,904 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTBS23.SYS -- (VSTHWBS2)
DRV - [2008.01.21 04:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2007.09.26 09:12:00 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2006.11.30 00:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://partnerpage.google.com/smallbiz.dell.com/de_de?hl=de&client=dell-row&channel=de-smb&ibd=5080925
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.04.30 21:53:44 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.04.29 22:40:05 | 000,000,000 | ---D | M]
 
[2011.04.29 21:17:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\babsi01\AppData\Roaming\mozilla\Extensions
[2011.05.01 15:23:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\babsi01\AppData\Roaming\mozilla\Firefox\Profiles\i0lowoeb.default\extensions
[2011.04.30 22:07:40 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\babsi01\AppData\Roaming\mozilla\Firefox\Profiles\i0lowoeb.default\extensions\firefox@ghostery.com
[2011.04.30 22:14:51 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\babsi01\AppData\Roaming\mozilla\Firefox\Profiles\i0lowoeb.default\extensions\support@lastpass.com
[2011.04.29 21:33:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\babsi01\AppData\Roaming\mozilla\Firefox(74)\Profiles\5nbpunem.default\extensions
[2011.04.29 21:26:27 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\babsi01\AppData\Roaming\mozilla\Firefox(74)\Profiles\5nbpunem.default\extensions\firefox@ghostery.com
[2011.04.29 21:18:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.01.28 23:22:05 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}
[2011.01.22 05:56:36 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2011.04.22 11:37:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.01.23 13:14:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011.03.03 03:13:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.04.14 18:40:03 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll
[2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2010.03.19 10:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Programme\Mozilla Firefox\plugins\npmieze.dll
[1999.12.31 17:00:00 | 000,167,704 | ---- | M] (Tracker Software Products Ltd.) -- C:\Programme\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
[2010.01.01 10:00:00 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2009.12.18 00:06:35 | 000,002,204 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\babylon.xml
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml
[2010.01.01 10:00:00 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.03.01 20:32:34 | 000,000,143 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\foxsearch.src
[2010.01.01 10:00:00 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.01.01 10:00:00 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.01.01 10:00:00 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: ::1            localhost
O2 - BHO: (PDFXChange 4.0) - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Programme\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll (Tracker Softaware)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Programme\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll ()
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (PDFXChange 4.0) - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\Programme\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll (Tracker Softaware)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Ad-Watch] C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [Eraser] C:\Programme\Eraser\Eraser.exe (The Eraser Project)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\AOL 9.0 VRa\AOL.EXE (AOL, LLC.)
O4 - HKCU..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
O4 - HKCU..\Run: [RegistryBooster] C:\Program Files\Uniblue\RegistryBooster\launcher.exe (Uniblue Systems Limited)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O8 - Extra context menu item: &AOL Toolbar-Suche - c:\Programme\AOL\AOL Toolbar 4.0\resources\de-DE\local\search.html ()
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Programme\AOL\AOL Toolbar 4.0\aoltb.dll (AOL LLC)
O9 - Extra Button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Programme\WinHTTrack\WinHTTrackIEBar.dll ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\PrivacyProvider.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\PrivacyProvider.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\PrivacyProvider.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\PrivacyProvider.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\PrivacyProvider.dll ()
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range -  5)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Domains: secunia.com ([psi] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1DLL) -  File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbddll) -  File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3dll) -  File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\adialhkdll) -  File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehkdll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - igfxdev.dll (Intel Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.04.29 23:02:40 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2011.04.29 23:02:39 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2011.04.29 23:02:31 | 000,876,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll
[2011.04.28 01:01:29 | 000,000,000 | ---D | C] -- C:\Users\babsi01\AppData\Local\{B153B823-AF94-4B69-A951-D5814AE41C83}
[2011.04.27 18:49:48 | 000,000,000 | ---D | C] -- C:\Users\babsi01\AppData\Roaming\Webroot
[2011.04.27 18:49:48 | 000,000,000 | ---D | C] -- C:\Programme\Webroot
[2011.04.27 17:18:42 | 000,000,000 | ---D | C] -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\2011_03_01_12_16_37
[2011.04.26 23:20:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.04.25 22:12:40 | 000,000,000 | ---D | C] -- C:\Users\babsi01\AppData\Roaming\SUPERAntiSpyware.com
[2011.04.25 22:12:40 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.04.25 22:12:33 | 000,000,000 | ---D | C] -- C:\Programme\SUPERAntiSpyware
[2011.04.25 21:51:18 | 000,000,000 | ---D | C] -- C:\Programme\Everything(1)
[2011.04.25 10:29:14 | 000,000,000 | ---D | C] -- C:\Users\babsi01\AppData\Local\Sunbelt Software
[2011.04.25 10:28:40 | 000,000,000 | -H-D | C] -- C:\ProgramData\{AA5544E4-9BBC-419B-9204-40B5924D26AA}
[2011.04.22 11:37:00 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2011.04.22 11:37:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2011.04.22 11:37:00 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2011.04.22 11:32:05 | 000,000,000 | ---D | C] -- C:\Users\babsi01\Desktop\OpenOffice.org 3.3 (de) Installation Files
[2011.04.22 09:33:36 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.04.22 09:33:36 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.04.22 09:33:35 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.04.22 09:33:35 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.04.22 09:33:35 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.04.22 09:33:35 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.04.22 09:33:35 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.04.22 09:33:35 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.04.22 09:33:34 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.04.22 09:33:34 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.04.22 09:33:34 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.04.22 09:33:34 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.22 09:33:34 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.04.22 09:33:34 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.04.22 09:33:34 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.04.22 09:33:34 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.04.22 09:33:34 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.04.22 09:33:34 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.04.22 09:33:34 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.04.22 09:33:34 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.04.22 09:33:33 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.04.22 09:33:33 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.22 09:33:33 | 000,420,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.22 09:33:33 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.04.22 09:33:33 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.04.22 09:33:33 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.04.22 09:33:33 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.04.22 09:33:33 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.04.22 09:33:32 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.04.22 09:33:32 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.22 09:33:32 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.04.22 09:33:32 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.04.22 09:33:32 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011.04.22 09:33:32 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.22 09:33:32 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011.04.22 09:33:32 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.04.22 09:33:32 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.04.22 09:33:32 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.04.22 09:33:32 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.04.15 17:26:44 | 000,292,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2011.04.15 17:26:44 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2011.04.15 17:26:31 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42u.dll
[2011.04.15 17:26:30 | 001,136,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfc42.dll
[2011.04.15 17:26:23 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dnscacheugc.exe
[2011.04.15 17:26:22 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011.04.14 22:57:21 | 000,000,000 | ---D | C] -- C:\Users\babsi01\AppData\Local\{FD9A3E2E-A92B-4F9E-8EB7-4BA15539B424}
[2011.04.12 14:47:24 | 000,000,000 | ---D | C] -- C:\Users\babsi01\AppData\Local\Adobe
[2011.04.12 10:35:51 | 000,000,000 | ---D | C] -- C:\Users\babsi01\AppData\Roaming\Adobe
[2011.04.10 20:23:13 | 000,000,000 | ---D | C] -- C:\Users\babsi01\AppData\Local\{7AFCAD8A-535F-4183-B933-1F67D27904CA}
[2011.04.10 19:25:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2011.04.10 19:25:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
[2011.04.10 19:21:05 | 000,000,000 | ---D | C] -- C:\Programme\Uniblue
[2011.04.08 15:59:27 | 000,000,000 | ---D | C] -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\Hübner,Barbara-Typo3
[2011.04.06 17:31:38 | 000,000,000 | ---D | C] -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\Anschreiben
[2005.04.06 09:05:42 | 000,065,536 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\regsresde_DE.dll
[2005.04.06 09:05:42 | 000,049,152 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\persresde_DE.dll
[2005.04.06 09:05:42 | 000,049,152 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\eularesde_DE.dll
[2005.04.06 09:05:38 | 000,692,224 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\ImageReadyRes.dll
[2005.04.06 09:05:38 | 000,041,984 | ---- | C] (Adobe Systems, Incorporated) -- C:\Programme\Plugin.dll
[2005.04.06 09:04:50 | 000,287,232 | ---- | C] (Adobe Systems) -- C:\Programme\Adobelmsvc Installer.dll
[2005.04.06 05:31:44 | 020,919,070 | ---- | C] (Adobe Systems, Incorporated) -- C:\Programme\Photoshop.exe
[2005.04.06 04:50:34 | 002,142,208 | ---- | C] (Adobe Systems, Incorporated) -- C:\Programme\PSArt.dll
[2005.04.06 04:50:32 | 001,748,992 | ---- | C] (Adobe Systems, Incorporated) -- C:\Programme\PSViews.dll
[2005.04.06 04:46:14 | 001,397,984 | ---- | C] (Adobe Systems, Incorporated) -- C:\Programme\Tw10122.dat
[2005.04.06 04:38:30 | 019,980,288 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\ImageReady.exe
[2005.03.23 07:35:00 | 004,153,344 | ---- | C] (Adobe Systems, Incorporated) -- C:\Programme\VersionCue.dll
[2005.03.23 07:35:00 | 003,170,304 | ---- | C] (Adobe Systems, Incorporated) -- C:\Programme\VersionCueUI.dll
[2005.03.16 19:57:34 | 000,061,440 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\regsresen_US.dll
[2005.03.13 14:10:58 | 004,096,000 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\PDFL70.dll
[2005.03.13 13:01:44 | 001,805,824 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\AGM.dll
[2005.03.10 21:31:36 | 003,715,072 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\MPS.dll
[2005.03.09 05:32:48 | 000,151,552 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\AXE8SharedExpat.dll
[2005.03.09 05:32:48 | 000,151,552 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\AXE16SharedExpat.dll
[2005.03.09 05:17:28 | 000,475,136 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\AdobeXMP.dll
[2005.03.09 05:07:42 | 002,162,688 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\CoolType.dll
[2005.03.09 05:07:42 | 000,630,784 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\ACE.dll
[2005.03.09 05:07:42 | 000,266,240 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\ARE.dll
[2005.03.09 05:07:42 | 000,217,088 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\BIBUtils.dll
[2005.03.09 05:07:42 | 000,180,224 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\Bib.dll
[2005.03.03 16:39:24 | 000,425,984 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\AdobeUpdater.dll
[2005.02.17 12:28:10 | 000,663,552 | ---- | C] (Adobe Systems, Incorporated) -- C:\Programme\FileInfo.dll
[2005.02.15 03:03:42 | 000,561,152 | ---- | C] (Adobe system Incorporated) -- C:\Programme\JP2KLib.dll
[2005.02.10 14:36:14 | 000,143,360 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\epic_eula.dll
[2005.02.08 14:43:58 | 000,049,152 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\persresen_US.dll
[2005.02.08 14:43:58 | 000,045,056 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\eularesen_US.dll
[2005.02.07 09:45:06 | 000,005,632 | ---- | C] (IBM Corporation and others) -- C:\Programme\agldt28l.dll
[2005.01.19 15:31:00 | 000,155,648 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\epic_regs.dll
[2005.01.18 13:31:12 | 000,114,688 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\epic_pers.dll
[2005.01.12 15:23:20 | 000,180,224 | ---- | C] (Adobe Systems Incorporated) -- C:\Programme\pdfsettings.dll
[2004.08.24 16:55:48 | 000,126,976 | ---- | C] (Adobe Systems Inc.) -- C:\Programme\asneu.dll
[2004.06.22 13:57:52 | 000,589,824 | ---- | C] (IBM Corporation and others) -- C:\Programme\libagluc28.dll
[2003.05.08 19:34:06 | 000,499,712 | ---- | C] (Microsoft Corporation) -- C:\Programme\msvcp71.dll
[2003.05.08 19:32:52 | 000,348,160 | ---- | C] (Microsoft Corporation) -- C:\Programme\msvcr71.dll
[2000.08.29 01:19:16 | 000,401,462 | ---- | C] (Microsoft Corporation) -- C:\Programme\MSVCP60.DLL
[1999.12.03 07:01:32 | 000,022,800 | ---- | C] (Microsoft Corporation) -- C:\Programme\Shfolder.dll
[1999.02.02 01:00:00 | 000,266,293 | ---- | C] (Microsoft Corporation) -- C:\Programme\Msvcrt.dll
[1 C:\Users\babsi01\*.tmp files -> C:\Users\babsi01\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.05 21:55:56 | 000,011,498 | ---- | M] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\portugal fraunhofer.odt
[2011.05.05 21:32:04 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011.05.05 20:27:34 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.05 20:27:34 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.05 16:29:36 | 000,000,054 | ---- | M] () -- C:\Windows\System32\rp_stats.dat
[2011.05.05 16:29:36 | 000,000,039 | ---- | M] () -- C:\Windows\System32\rp_rules.dat
[2011.05.05 16:28:20 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011.05.05 16:28:16 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\RegistryBooster.job
[2011.05.05 16:27:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.05 00:36:48 | 000,007,165 | ---- | M] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\franuhofer übersetzung.odt
[2011.05.05 00:36:43 | 000,017,720 | ---- | M] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\fraunhpfer englisch übersetzungII.odt
[2011.05.01 21:44:14 | 000,182,143 | ---- | M] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\BWB__Mai_2011.pdf
[2011.05.01 19:33:27 | 000,001,973 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011.04.30 21:53:47 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011.04.30 09:59:16 | 000,006,397 | ---- | M] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\zahnschiene.odt
[2011.04.29 22:29:15 | 000,017,884 | ---- | M] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\Die Berührung_Aufgabe 4.odt
[2011.04.29 21:58:49 | 000,012,238 | ---- | M] () -- C:\Users\babsi01\AppData\Roaming\wklnhst.dat
[2011.04.27 17:18:42 | 002,711,980 | ---- | M] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\2011_03_01_12_16_37.zip
[2011.04.25 13:06:57 | 000,007,070 | ---- | M] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\aschenblüten VI- endversion.odt
[2011.04.25 13:06:10 | 000,007,070 | ---- | M] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\aschenblüten VI.odt
[2011.04.24 04:10:37 | 000,007,296 | ---- | M] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\aschenblüten.odt
[2011.04.22 16:18:31 | 000,012,998 | ---- | M] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\polnische patientenvereinigung.odt
[2011.04.22 09:33:43 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011.04.22 09:33:43 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011.04.22 09:33:36 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2011.04.22 09:33:36 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011.04.22 09:33:35 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011.04.22 09:33:35 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2011.04.22 09:33:35 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011.04.22 09:33:35 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2011.04.22 09:33:35 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2011.04.22 09:33:35 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2011.04.22 09:33:34 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2011.04.22 09:33:34 | 001,427,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011.04.22 09:33:34 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2011.04.22 09:33:34 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011.04.22 09:33:34 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2011.04.22 09:33:34 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011.04.22 09:33:34 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011.04.22 09:33:34 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2011.04.22 09:33:34 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011.04.22 09:33:34 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011.04.22 09:33:34 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011.04.22 09:33:34 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011.04.22 09:33:34 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011.04.22 09:33:33 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2011.04.22 09:33:33 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011.04.22 09:33:33 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\vbscript.dll
[2011.04.22 09:33:33 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2011.04.22 09:33:33 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2011.04.22 09:33:33 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011.04.22 09:33:33 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2011.04.22 09:33:33 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2011.04.22 09:33:32 | 001,797,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2011.04.22 09:33:32 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll
[2011.04.22 09:33:32 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2011.04.22 09:33:32 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2011.04.22 09:33:32 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2011.04.22 09:33:32 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011.04.22 09:33:32 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2011.04.22 09:33:32 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2011.04.22 09:33:32 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011.04.22 09:33:32 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2011.04.22 09:33:32 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011.04.22 08:25:47 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.04.21 08:48:16 | 001,142,177 | ---- | M] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\Presseinfo_ElHachmi_F11.pdf
[2011.04.20 14:42:47 | 000,018,466 | ---- | M] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\smart grid_I.odt
[2011.04.20 12:01:10 | 000,017,454 | ---- | M] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\smart grids2.odt
[2011.04.20 02:52:36 | 000,016,414 | ---- | M] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\smart grids.odt
[2011.04.16 15:32:43 | 003,692,264 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2011.04.16 15:06:29 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2011.04.16 15:06:29 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011.04.16 15:06:29 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2011.04.16 15:06:29 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011.04.15 19:20:55 | 000,006,137 | ---- | M] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\inferno 2017.odt
[2011.04.10 21:59:55 | 000,001,356 | ---- | M] () -- C:\Users\babsi01\AppData\Local\d3d9caps.dat
[2011.04.10 19:25:21 | 000,001,878 | ---- | M] () -- C:\Users\Public\Desktop\Uniblue RegistryBooster.lnk
[2011.04.08 15:59:26 | 000,055,985 | ---- | M] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\Hübner,Barbara-Typo3.zip
[2011.04.08 00:25:21 | 000,080,476 | ---- | M] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\Überweisungsbeleg.jpg
[2011.04.06 17:31:38 | 000,167,629 | ---- | M] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\Anschreiben.zip
[1 C:\Users\babsi01\*.tmp files -> C:\Users\babsi01\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.05.05 02:07:47 | 000,011,498 | ---- | C] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\portugal fraunhofer.odt
[2011.05.05 00:36:42 | 000,017,720 | ---- | C] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\fraunhpfer englisch übersetzungII.odt
[2011.05.05 00:35:44 | 000,007,165 | ---- | C] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\franuhofer übersetzung.odt
[2011.05.01 21:44:12 | 000,182,143 | ---- | C] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\BWB__Mai_2011.pdf
[2011.04.30 21:53:47 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011.04.30 09:59:14 | 000,006,397 | ---- | C] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\zahnschiene.odt
[2011.04.27 17:18:07 | 002,711,980 | ---- | C] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\2011_03_01_12_16_37.zip
[2011.04.27 14:43:24 | 000,000,054 | ---- | C] () -- C:\Windows\System32\rp_stats.dat
[2011.04.27 14:43:24 | 000,000,039 | ---- | C] () -- C:\Windows\System32\rp_rules.dat
[2011.04.25 13:06:57 | 000,007,070 | ---- | C] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\aschenblüten VI- endversion.odt
[2011.04.24 04:22:51 | 000,007,070 | ---- | C] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\aschenblüten VI.odt
[2011.04.24 04:10:35 | 000,007,296 | ---- | C] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\aschenblüten.odt
[2011.04.22 09:33:34 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011.04.21 08:48:03 | 001,142,177 | ---- | C] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\Presseinfo_ElHachmi_F11.pdf
[2011.04.20 10:18:41 | 000,018,466 | ---- | C] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\smart grid_I.odt
[2011.04.19 22:16:40 | 000,017,454 | ---- | C] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\smart grids2.odt
[2011.04.16 22:17:58 | 000,016,414 | ---- | C] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\smart grids.odt
[2011.04.15 19:20:41 | 000,006,137 | ---- | C] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\inferno 2017.odt
[2011.04.10 19:25:21 | 000,001,878 | ---- | C] () -- C:\Users\Public\Desktop\Uniblue RegistryBooster.lnk
[2011.04.10 19:21:23 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\RegistryBooster.job
[2011.04.08 15:59:25 | 000,055,985 | ---- | C] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\Hübner,Barbara-Typo3.zip
[2011.04.08 00:19:21 | 000,080,476 | ---- | C] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\Überweisungsbeleg.jpg
[2011.04.06 17:31:36 | 000,167,629 | ---- | C] () -- C:\Users\babsi01\Desktop\Eigene Dateien\Documents\Anschreiben.zip
[2011.02.14 02:08:11 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2011.02.02 02:40:00 | 000,116,224 | ---- | C] () -- C:\Windows\System32\redmonnt.dll
[2011.02.02 02:40:00 | 000,045,056 | ---- | C] () -- C:\Windows\System32\unredmon.exe
[2011.02.01 01:18:36 | 000,000,788 | ---- | C] () -- C:\Programme\install.adb
[2010.11.30 00:43:00 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.11.01 02:52:44 | 000,001,952 | ---- | C] () -- C:\Windows\System32\PrivacyProvider.ini
[2010.11.01 02:52:43 | 002,740,224 | ---- | C] () -- C:\Windows\System32\PrivacyProvider.exe
[2010.11.01 02:52:43 | 000,471,040 | ---- | C] () -- C:\Windows\System32\RegisterLSP.exe
[2010.11.01 02:52:43 | 000,258,048 | ---- | C] () -- C:\Windows\System32\PrivacyProvider.dll
[2010.11.01 02:21:24 | 000,000,016 | ---- | C] () -- C:\Windows\System32\PCProxyOff.ini
[2010.11.01 02:21:07 | 000,073,728 | ---- | C] () -- C:\Windows\System32\VistaInfo32.dll
[2010.07.01 04:10:31 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2010.03.09 01:18:41 | 000,000,021 | -H-- | C] () -- C:\ProgramData\.245548635012626446356421263181
[2010.02.28 04:30:59 | 000,327,168 | ---- | C] () -- C:\Windows\System32\cutil32.dll
[2010.01.24 16:24:00 | 000,000,023 | ---- | C] () -- C:\Windows\odbmai.ini
[2010.01.20 05:02:18 | 000,206,100 | ---- | C] () -- C:\Windows\hpwins14.dat
[2010.01.20 05:02:18 | 000,001,108 | ---- | C] () -- C:\Windows\hpwmdl14.dat
[2010.01.12 01:27:31 | 000,205,788 | ---- | C] () -- C:\Windows\hpwins14.dat.temp
[2009.12.03 10:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2009.08.31 00:18:23 | 000,441,801 | ---- | C] () -- C:\Users\babsi01\AppData\Local\hcvfsmo_nav.dat
[2009.08.31 00:17:51 | 000,003,268 | ---- | C] () -- C:\Users\babsi01\AppData\Local\hcvfsmo.dat
[2009.08.31 00:17:51 | 000,001,456 | ---- | C] () -- C:\Users\babsi01\AppData\Local\hcvfsmo_navps.dat
[2009.08.31 00:17:51 | 000,000,092 | ---- | C] () -- C:\Users\babsi01\AppData\Local\hcvfsmo.bat
[2009.08.30 19:10:54 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009.08.30 19:10:53 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.03.28 03:08:07 | 000,000,552 | ---- | C] () -- C:\Users\babsi01\AppData\Local\d3d8caps.dat
[2009.03.05 22:24:07 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
[2009.02.21 18:14:17 | 000,001,356 | ---- | C] () -- C:\Users\babsi01\AppData\Local\d3d9caps.dat
[2009.02.02 01:19:47 | 000,015,688 | ---- | C] () -- C:\Windows\System32\lsdelete.exe
[2009.02.02 00:00:45 | 000,000,023 | -HS- | C] () -- C:\Windows\System32\bfbfbfdc7_g.dll
[2009.01.04 23:46:23 | 000,001,108 | ---- | C] () -- C:\Windows\hpwmdl14.dat.temp
[2009.01.04 23:43:37 | 000,013,041 | R--- | C] () -- C:\Windows\hpwscr14.dat
[2008.12.12 02:08:41 | 000,024,206 | ---- | C] () -- C:\Users\babsi01\AppData\Roaming\UserTile.png
[2008.11.18 11:01:46 | 000,015,496 | ---- | C] () -- C:\Windows\System32\drivers\vffilter.sys
[2008.11.12 19:03:08 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2008.11.10 17:21:16 | 000,027,114 | ---- | C] () -- C:\Windows\maxlink.ini
[2008.11.04 00:27:55 | 000,000,145 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2008.11.04 00:27:55 | 000,000,023 | ---- | C] () -- C:\Windows\Brownie.ini
[2008.11.04 00:27:55 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2008.11.04 00:27:54 | 000,008,975 | ---- | C] () -- C:\Windows\HL-2030.INI
[2008.11.04 00:27:54 | 000,000,114 | ---- | C] () -- C:\Windows\System32\brlmw03a.ini
[2008.11.04 00:27:06 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2008.11.04 00:27:06 | 000,000,034 | ---- | C] () -- C:\Windows\System32\BD2030.DAT
[2008.10.12 21:15:21 | 000,092,240 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2008.10.12 21:15:21 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2008.10.12 21:15:21 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2008.10.12 21:15:21 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2008.10.12 21:15:21 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2008.10.12 21:15:21 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2008.10.12 21:15:21 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2008.10.12 21:15:21 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2008.10.12 21:15:21 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2008.10.12 21:15:21 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2008.10.12 21:15:21 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2008.10.12 21:15:21 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2008.10.12 21:15:21 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2008.10.12 21:15:21 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2008.10.12 21:15:21 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2008.10.12 21:15:21 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2008.10.12 21:15:21 | 000,000,099 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008.10.12 20:52:08 | 000,000,027 | ---- | C] () -- C:\Windows\CDE DX3800G.ini
[2008.10.05 20:52:37 | 000,012,238 | ---- | C] () -- C:\Users\babsi01\AppData\Roaming\wklnhst.dat
[2008.10.01 18:28:30 | 000,031,232 | ---- | C] () -- C:\Users\babsi01\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.10.01 18:11:31 | 008,501,280 | ---- | C] () -- C:\Windows\System32\drivers\fidbox(10).dat
[2008.10.01 18:11:31 | 008,135,712 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox(35).dat
[2008.10.01 18:11:31 | 001,056,800 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox2(11).dat
[2008.10.01 18:11:31 | 000,942,112 | -HS- | C] () -- C:\Windows\System32\drivers\fidbox2(37).dat
[2008.10.01 16:47:15 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008.09.25 02:25:29 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008.09.25 02:25:29 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008.09.25 02:25:29 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008.09.25 02:25:29 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008.02.11 20:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008.02.11 20:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
[2008.02.11 20:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
[2008.02.11 20:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
[2008.02.06 08:51:36 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2008.01.21 09:15:58 | 000,628,742 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2008.01.21 09:15:58 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2008.01.21 09:15:58 | 000,126,454 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2008.01.21 09:15:58 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2007.07.25 16:40:02 | 000,999,424 | ---- | C] () -- C:\Windows\System32\WLIHVUI.dll
[2006.11.02 14:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006.11.02 14:47:37 | 003,692,264 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 12:33:01 | 000,595,996 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006.11.02 12:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006.11.02 12:33:01 | 000,104,070 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006.11.02 12:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006.11.02 12:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006.11.02 12:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006.11.02 10:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006.11.02 10:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.11.02 09:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2005.04.06 09:05:50 | 001,327,104 | ---- | C] () -- C:\Programme\Photoshop.dll
[2005.04.06 09:05:06 | 000,025,421 | ---- | C] () -- C:\Programme\Photoshop Bitte lesen.wri
[2005.04.06 04:50:36 | 000,150,644 | ---- | C] () -- C:\Programme\TypeLibrary.tlb
[2005.03.22 19:21:20 | 022,926,806 | ---- | C] () -- C:\Programme\Photoshop_9.0_de-de.zip
[2005.02.25 14:50:00 | 000,157,035 | ---- | C] () -- C:\Programme\RechtlicheHinweise.pdf
[2005.02.25 06:15:00 | 000,159,744 | ---- | C] () -- C:\Windows\System32\EPSPTDV.DLL
[2004.11.11 12:40:48 | 000,000,812 | ---- | C] () -- C:\Programme\trial_config.xml
[2002.03.04 11:16:34 | 000,110,592 | R--- | C] () -- C:\Windows\System32\Jpeg32.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

--- --- ---

cosinus 06.05.2011 09:44

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1DLL) -  File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbddll) -  File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3dll) -  File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\adialhkdll) -  File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehkdll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
[2011.04.28 01:01:29 | 000,000,000 | ---D | C] -- C:\Users\babsi01\AppData\Local\{B153B823-AF94-4B69-A951-D5814AE41C83}
[2011.04.25 10:28:40 | 000,000,000 | -H-D | C] -- C:\ProgramData\{AA5544E4-9BBC-419B-9204-40B5924D26AA}
[2011.04.14 22:57:21 | 000,000,000 | ---D | C] -- C:\Users\babsi01\AppData\Local\{FD9A3E2E-A92B-4F9E-8EB7-4BA15539B424}
[2011.04.10 20:23:13 | 000,000,000 | ---D | C] -- C:\Users\babsi01\AppData\Local\{7AFCAD8A-535F-4183-B933-1F67D27904CA}
[2011.04.10 19:25:16 | 000,000,000 | -H-D | C] -- C:\ProgramData\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A}
@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:D1B5B4F1
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2
:Commands
[purity]
[resethosts]
[emptytemp]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

babrina 13.05.2011 21:49

wäre es möglich, dass du das der reihe nach erklärst? wenn ich otl öffne und auf fix klicke, meldet er, dass keine fixe vorgesehen sind. auch diesen custom/ scan/ fix box finde ich nicht. danke im voraus! grüße, babrina

cosinus 13.05.2011 21:54

Wenn du OTL startest hast du unten eine Textbox. Da musst du meinen Text aus der Codebox komplett reinkopieren.

babrina 14.05.2011 19:37

ich habe die sachen eben erst mit otl gefixt. mein rechner spinnt nur noch. heute vormittag fehlten emails von einem monat in meinem postfach, porgramme wie otl waren veschwunden. was kann das sein? offensichtlich habe ich irgendwelche ungebetene gäste auf dem rechner. wie werde ich die nur wieder los?
----------------------



All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AdobeBridge deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1DLL deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbddll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3dll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\KASPER~1\KASPER~1\adialhkdll deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\KASPER~1\KASPER~1\kloehkdll C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
C:\Users\babsi01\AppData\Local\{B153B823-AF94-4B69-A951-D5814AE41C83} folder moved successfully.
C:\ProgramData\{AA5544E4-9BBC-419B-9204-40B5924D26AA} folder moved successfully.
C:\Users\babsi01\AppData\Local\{FD9A3E2E-A92B-4F9E-8EB7-4BA15539B424} folder moved successfully.
C:\Users\babsi01\AppData\Local\{7AFCAD8A-535F-4183-B933-1F67D27904CA} folder moved successfully.
C:\ProgramData\{AB2D8F2E-F7AD-4446-A11A-50D846B2CF2A} folder moved successfully.
ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: babsi01
->Temp folder emptied: 237120998 bytes
->Temporary Internet Files folder emptied: 8268127 bytes
->Java cache emptied: 20656386 bytes
->FireFox cache emptied: 22557793 bytes
->Google Chrome cache emptied: 138222261 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 61427 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 187970 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 407,00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05142011_202407

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

cosinus 14.05.2011 19:45

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - also beide Haken setzen, auf Start scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

http://www.trojaner-board.de/attachm...rnen-start.png


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Vista und 7 User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

babrina 14.05.2011 23:17

schwierig...offensichtlich findet der keine infektion...? als ich das unhide ausgeführt habe, erhielt ich die nachricht, dass das skriptmodul "vb script" für skript "c:\users\babsi01\AppData\local\Temp\info.rss" nicht gefunden wurde. kann man denn gelöschte e- mails wieder herstellen? offensichtlich war jemand in meinem account hat die gelöscht, sie sind nach wie vor verschwunden. ich habe vorsichtshalber die passwörter geändert.
in den ereignis- protokollen von windows hatte ich heute sehr viele warnungen. ich kann das aber nicht analysieren.



2011/05/15 00:04:39.0148 5844 TDSS rootkit removing tool 2.5.1.0 May 13 2011 13:20:29
2011/05/15 00:04:39.0367 5844 ================================================================================
2011/05/15 00:04:39.0367 5844 SystemInfo:
2011/05/15 00:04:39.0367 5844
2011/05/15 00:04:39.0367 5844 OS Version: 6.0.6002 ServicePack: 2.0
2011/05/15 00:04:39.0367 5844 Product type: Workstation
2011/05/15 00:04:39.0367 5844 ComputerName: BABSI01-PC
2011/05/15 00:04:39.0367 5844 UserName: babsi01
2011/05/15 00:04:39.0367 5844 Windows directory: C:\Windows
2011/05/15 00:04:39.0367 5844 System windows directory: C:\Windows
2011/05/15 00:04:39.0367 5844 Processor architecture: Intel x86
2011/05/15 00:04:39.0367 5844 Number of processors: 2
2011/05/15 00:04:39.0367 5844 Page size: 0x1000
2011/05/15 00:04:39.0367 5844 Boot type: Normal boot
2011/05/15 00:04:39.0367 5844 ================================================================================
2011/05/15 00:04:39.0710 5844 Initialize success
2011/05/15 00:04:41.0348 5900 ================================================================================
2011/05/15 00:04:41.0348 5900 Scan started
2011/05/15 00:04:41.0348 5900 Mode: Manual;
2011/05/15 00:04:41.0348 5900 ================================================================================
2011/05/15 00:04:42.0705 5900 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/05/15 00:04:43.0298 5900 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
2011/05/15 00:04:43.0563 5900 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
2011/05/15 00:04:43.0672 5900 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
2011/05/15 00:04:43.0750 5900 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
2011/05/15 00:04:44.0031 5900 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/05/15 00:04:44.0265 5900 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
2011/05/15 00:04:44.0327 5900 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/15 00:04:44.0546 5900 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
2011/05/15 00:04:44.0593 5900 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
2011/05/15 00:04:44.0702 5900 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
2011/05/15 00:04:44.0873 5900 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
2011/05/15 00:04:44.0920 5900 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
2011/05/15 00:04:45.0232 5900 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
2011/05/15 00:04:45.0310 5900 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
2011/05/15 00:04:45.0373 5900 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/15 00:04:45.0451 5900 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/05/15 00:04:45.0575 5900 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/05/15 00:04:45.0731 5900 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
2011/05/15 00:04:45.0809 5900 avipbb (5fedef54757b34fb611b9ec8fb399364) C:\Windows\system32\DRIVERS\avipbb.sys
2011/05/15 00:04:45.0997 5900 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/15 00:04:46.0043 5900 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
2011/05/15 00:04:46.0231 5900 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/15 00:04:46.0293 5900 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/15 00:04:46.0387 5900 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/15 00:04:46.0433 5900 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/15 00:04:46.0496 5900 BrSerIf (56f59a4011f503149ae4de826982ca4f) C:\Windows\system32\Drivers\BrSerIf.sys
2011/05/15 00:04:46.0636 5900 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/15 00:04:46.0683 5900 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/15 00:04:46.0730 5900 BrUsbSer (a24c7b39602218f8dbdb2b6704325fc7) C:\Windows\system32\Drivers\BrUsbSer.sys
2011/05/15 00:04:46.0948 5900 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/15 00:04:47.0213 5900 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/15 00:04:47.0463 5900 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/15 00:04:47.0557 5900 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
2011/05/15 00:04:47.0681 5900 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/05/15 00:04:47.0947 5900 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/15 00:04:48.0025 5900 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
2011/05/15 00:04:48.0149 5900 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/15 00:04:48.0196 5900 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
2011/05/15 00:04:48.0274 5900 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
2011/05/15 00:04:48.0415 5900 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/05/15 00:04:48.0617 5900 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/05/15 00:04:48.0711 5900 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/05/15 00:04:48.0820 5900 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/05/15 00:04:48.0867 5900 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/05/15 00:04:49.0070 5900 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/15 00:04:49.0148 5900 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/15 00:04:49.0288 5900 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/05/15 00:04:49.0351 5900 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/15 00:04:49.0507 5900 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/05/15 00:04:49.0663 5900 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
2011/05/15 00:04:49.0725 5900 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
2011/05/15 00:04:49.0959 5900 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/05/15 00:04:50.0037 5900 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/05/15 00:04:50.0458 5900 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/15 00:04:50.0692 5900 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/15 00:04:50.0739 5900 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/15 00:04:50.0942 5900 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/15 00:04:51.0020 5900 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/05/15 00:04:51.0269 5900 fssfltr (d909075fa72c090f27aa926c32cb4612) C:\Windows\system32\DRIVERS\fssfltr.sys
2011/05/15 00:04:51.0332 5900 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/15 00:04:51.0347 5900 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/15 00:04:51.0535 5900 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/05/15 00:04:51.0597 5900 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/15 00:04:51.0737 5900 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/15 00:04:51.0753 5900 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/15 00:04:51.0831 5900 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/15 00:04:51.0956 5900 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
2011/05/15 00:04:52.0174 5900 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/05/15 00:04:52.0221 5900 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
2011/05/15 00:04:52.0377 5900 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/15 00:04:52.0439 5900 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\drivers\iastor.sys
2011/05/15 00:04:52.0549 5900 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
2011/05/15 00:04:52.0673 5900 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/05/15 00:04:52.0798 5900 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/15 00:04:52.0907 5900 IntcAzAudAddService (f8f53c5449f15b23d4c61d51d2701da8) C:\Windows\system32\drivers\RTKVHDA.sys
2011/05/15 00:04:53.0095 5900 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
2011/05/15 00:04:53.0126 5900 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/15 00:04:53.0173 5900 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/15 00:04:53.0329 5900 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/15 00:04:53.0360 5900 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/15 00:04:53.0407 5900 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/15 00:04:53.0500 5900 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
2011/05/15 00:04:53.0563 5900 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/15 00:04:53.0625 5900 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/15 00:04:53.0687 5900 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/15 00:04:53.0734 5900 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/15 00:04:53.0797 5900 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/15 00:04:53.0937 5900 KMWDFILTER (566c5fd480fdbce3ba5cf9fbcffaea9a) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
2011/05/15 00:04:53.0999 5900 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/15 00:04:54.0218 5900 Lbd (419590ebe7855215bb157ea0cf0d0531) C:\Windows\system32\DRIVERS\Lbd.sys
2011/05/15 00:04:54.0265 5900 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/15 00:04:54.0374 5900 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/15 00:04:54.0421 5900 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/15 00:04:54.0545 5900 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/15 00:04:54.0577 5900 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/15 00:04:54.0701 5900 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
2011/05/15 00:04:54.0733 5900 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
2011/05/15 00:04:54.0873 5900 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/15 00:04:54.0889 5900 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/15 00:04:54.0967 5900 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/15 00:04:55.0060 5900 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/15 00:04:55.0076 5900 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/15 00:04:55.0123 5900 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
2011/05/15 00:04:55.0232 5900 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/15 00:04:55.0279 5900 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/15 00:04:55.0357 5900 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/15 00:04:55.0481 5900 mrxsmb (5fe5cf325f5b02ebc60832d3440cb414) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/15 00:04:55.0575 5900 mrxsmb10 (30b9c769446af379a2afb72b0392604d) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/15 00:04:55.0606 5900 mrxsmb20 (fea239b3ec4877e2b7e23204af589ddf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/15 00:04:55.0731 5900 msahci (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
2011/05/15 00:04:55.0793 5900 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
2011/05/15 00:04:55.0856 5900 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/15 00:04:55.0918 5900 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/15 00:04:55.0996 5900 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/15 00:04:56.0059 5900 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/15 00:04:56.0121 5900 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/15 00:04:56.0183 5900 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/05/15 00:04:56.0246 5900 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/15 00:04:56.0308 5900 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/15 00:04:56.0371 5900 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/05/15 00:04:56.0480 5900 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/15 00:04:56.0605 5900 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/05/15 00:04:56.0683 5900 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/15 00:04:56.0745 5900 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/15 00:04:56.0823 5900 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/15 00:04:56.0854 5900 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/15 00:04:56.0995 5900 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/15 00:04:57.0073 5900 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/15 00:04:57.0291 5900 NETw4v32 (6522dd40a5f67ced020bd81b856613fb) C:\Windows\system32\DRIVERS\NETw4v32.sys
2011/05/15 00:04:57.0447 5900 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/15 00:04:57.0525 5900 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/05/15 00:04:57.0556 5900 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/15 00:04:57.0697 5900 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/05/15 00:04:57.0790 5900 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/15 00:04:57.0884 5900 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/15 00:04:57.0946 5900 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
2011/05/15 00:04:58.0009 5900 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
2011/05/15 00:04:58.0149 5900 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
2011/05/15 00:04:58.0258 5900 O2MDRDR (d51942f12090fc947ca8aa01736dade2) C:\Windows\system32\DRIVERS\o2media.sys
2011/05/15 00:04:58.0321 5900 O2SDRDR (97e494165ce16ea3762114ba64faf332) C:\Windows\system32\DRIVERS\o2sd.sys
2011/05/15 00:04:58.0430 5900 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/05/15 00:04:58.0508 5900 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/05/15 00:04:58.0570 5900 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/05/15 00:04:58.0617 5900 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/05/15 00:04:58.0695 5900 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/05/15 00:04:58.0757 5900 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/05/15 00:04:58.0820 5900 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/05/15 00:04:58.0898 5900 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/15 00:04:59.0069 5900 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/15 00:04:59.0132 5900 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
2011/05/15 00:04:59.0241 5900 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/15 00:04:59.0288 5900 PSI (d24dfd16a1e2a76034df5aa18125c35d) C:\Windows\system32\DRIVERS\psi_mf.sys
2011/05/15 00:04:59.0428 5900 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
2011/05/15 00:04:59.0553 5900 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
2011/05/15 00:04:59.0584 5900 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/15 00:04:59.0662 5900 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/15 00:04:59.0771 5900 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/15 00:04:59.0881 5900 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/15 00:04:59.0927 5900 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/15 00:04:59.0990 5900 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/15 00:05:00.0021 5900 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/15 00:05:00.0161 5900 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/15 00:05:00.0208 5900 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/15 00:05:00.0317 5900 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
2011/05/15 00:05:00.0380 5900 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/15 00:05:00.0473 5900 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/05/15 00:05:00.0614 5900 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/15 00:05:00.0879 5900 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/05/15 00:05:00.0957 5900 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/15 00:05:01.0082 5900 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/15 00:05:01.0175 5900 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/05/15 00:05:01.0207 5900 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/05/15 00:05:01.0285 5900 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/15 00:05:01.0363 5900 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
2011/05/15 00:05:01.0394 5900 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/15 00:05:01.0425 5900 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/15 00:05:01.0503 5900 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/05/15 00:05:01.0581 5900 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
2011/05/15 00:05:01.0612 5900 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
2011/05/15 00:05:01.0643 5900 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
2011/05/15 00:05:01.0768 5900 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/05/15 00:05:01.0846 5900 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/15 00:05:01.0924 5900 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/05/15 00:05:02.0002 5900 srv2 (a5940ca32ed206f90be9fabdf6e92de4) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/15 00:05:02.0096 5900 srvnet (37aa1d560d5fa486c4b11c2f276ada61) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/15 00:05:02.0158 5900 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
2011/05/15 00:05:02.0299 5900 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/15 00:05:02.0361 5900 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/15 00:05:02.0392 5900 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/15 00:05:02.0486 5900 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/15 00:05:02.0564 5900 SynTP (5efcedcf3daf5c8d9e8b77a34a4eec99) C:\Windows\system32\DRIVERS\SynTP.sys
2011/05/15 00:05:02.0704 5900 tap0901 (1e89de7a4fb7a854ebb241d0aa8996dd) C:\Windows\system32\DRIVERS\tap0901.sys
2011/05/15 00:05:02.0813 5900 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/05/15 00:05:02.0923 5900 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/15 00:05:03.0001 5900 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/15 00:05:03.0047 5900 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/15 00:05:03.0125 5900 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/15 00:05:03.0203 5900 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/15 00:05:03.0281 5900 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/15 00:05:03.0437 5900 truecrypt (be45dad1c73a3216edc8c485916f6594) C:\Windows\system32\drivers\truecrypt.sys
2011/05/15 00:05:03.0515 5900 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/15 00:05:03.0593 5900 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/15 00:05:03.0656 5900 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/15 00:05:03.0718 5900 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
2011/05/15 00:05:03.0859 5900 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/15 00:05:03.0921 5900 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/15 00:05:03.0999 5900 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
2011/05/15 00:05:04.0077 5900 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/15 00:05:04.0124 5900 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/15 00:05:04.0186 5900 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/15 00:05:04.0327 5900 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
2011/05/15 00:05:04.0373 5900 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/15 00:05:04.0451 5900 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/15 00:05:04.0561 5900 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/15 00:05:04.0654 5900 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/15 00:05:04.0748 5900 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/05/15 00:05:04.0810 5900 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/15 00:05:04.0951 5900 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/15 00:05:05.0044 5900 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/15 00:05:05.0122 5900 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/15 00:05:05.0185 5900 Vfscan (e35589090ddcb0a0d30067c9a97575b4) C:\Windows\system32\DRIVERS\vffilter.sys
2011/05/15 00:05:05.0325 5900 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/15 00:05:05.0387 5900 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/15 00:05:05.0419 5900 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
2011/05/15 00:05:05.0450 5900 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
2011/05/15 00:05:05.0528 5900 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
2011/05/15 00:05:05.0606 5900 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/15 00:05:05.0668 5900 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/05/15 00:05:05.0762 5900 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/05/15 00:05:05.0887 5900 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
2011/05/15 00:05:05.0965 5900 VSTHWBS2 (c466021d31ff6c0a6069d12299d80c0b) C:\Windows\system32\DRIVERS\VSTBS23.SYS
2011/05/15 00:05:06.0058 5900 VST_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
2011/05/15 00:05:06.0214 5900 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/15 00:05:06.0339 5900 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/15 00:05:06.0370 5900 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/15 00:05:06.0479 5900 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys
2011/05/15 00:05:06.0557 5900 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
2011/05/15 00:05:06.0604 5900 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/15 00:05:06.0729 5900 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
2011/05/15 00:05:06.0854 5900 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/15 00:05:06.0963 5900 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/15 00:05:07.0057 5900 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/15 00:05:07.0150 5900 ================================================================================
2011/05/15 00:05:07.0150 5900 Scan finished
2011/05/15 00:05:07.0150 5900 ================================================================================

cosinus 15.05.2011 11:35

Zitat:

kann man denn gelöschte e- mails wieder herstellen? offensichtlich war jemand in meinem account hat die gelöscht, sie sind nach wie vor verschwunden.
Da fehlen Infos, sonst kann man keine (pauschale) Aussage geben. Wer war wie genau in deinem (welchen?) Account? Über Windows in deinem Benutzerprofil und hat Mails aus dem Mailprogramm gelöscht oder hat sich jmd. über den Browser in dein Konto eingeloggt?


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:24 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132